November 20, 2023 at 01:32PM
OpenAI and Microsoft have introduced no-code tools for creating custom GPT models. These models can act on behalf of users and integrate with various enterprise systems. Microsoft’s Copilot Studio, in particular, allows user impersonation, making it difficult to block AI-generated operations. Low-code/no-code platforms have simplified app development, and organizations need to include citizen development in their application security programs to manage security risks.
Key takeaways from the meeting notes are as follows:
1. OpenAI has announced custom GPTs, a no-code tool that allows users to create their own GPT models based on their data and plugins.
2. The integration between OpenAI and Zapier enables the AI to query CRM, update ERP, and monitor servers.
3. Microsoft has announced Copilot Studio, its own no-code GPT creator, with similar features to OpenAI’s tool.
4. Copilots from Microsoft can integrate with Microsoft 365, Azure SaaS, and other enterprise systems using user impersonation.
5. User impersonation bots created by Copilot cannot be blocked as they appear identical to user-triggered operations in logs.
6. Major vendors like Salesforce, UiPath, and ServiceNow have been building low-code/no-code platforms for years, enabling the easy creation of enterprise applications.
7. Chatbots are the prominent use case for low-code/no-code platforms.
8. Building no-code apps has become easier, leading to a large number of business users creating bots.
9. The security risks associated with low-code/no-code apps should not be overlooked, and standards for categorization, explanation, and remediation have emerged.
10. Security leaders should either bring these new developers under the security umbrella or risk facing vulnerabilities and lack of control.
These takeaways highlight the emergence of no-code tools for creating AI models and the importance of addressing security concerns related to these tools in enterprise environments.