Artificial intelligence accelerates the development, testing, and operation of digital products. At the same time, the Cyber Resilience Act and relevant standards are increasing the requirements for governance, security, and verification. This article classifies AI capabilities, key risks, and a practical approach for product teams. For years, OWASP has been helping companies position themselves resiliently against cyberattacks through articles, risk rankings, and other guidance materials. They list specific vulnerabilities for LLM applications and low-code platforms. Security requirements must already be embedded in architectures, development, and operation.
AI systems process text inputs and generate outputs in various media. Agents can generate code, call functions, and control systems. This turns information systems into executive components. The attack surface increases, and authorization and logging become more important.
Automation links services in workflows and creates API networks. Retrieval Augmented Generation connects models and workflows to data sources and document repositories. Systems read and write data and can perform creative tasks independently thanks to the connection of an LLM. JSON and code specifications serve as the exchange format between components and LLMs. These connections increase both benefits and risks.
Multiple AI systems can be combined using protocols such as Model Context Protocol. Interfaces can be controlled with prompts. This speeds up integrations and requires clear governance for permissions, secrets, and logging. This means that business processes can be automated even without training an LLM yourself.
The Cyber Resilience Act defines horizontal security requirements for products with digital elements. Manufacturers must address risks, demonstrate secure development, establish vulnerability management, and provide updates.
For healthcare software and health IT, IEC 81001-5-1 describes security activities throughout the entire product lifecycle. These include threat modeling, secure coding, software bill of materials (SBOM), static and dynamic analyses, penetration testing, and maintenance. Security by design is declared the standard.
The OWASP Top 10 for LLM applications include prompt injection, disclosure of sensitive information, supply chain risks, data and model poisoning, excessive nesting of agents, leakage of system prompts, and weaknesses in vector storage. Input and output validation, minimal privileges, containment, monitoring, and cost control are required.
For low-code and no-code platforms, OWASP cites account and connector authorization, misconfigurations, poor privilege management, weaknesses in handling secrets, and incomplete logging as key weaknesses. Misconfigurations are common causes of incidents.
Capture process context and architecture. Model components, data flows, connectors, agents, and rights. Document RAG paths and automation chains.
Extend threat modeling to AI scenarios. Consider prompt injection, data leakage via tools and connectors, agent errors, and supply chain issues.
Embed security by design. Establish secure coding guidelines, SBOM, secret management, audit logs, and regulated updates.
Define test strategy. Static and dynamic analyses, penetration tests, abuse case tests for LLM attacks, and red teaming for agents and workflows.
Secure operations. Monitoring of agent actions, rate and cost controls, vulnerability management, and clear shutdown paths.
Expand governance and training. Roles and responsibilities, approval processes for new connectors, and training on OWASP risks.
AI increases speed and scope in product development. With CRA-compliant security, OWASP-supported risk analysis, and activities in accordance with IEC 81001-5-1, risks can be managed and approval and operation accelerated.
Scope & Gap Analysis: Identify product list "digital elements" (SBOM); compare actual processes vs. CRA obligations (risk management, vulnerability handling, updates, technical documentation, CE).
Determine conformity route: self-assessment vs. third-party involvement (depending on criticality/risk class). Plan schedule backwards to December 11, 2027.
IEC 81001-5-1: Core standard for secure software development in healthcare. → Covers threat modeling, secure coding, testing, and post-market.
Supplementary: IEC 62304, ISO 14971, IEC 62443-4-1.
The secure handling of authentication data and API keys is a key challenge that is addressed by many of the top 10 low-code risks.
Regulation EU 2024 2847 Cyber Resilience Act. Official Journal of the European Unionhttps://eur-lex.europa.eu/eli/reg/2024/2847/oj/eng
BSI information page on the Cyber Resilience ActGermanhttps://www.bsi.bund.de/DE/ Topics/Companies and Organizations/Information and Recommendations/Cyber Resilience Act/cyber_resilience_act_node.htmlEnglishhttps://www.bsi.bund. en/Themes/Businesses-and-organizations/Information-and-recommendations/Cyber_Resilience_Act/cyber_resilience_act_node.html
IEC 81001 5 1 2021 Security activities in the product life cycleISO Cataloghttps://www.iso.org/standard/76097.htmlVDE Verlaghttps://www.vde-verlag.de/iec-normen/250590/iec-81001-5-1-2021.html
OWASP Top 10 for LLM Applicationshttps://owasp.org/www-project-top-10-for-large-language-model-applications/
OWASP Top 10 Low Code No Code Security RisksProjektseitehttps://owasp.org/www-project-top-10-low-code-no-code-security-risks/ Repositoryhttps://github.com/OWASP/www-project-top-10-low-code-no-code-security-risks
Schmidt J, Schutte NM, van Kessel R. Mapping the regulatory landscape for artificial intelligence in health within the European Union. npj Digital Medicine 2024Naturehttps://www.nature.com/articles/ s41746-024-01221-6PubMedhttps://pubmed.ncbi.nlm.nih.gov/39191937/
Menzies J et al. Artificial intelligence for international business. Thunderbird International Business Review 2024https://onlinelibrary.wiley.com/doi/abs/10.1002/tie.22370
Bimantara Putra R. Artificial Intelligence in Business. ISCEBE 2024https://conference.ut.ac.id/index.php/proceeding_iscebe/article/view/4232
Gupta S. The Effects of AI on Companies. IJFMR 2025PDFhttps://www.ijfmr.com/papers/2025/3/48442. pdfproduct pagehttps://www.ijfmr.com/research-paper.php?id=48442
Kubiczek J, Roszko Wójtowicz E, Koczy J, Waszkiewicz I, Woś K. Harnessing AI for business transformation. Statistics in Transition new series 2025Journal pagehttps://sit.stat.gov.pl/ Article/1008Full edition PDFhttps://sit.stat.gov.pl/SiT/2025/2/gus_sit_2025_02.pdf
Petryshyn N, Novytska S. The key issues of implementing artificial intelligence tools in business operations when entering foreign markets. Economics Finance and Law 2025Artikelseitehttps://efp.in.ua/ en/journal-article/1659Archiv PDFhttps://journals.indexcopernicus.com/api/file/viewByFileId/2449771
Model Context ProtocolOfficial websitehttps://modelcontextprotocol.io/Introductionhttps://www.anthropic.com/news/ model-context-protocolDescope Overviewhttps://www.descope.com/learn/post/mcpDocumentationhttps://docs.descope.com/mcp
n8n Workflows Security und AuditsWebSecScanhttps://n8n.io/workflows/ 3314-websecscan-ai-powered-website-security-auditor/OTX und OpenAI Web Security Checkhttps://n8n.io/workflows/5175 -otx-and-openai-web-security-check/SecOps Kategoriehttps://n8n.io/workflows/categories/secops/
Lovable Vibe Coding CoverageBusiness Insider Gründerszenehttps://www.businessinsider.de/gruenderszene/technologie/8-monate-nach-launch-ki-startup-lovable-erreicht-unicorn-status/ Business Insiderhttps://www.businessinsider.com/accel-to-lead-funding-round-for-lovable-2025-6
Firstname:
Lastname:
E-Mail Address:
Phone:
Subject:
Your message:
Yes, I consent to my personal data being collected and stored electronically. My data will only be used for the purpose of responding to my inquiry. I have taken note of the privacy policy.
You are currently viewing a placeholder content from OpenStreetMap. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You need to load content from hCaptcha to submit the form. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Google Maps. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.