Low-code/no-code platforms and AI-assisted tooling have lowered the barrier of entry to solution development for a significant number of people. While this represents a major leap forward in enabling business to create their own tooling and enhance productivity, unchecked "vibe development" also causes significant security and compliance risks, as well as new governance challenges.

In this session, we highlight key risks such as authentication failures and authorization misuse, sensitive data leakage and use of vulnerable components, among others. We suggest effective mitigations and remedies for each risk from the Power Platform admin toolkit, showing how to use the latest Microsoft features and capabilities to implement guardrails against the hazards of AI-boosted development.

Topics such as MCP server controls, Agent to Agent guardrails and the latest security and governance features for Copilot Studio agentic scenarios will be discussed.

If you're a technical specialist, platform responsible or decision maker wondering how to grapple with the temptations and dangers of vibe dev, this session is an excellent fit for you. You will leave with clear action points to explore and implement to help manage relevant risks.

The content is informed by the speakers' field experience and the freshly released OWASP Top 10 risks for Citizen Development.

The speakers are part of the review team for the latest OWASP Top 10 risks for citizen dev paper and as such, are looking to share the most important findings in session form, turned to practical Power Platform demos and guidance.