What is the impact level of this intelligence?

This intelligence is assessed as having Important impact on enterprise technology decisions.

Trend Micro 2025-09-08

Threat Escalation Impact: Important Strength: High Conf: 90%

Trend Micro Highlights Power Automate as an Enterprise Automation Security Blind Spot

Summary

Trend Micro's research report reveals that the complexity of low-code automation tools like Microsoft Power Automate is being exploited by cybercriminals to evade detection and exfiltrate data. The study highlights critical security risks from visibility gaps within automation platforms and warns of growing demand for such attack capabilities in the cybercriminal underground.

Key Takeaways

Trend Micro's research finds that Microsoft Power Automate creates significant security visibility gaps within enterprises due to its complex connectors, AI integration, and cross-platform automation capabilities. Attackers can use compromised accounts to create persistent malicious flows for data exfiltration, communication monitoring, or as covert channels, while existing management tools (e.g., Power Platform admin center) lack granular monitoring of automation actions.

The study notes that tools and services in the cybercriminal underground already specialize in filtering compromised enterprise accounts with Power Automate capabilities, and ransomware groups are discussing its use for SaaS attacks. This indicates attackers are weaponizing enterprise automation workflows as a new form of 'Living-off-the-Land' attack vector.

Why It Matters

This signals an expansion of the enterprise security perimeter from traditional application layers to low-code/no-code automation platforms. As AI-driven automation proliferates, the attack surface has extended into the core of internal business processes, forcing security architectures to incorporate the full lifecycle of automated workflows into monitoring and governance.

PRO Decision

Threat Escalation Type
Vendors: Security vendors must develop specialized tools for low-code automation platforms (e.g., Power Platform, ServiceNow, SAP Build) offering workflow behavior analysis, anomaly detection, and permission governance, or risk their traditional security solutions being bypassed.
Enterprises: Security teams must immediately incorporate low-code/no-code automation platforms into attack surface management, audit existing Power Automate workflows for permissions and behavior, and deploy logging and monitoring for automated processes to counter new internal threats.
Investors: Monitor security budget shifts towards cloud-native application security, identity and access management, and security solutions for SaaS/automation platforms. Returns on traditional endpoint and network security investments may face dilution risks.

Source: Trend Micro Newsroom

View Original →

Get 3-5 key AI infrastructure signals weekly →

Summary

Key Takeaways

Why It Matters

PRO Decision

💬 Comments (0)