Generative AI is increasingly becoming an integral part of enterprise operations. This technology is helping business users address their needs by intuitively building applications and automations without waiting for IT. However, with the increasing adoption of generative AI comes concerns about security risks.
Business professionals have been using generative AI tools such as ChatGPT to write pitches for marketing directors, prospecting emails for sales reps, and other use cases. Despite data governance and legal issues that have emerged as inhibitors for official enterprise adoption, business users are integrating it into their daily operations without necessarily waiting for approval.
Meanwhile, developers are using generative AI to write and improve code, improving their productivity and efficiency with tools like GitHub Copilot. Developers specify a software component in natural language, and the AI generates working code that fits within the developer’s context. The limiting factor for business professionals to generate their applications is their ability to reason about the software produced by the AI without having the technical expertise of a developer.
Low-code/no-code is, more than anything, an intuitive language that allows anyone to reason about software without having a technical background. This makes it the perfect candidate to act as a translator between generative AI and business users. Instead of generating software code that requires technical expertise, generative AI generates low-code/no-code applications and automations that business users can easily evaluate and adjust. Low-code/no-code and AI are the perfect match to empower business professionals.
Major low-code/no-code vendors have already announced AI copilots that generate applications based on text inputs. Analysts are forecasting a 5-10 times growth in low-code/no-code application development following the introduction of AI-assisted development. Low-code/no-code platforms also allow the AI to easily integrate across the enterprise, gaining access to enterprise data and operations. We are getting closer to a reality where every conversation with the AI can leave behind an application.
However, with the increasing adoption of generative AI and low-code/no-code, comes a security risk. Security teams have traditionally focused on the applications that their development organization creates. We still often fall prey to thinking about business platforms as ready-made solutions, when in reality they have become application development platforms that power many of our business-critical applications.
With the introduction of generative AI, even more business users are going to create even more applications. Business users are already making decisions about where data is stored, how it is processed by their applications, and who gains access to it. If we leave these choices up to them without any guidance or automated guardrails, mistakes are bound to happen.
Some organizations may try to ban citizen development or ask for business users to get approval for any application or data access. While that is a reasonable reaction, it may not be practical in the face of the massive productivity payoffs for the business. A better approach would be to provide a safe way for business users to leverage generative AI with low-code/no-code, installing automated guardrails that silently handle security issues and leave business users to do what they do best – push the business forward.
In conclusion, generative AI is bringing rapid advancements and timely solutions to enterprise operations. It is a technology that empowers business users to create solutions independently without necessarily waiting for IT. However, the increasing adoption of generative AI tools and low-code/no-code platforms requires a focus on security risks, especially as business users make decisions regarding data storage, processing, and access. Automated guardrails and better guidance for business users are needed to ensure the safety of their applications without hindering the productivity payoff of the technology.