The average large enterprise is found to have nearly 80,000 apps built across copilots and low-code platforms
Zenity, the leader for securing enterprise copilots and Low-Code development, today announced the release of its report, The State of Enterprise Copilots and Low-Code Development in 2024. The report’s data, surveyed and gathered from many of the world’s largest organizations across technology, healthcare, manufacturing, energy, and financial services, found that enterprise copilots and low-code development is evolving at a pace never seen before, and that correspondingly they are exposed to a high number of vulnerabilities.
Across Microsoft Copilot, Power Platform, Salesforce, ServiceNow, Zapier, OpenAI, and more, anyone can now build or leverage enterprise copilots and business apps. Through drag and drop interfaces and natural language text prompts, internal or external users can create or manipulate apps that are built to access, transfer and store sensitive data and contribute to critical business operations. However, there is a lack of security guardrails and threat detection mechanisms in the development lifecycle within copilots and low-code platforms that could result in critical risks and malicious activities.
The problem is beyond control with the velocity and magnitude of this new world of business-led development and creates a new and vast attack surface that enterprises need to be aware of.
Among the report’s key findings:
- As adoption and growth kicked into hyperdrive, so did risk – The average large enterprise is approaching 80,000 apps and copilots that have been developed outside of the traditional software development lifecycle (SDLC). Among these 80,000 apps and copilots are roughly 50,000 vulnerabilities.
- AI adoption (and risk) is significant – The average large organization has developed 2,600+ of their own active copilots using low-code platforms; however, 63% of them were overshared to members of both the enterprise and the public creating risks for prompt injection and data leakage.
- Guest access provides unmonitored access to internal resources – Armed with a single guest account and a trial license to a low-code platform, all an attacker needs to do is log in to the enterprise copilot or low-code platform, switch to the target directory, and can essentially possess domain admin-level privileges on the platform. The average enterprise has upwards of 6,200 guests that have privileged access to copilots and low-code apps.
- Supply chain risks run rampant in low-code – The average enterprise has nearly 2,000 applications that contain open-source components drawn in from decentralized libraries, which could be laced with malware that steals passwords and other sensitive data. These present opportunities for attackers to easily inject open-source components with risky and dangerous software that create a ripple effect across different enterprises.
Ben Kliger, co-founder and CEO, Zenity, said: “While enterprise copilot and low-code development platforms bring innovation and productivity, they also introduce new significant risks. If you’re a large enterprise, you have a lot of copilots, apps, automations and reports that are being built outside of your knowledge by business users in your LoBs. We are proud to support our customers to responsibly adopt these powerful business enablement tools and contribute this research back to the community to help raise awareness of the unique risks for today’s enterprises.”
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!