Complexity of chatbots presents challenges for IT pros

“Please take me with you,” was one of the Chatty Cathy doll’s phrases. For IT pros, chatbots are coming along whether they like it or not.

When companies and consumers interact with AI, it’s most often with a digital assistant. Chatbots have become an integral part of IT pro workflows, from the help desk to building software.

But with that ubiquity comes danger. Chatbots present an expansion of the threat surface, one that Dane Sherrets, HackerOne staff innovation architect, told IT Brew is exacerbated by executive interest in the technology.

“Over the last few years, there’s been a, ‘I have a hammer, so everything needs to look like a nail’ problem,” Sherrets said. “And not only does everything look like a nail—boards, investors, and company’s leadership are saying, ‘Hey, you better use that hammer in the form of AI.’”

Put in practice. For IT pros looking to implement chatbots both internally and externally, AI complexity challenges are worth examining, Adam Marrè, CISO at security provider Arctic Wolf, told IT Brew. Understanding how these tools work is essential; equally important is knowing what your organization needs from them.

“All those questions matter, depending on which version of chatbot we’re talking about—like where it is in your business, how it’s being used, the controls are going to be different—just like with any application, whether it’s public facing or internal,” Marrè said.

Danger is my middle name. Problems arise when making decisions on whether or how to implement the technology moves faster than it should.

“That is one of the biggest mistakes organizations make, they rush into rolling out a chatbot or using a chatbot without thinking through the business process that it’s going to help and doing testing,” Marrè said.

One of the dangers is the potential for prompt injection attacks. Basic security hygiene is important—IT pros need to ensure their bases are covered.

“Mitigation is making sure you take a very defense in-depth approach,” Sherrets said. “There should always be a human in the loop; there should always be multiple levels of guardrails.”

One-two-three. When management asks IT pros to implement chatbot changes, said Johnny Halife, CTO at IT services company Southworks, they need to balance a number of concerns. First, ensure the AI can only access the databases it absolutely needs. Second, chatbots should be treated like third-party vendors to limit their risk. Third, it’s important to install security solutions well in advance of any issue.

Follow this “holy trinity” of steps, Halife said, and you’ll find the investment in chatbot technology pays off. Knowing how to deploy it appropriately is the key.

“The upside is there, and the ROI is completely there, but it’s always about starting small, understanding the boundaries, and asking yourself the question, ‘Is this the best way to solve this problem?’” Halife told IT Brew, adding, like Sherrets, that “otherwise, we will be falling into, ‘When you have a hammer every problem is a nail.’”