Deceptive Misuse of Low-Code Platforms: Visualizing the Performance of Disruptive Cyber Effects from Human and LLM Agent Attackers

Authors

  • Tim Pappa Independent researcher
  • Teja Sane Independent researcher

DOI:

https://doi.org/10.1609/aaaiss.v9i1.42943

Abstract

This position paper visualizes how human and Large Language Model (LLM) Agent attackers could manipulate low-code platforms to perform disruptive cyber effects to dazzle and misdirect the attention of human defenders. There are a growing number of public examples of unknown attackers who gain unauthorized but limited access to a network with minimal credentials and then cause disruption. One of the goals of this disruption or even performance of disruption appears to be to confuse or misdirect human defenders and cause reputational harm for the victim organization. A recent example could include the Sha1-Hulud worm attacks. We look at Power Apps or Power Automation, a low-code platform that is so common that most organizations do not consider this platform to be a vulnerability. In our experience as cyber deception and detection engineering practitioners, and in discussions with information security practitioners, we find that most larger organizations do not closely monitor the sometimes thousands of Power Apps templates available to any user, with a range of access controls and broad permissions. We argue in this paper that that this low-code platform could be exploited by human and LLM Agent attackers with minimal effort, starting with basic user credentials. We suggest that an LLM Agent attacker could exploit this platform more instrumentally than a human attacker, but both attackers could use deception techniques such as dazzling to gather enough information to engineer a highly disruptive cyber effect. We will discuss the Bell-Whaley deception framework to explain how simulation and dissimulation could be applied in this scenario. We will visualize a human or LLM Agent attacker who gains unauthorized access to a network with basic credentials to then use Power Apps to automate hundreds of emails throughout an organization with what appears to be explicit content. We will share some of our observations from a think-aloud exercise with a mixed sample of information security practitioners where we introduced this same scenario, finding that network defenders may be demonstrating some bias in their real and imagined impressions of prototypical attackers using low-code platforms like Power Apps.
2026 AAAI Summer Symposium Proceedings Cover

Downloads

Published

2026-06-23

How to Cite

Pappa, T., & Sane, T. (2026). Deceptive Misuse of Low-Code Platforms: Visualizing the Performance of Disruptive Cyber Effects from Human and LLM Agent Attackers. Proceedings of the AAAI Symposium Series, 9(1), 288–294. https://doi.org/10.1609/aaaiss.v9i1.42943

Issue

Vol. 9 No. 1: Proceedings of the 2026 AAAI Summer Symposium Series

Section

Human-Aware AI Agents for the Cyber Battlefield: From Human Models to Autonomous Defense (Full Papers)