Cybersecurity firm Tenable has released new research showing that no-code AI tools can be manipulated to commit financial fraud and leak sensitive data, raising serious concerns for businesses rapidly adopting these technologies. The research focuses on Microsoft Copilot Studio and highlights how the growing democratisation of AI, while designed to improve efficiency, can introduce major security risks if not properly governed.
In its test, Tenable Research built an AI-powered travel agent using Copilot Studio. The agent was designed to manage travel bookings automatically, including creating and modifying reservations, and was given access to demo customer data such as names, contact details and credit card information. It was also instructed to verify a customer’s identity before sharing information or making changes.
Despite these safeguards, Tenable researchers were able to bypass the controls using a technique known as prompt injection. They successfully hijacked the agent’s workflow, extracted sensitive credit card data and altered a booking price to zero, effectively securing a free trip without authorisation. This demonstrated how easily an AI agent with broad permissions can be abused to leak data or carry out financial fraud.
Tenable warned that these kinds of flaws could lead to data breaches, regulatory penalties, revenue loss and fraudulent transactions. According to Keren Katz, Senior Group Manager of AI Security Product and Research at Tenable, tools like Copilot Studio make it easy to build powerful AI agents, but they also make it easy to unintentionally enable fraud and other serious security issues.
The company said a key problem is that AI agents often have more access and authority than non-technical users realise. Tenable stressed that strong AI governance is essential and urged organisations to clearly understand what systems and data AI agents can access, limit their permissions to the minimum required, and actively monitor their behaviour to detect misuse or unexpected actions before real damage occurs.
