The Automation Nobody Reviewed: How AI-Built Workflows Are Quietly Leaking Enterprise Data
A developer asked an AI to speed up a document approval process. It worked perfectly — and exposed sensitive HR files to hundreds of colleagues. This is happening across businesses right now.

Key points
- A security analyst at a large company discovered sensitive HR documents copied into a Microsoft Teams channel visible to hundreds of employees — caused not by a hacker, but by an AI-generated workflow.
- Microsoft 365 tools such as Power Automate — software that automatically moves files and data between apps — are increasingly being built using AI assistants that produce code nobody fully reviews.
- AI-generated automation frequently requests far broader access to company systems than the task actually requires, creating hidden pathways criminals could exploit if an account is later stolen.
- Unlike a traditional software project, these automated workflows bypass normal code review, meaning security teams often do not know they exist.
A developer at a large company wanted to speed up paperwork. So they asked an AI assistant to write an automated workflow — a set of instructions that moves files between apps without anyone pressing a button — inside Microsoft Power Automate, a popular tool that connects Microsoft 365 apps like Teams, SharePoint, and Outlook.
The workflow ran perfectly. Documents moved. Notifications fired. Approvals got faster.
It also silently copied sensitive HR files into a Teams channel that hundreds of employees could read. First reported by Dark Reading, the incident had no outside hacker involved, no stolen password. Just code that worked as written, and nobody had checked what it could actually see.
This is the problem.
How did the automation cause a data leak?
AI coding assistants — tools that write software from plain-English instructions — lower the barrier for anyone to build powerful automation in minutes. That sounds useful. The trouble is that the code they produce is optimised to complete the task, not to limit what data it can touch.
When an AI writes a script that pulls files from SharePoint (Microsoft's file-storage system) and posts them to Teams, it tends to request broad access to the whole company's file storage rather than narrow access to one folder. The task gets done. Security inherits a wide-open door.
If that automation's account is later stolen — through phishing, where criminals send fake emails to trick staff into handing over passwords — an attacker could walk straight into far more data than the original workflow ever needed.
Data exposure does not always look dramatic. A Power Automate flow distributing monthly reports could quietly forward payroll records or legal documents to the wrong channel for weeks before anyone notices, because it looks exactly like normal business activity.
Compliance teams face the same trap. An AI-written search query used to gather documents for a legal case — a process called eDiscovery — can accidentally collect privileged communications or miss critical files, creating legal liability on top of the technical problem.
The speed is the real shift. Building this kind of automation once required specialist knowledge and took days. AI compresses that to minutes. Security teams reviewing automation are nowhere near keeping pace with the rate at which employees are creating it.
Banning AI assistants is not a realistic answer. But treating AI-generated code as finished, approved code is equally wrong. It is a draft. It needs human eyes before it runs on production systems.
Practical steps are straightforward: companies should inventory every automated workflow running across their Microsoft 365 environment, enforce least-privilege access — meaning each workflow gets permission to touch only exactly what it needs, nothing more — and monitor for unusual file movement or new external-sharing activity.
If you work somewhere that uses Microsoft 365, you do not need to do anything immediately. But if you receive unexpected files or notifications through Teams or Outlook that seem out of place, flag them to your IT team. Silent automation can expose your data without anyone intending it.



