Power Platform - Build Power Pages sites faster with AI coding tools

🚨 The Signal: AI coding tools for Power Pages will generate sites, including security configurations. This shifts the responsibility for secure code generation to AI, potentially introducing new risks if not properly governed.

The Impact

Developers using Power Pages AI tools are affected, with a risk of misconfigured security settings if AI outputs are not rigorously validated.

• Developers: Risk of over-reliance on AI for security, leading to overlooked vulnerabilities.
• Security Teams: New requirement to validate AI-generated security configurations for Power Pages.
• Compliance Teams: Need to update secure development policies to include AI-generated code review.
• Organisations: Potential for increased attack surface if AI-generated security is not properly audited.

The Action

1. Establish a policy for mandatory security review of all AI-generated Power Pages code and configurations.
2. Implement automated scanning tools to identify misconfigurations or vulnerabilities in AI-generated Power Pages security settings.
3. Provide training to developers on validating AI-generated security configurations, focusing on web roles and table permissions.
4. Review and update existing secure development lifecycle (SDLC) processes to incorporate AI-assisted development and validation steps.
5. Monitor Microsoft Purview audit logs for changes to Power Pages security configurations, especially those made by AI-assisted tools.

Domain: Agentic-AI · Impact: high · Workload: Other