“Balancing the Benefits and Risks: Exploring the Impact of Generative AI on User Empowerment and Security”

In recent years, low-code/no-code development has seen business users being empowered to build their own applications and automations without waiting for IT personnel. Generative AI builds on this by increasing its power and diminishing the barrier to entry for practically zero. With generative AI plugged into low-code/no-code development environments, everyone becomes a developer.

Unsurprisingly, business users started using generative AI tools in an enterprise setting to get their job done faster and more efficiently. Generative AI writes PR pitches for marketing directors, prospecting emails for sales reps, and has more use cases. Business users have already integrated this technology into their daily operations, notwithstanding legal issues and data governance that have emerged as inhibitors to official enterprise adoption.

On the other hand, developers utilized generative AI tools to write and enhance code. A developer specifies which software component is required in natural language. The AI generates working code that is context-related and fits within the developer’s context. Developers play a crucial role in this workflow, as they must ask the right technical questions, analyze the generated software, and integrate it with the rest of the code.

The focus of this article is the risks posed to internet security by Generative AI. There is a clear distinction between the developer and business professional use cases, which means the business professional generates software that answers only a specific question or need, while the developer produces software that can be shared or reused and can act on behalf of users.

The primary limiting factor for business professionals in generating their application is their inability to evaluate AI-produced software, which necessitates technical expertise. However, AI-assisted development is a solution to this problem. It enables AI to generate low-code/no-code applications and automations that business users can assess and modify easily. Major low-code/no-code vendors have already introduced AI copilots that generate software based on text input, with analysts forecasting a growth in low-code/no-code application development.

Low-code/no-code platforms also facilitate the incorporation of AI, providing it with access to enterprise data and operations, resulting in almost every conversation with AI leaving behind an application. That application would link into business data, be shared among other business users, and integrated into business workflows.

Security teams have traditionally focused on applications created by their development organizations. Business platforms have become application development platforms that power many of our business-critical applications. Bringing citizen developers under the security umbrella is a challenge that we’ve only just started to address. Generative AI will enable even more business users to develop more applications. Business users determine where data is stored, how it is processed by their applications, and who is granted access to it.

Mistakes are almost inevitable if we leave these decisions up to business users without any direction. Some organizations may attempt to restrict citizen development or require business users to get approval for any application or data access. While this is a reasonable reaction, it is unlikely to succeed in the face of massive productivity payoffs for the business.

A better approach would be to provide a safe way for business users to leverage generative AI with low-code/no-code development by using automated guardrails that handle security issues silently, allowing business users to push the business forward. The benefits of generative AI and low-code/no-code are undoubtedly significant, but we must embrace the risks and create an environment conducive to security.