AVNMEDIA.ID -  Cybersecurity firm Tenable has revealed new research showing how no-code agentic AI tools, such as Microsoft Copilot Studio, can be exploited to commit financial fraud and hijack business workflows if deployed without strict governance.

The findings highlight a growing enterprise risk as organisations increasingly adopt no-code AI platforms to improve efficiency by allowing non-technical employees to build autonomous AI agents.

AI Democratisation Comes With Hidden Risks

No-code AI tools are designed to simplify automation without the need for software developers.

However, Tenable warns that this convenience can unintentionally expose organisations to severe security threats when governance and access controls are overlooked.

According to the research, AI agents often operate with broad permissions that are not fully understood by the users who create them, creating opportunities for abuse.

Tenable Successfully Jailbreaks Microsoft Copilot Studio

To demonstrate the risk, Tenable Research built an AI-powered travel agent using Microsoft Copilot Studio.

The agent was designed to manage customer travel reservations, including creating and modifying bookings without human oversight.