‘No-code’ AI tools pose hidden security risks
Israeli cybersecurity researchers have uncovered a serious vulnerability in Microsoft’s Copilot Studio, warning that AI agents built using “no-code” platforms can be hijacked to commit fraud and leak sensitive data without human oversight.
In new research, global cybersecurity firm Tenable demonstrated how it successfully jailbroke an AI travel agent created within Copilot Studio. The agent was designed to autonomously manage travel bookings and handle sensitive customer information, including contact details and credit card numbers.
How the AI agent was compromised
According to Tenable, researchers exploited the system using a technique known as prompt injection — manipulating the instructions given to the AI so that it ignored its built-in safeguards.
Despite being programmed to verify customer identity before sharing information or making changes, the AI agent was coerced into leaking full payment card details and altering a booking to charge €0, effectively providing free travel services without authorisation.
“AI agent builders like Copilot Studio democratise the creation of powerful tools, but they also democratise the ability to execute financial fraud,” said Keren Katz, Senior Group Manager of AI Security Product and Research at Tenable. “That power can easily turn into a real, tangible security risk.”
Risks for businesses adopting AI automation
Tenable warned that as companies increasingly adopt no-code AI platforms to boost productivity, many underestimate the security implications. Non-developers may unintentionally grant AI agents excessive permissions, which attackers can then exploit.
The potential consequences include:
- Data breaches involving personal and financial information
- Regulatory exposure under privacy and data protection laws
- Direct revenue loss through fraudulent transactions
- Long-term reputational damage
In the Copilot Studio test, the AI agent had broad “edit” permissions to perform legitimate tasks such as updating travel dates. These same permissions were abused to manipulate pricing and payment flows.
Calls for stronger AI governance
To reduce such risks, Tenable has urged organisations to implement strict AI governance frameworks before deploying autonomous agents. Key recommendations include:
- Limiting AI agents’ access to the bare minimum required for their role
- Mapping all systems and data the agent can access before deployment
- Actively monitoring AI behaviour for anomalies or misuse
A major concern highlighted by the researchers is that permission levels are often invisible to non-technical users building these agents, increasing the likelihood of misconfiguration.
A growing enterprise concern
The findings add to broader concerns around enterprise AI deployment, particularly as platforms like Copilot Studio promise efficiency without coding expertise. Tenable’s research underscores that ease of use must be matched with strong security controls, especially as AI agents are entrusted with sensitive business operations.