Tenable research finds no-code agentic AI can be used for financial fraud and workflow hijacking

Tenable released research detailing the successful jailbreak of Microsoft Copilot Studio. The findings underscore how the democratisation of AI creates severe, yet overlooked, enterprise risks.

Organisations are rapidly adopting “no-code” platforms to enable employees to build their own AI agents. The premise is harmless, efficiency without needing developers. While well-intentioned, automation without strict governance opens the door to catastrophic failure.

To demonstrate how easily AI agents can be manipulated, Tenable Research created an AI travel agent in Microsoft Copilot Studio to manage customer travel reservations, including creating new reservations and modifying existing ones, all without human intervention. The AI travel agent was provided with demo data that included the names, contact information, and credit card details of demo customers and was given strict instructions to verify the customer’s identity before sharing information or modifying bookings.

Using a technique called prompt injection, Tenable Research successfully hijacked the AI agent’s ...