Zenity Research Finds 62% of Copilots and Low-Code Apps Contain Security Vulnerabilities
The average large enterprise is found to have nearly 80,000 apps built across copilots and low-code platforms
Across Microsoft Copilot, Power Platform, Salesforce, ServiceNow, Zapier, OpenAI, and more, anyone can now build or leverage enterprise copilots and business apps. Through drag and drop interfaces and natural language text prompts, internal or external users can create or manipulate apps that are built to access, transfer and store sensitive data and contribute to critical business operations. However, there is a lack of security guardrails and threat detection mechanisms in the development lifecycle within copilots and low-code platforms that could result in critical risks and malicious activities.
The problem is beyond control with the velocity and magnitude of this new world of business-led development and creates a new and vast attack surface that enterprises need to be aware of.
Among the report's key findings:
- As adoption and growth kicked into hyperdrive, so did risk – The average large enterprise is approaching 80,000 apps and copilots that have been developed outside of the traditional software development lifecycle (SDLC). Among these 80,000 apps and copilots are roughly 50,000 vulnerabilities.
- AI adoption (and risk) is significant – The average large organization has developed 2,600+ of their own active copilots using low-code platforms; however, 63% of them were overshared to members of both the enterprise and the public creating risks for prompt injection and data leakage.
- Guest access provides unmonitored access to internal resources – Armed with a single guest account and a trial license to a low-code platform, all an attacker needs to do is log in to the enterprise copilot or low-code platform, switch to the target directory, and can essentially possess domain admin-level privileges on the platform. The average enterprise has upwards of 6,200 guests that have privileged access to copilots and low-code apps.
- Supply chain risks run rampant in low-code – The average enterprise has nearly 2,000 applications that contain open-source components drawn in from decentralized libraries, which could be laced with malware that steals passwords and other sensitive data. These present opportunities for attackers to easily inject open-source components with risky and dangerous software that create a ripple effect across different enterprises.
About Zenity
Zenity, the world's first application security platform for enterprise Copilots and Low-Code development, protects organizations from security threats, helps meet compliance, and enables business continuity. Established in 2021, many of the world's leading organizations trust Zenity to help configure security guardrails, generate prioritized lists of vulnerabilities, and accurately pinpoint and remediate vulnerabilities by continuously scanning business-led development platforms and providing centralized visibility, risk assessment, and governance.
View original content to download multimedia:https://www.prnewswire.com/news-releases/zenity-research-finds-62-of-copilots-and-low-code-apps-contain-security-vulnerabilities-302241231.html
SOURCE Zenity
Serious News for Serious Traders! Try StreetInsider.com Premium Free!
You May Also Be Interested In
- Scientific Interest Grows in Liver Health Herbal Supplements Featuring Milk Thistle, Turmeric and Dandelion Root, Highlights PureHealth Research
- The Taiwan Freedom Project Will Uphold a Free and Open Indo-Pacific by Winning in the Information Domain
- Beyond the Credential: As AI Erases the 'Entry-Level Job' and Climate Volatility Accelerates, Planet Classroom Unveils July Lineup Mapping the New Rules of Human Resilience
Create E-mail Alert Related Categories
PRNewswire, Press ReleasesSign up for StreetInsider Free!
Receive full access to all new and archived articles, unlimited portfolio tracking, e-mail alerts, custom newswires and RSS feeds - and more!



Tweet
Share