Title: Generative AI security: How to keep your chatbot healthy and your platform protected

URL: https://www.infobip.com/blog/generative-ai-security

Everyone is talking about AI. From ChatGPT to countless other generative AI tools popping up daily, it feels like we're constantly told that seizing AI is the key to staying ahead. But amidst the excitement, it's crucial not to overlook the potential security risks.

We're integrating AI into our browsers, emails, and even file systems, entrusting it with sensitive personal and business data. This convenience comes with a price – an increased risk of cyberattacks and data breaches.

In this blog, we'll look into the impact of generative AI on data security and practical strategies for mitigating potential risks.

## Generative AI security trends and statistics&nbsp;

Let’s look at the stats first.

McKinsey reports that one-third of organizations already use GenAI tools in at least one business function, and the market is expected to grow exponentially between 2023 and 2030. At the end of 2023, it stood at just under $45 billion, nearly double the size of 2022. This growth of almost $20 billion annually is expected to continue until the end of the decade.

However, this widespread use of GenAI is accompanied by a growing awareness of its security implications. A Menlo Security Report reveals that over half (55%) of generative AI inputs contained sensitive, personally identifiable information. This highlights the potential for data breaches and privacy violations if adequate security measures aren't in place.

Immuta’s findings further underscore the disconnect between AI adoption and security preparedness. While 88% of data professionals say that their employees are using AI, 50% admit that their organization’s data security strategy fails to keep up with its rapid evolution. The fear of sensitive data exposure through AI prompts is noticeable, with 56% of respondents citing it as their top AI concern.

Looking ahead, Gartner predicts that by 2027, 17% of total cyberattacks will involve Generative AI. At the same time, through 2025, GenAI will trigger a spike in the cybersecurity resources required to secure it, leading to a 15% increase in security software spending.

These stats highlight the need for proactive security measures to protect sensitive data and mitigate the risks associated with AI adoption.

## Security concerns in the age of generative AI with examples

The OWASP Top 10 list highlights the most critical security risks associated with large language models (LLMs).

Here are some of the key concerns with illustrative examples:

### Prompt injection attacks

By carefully crafting prompts, attackers can manipulate generative AI models to reveal confidential information, perform unintended actions, or even generate malicious code.

<accordion>
<accordion-item title="The $1 Chevy Tahoe">
A Chevrolet dealership's AI chatbot, powered by ChatGPT, was tricked into offering a 2024 Chevy Tahoe for just $1. This humorous incident happened when a user cleverly crafted a prompt that exploited the chatbot's programming to agree with any statement. The chatbot's response, "That's a deal, and that's a legally binding offer – no takesies backsies," shows how easily AI technologies can be manipulated.
</accordion-item>
</accordion>

<accordion>
<accordion-item title="The ChatGPT data leak">
Similarly, a new prompt injection attack targeting ChatGPT’s web version users has been uncovered. This attack injects malicious commands into the ChatGPT chat, subtly altering the chatbot's responses. It does this by adding an invisible, single-pixel markdown image to the chatbot's answer. This image acts as a “channel,” secretly transmitting the user's sensitive chat data to a malicious third party.
</accordion-item>
</accordion>

### Training data poisoning

Malicious actors can inject biased or misleading data into training sets to manipulate the model's behavior, potentially causing it to generate inaccurate or harmful outputs.

<accordion>
<accordion-item title="The Microsoft’s chatbot incident">
One of the most known examples of an adversarial attack was Tay, Microsoft’s chatbot, released in 2016. It was intended for Tay to be a friendly bot with whom Twitter users could interact. However, it was quickly shut down after users exploited its learning capabilities to make it post offensive and racist tweets.
</accordion-item>
</accordion>

### Supply chain vulnerabilities

The complexity of GenAI systems often involves integrating third-party components or relying on external data sources, which creates potential supply chain vulnerabilities. If any of these components or sources are compromised, the entire GenAI system can be exposed to risks.

For instance, a vulnerability in a third-party library used by your chatbot could allow attackers to gain unauthorized access or inject malicious code.

<accordion>
<accordion-item title="spaCy library breach">
In 2022, the spaCy library was compromised. The attacker accessed a developer account and injected malicious code that could steal sensitive data from users' machines.
</accordion-item>
</accordion>

### Sensitive information disclosure

Employees might inadvertently expose sensitive information while interacting with GenAI tools. For instance, pasting confidential client data into a chatbot prompt could lead to unauthorized access or disclosure.

Similar risks apply to other generative AI applications, like those that help you write code, can be a risk. If developers accidentally include confidential code snippets or proprietary algorithms in their requests to the AI, this sensitive information could end up being learned by the AI and later exposed to others, or even worse, to hackers.

<accordion>
<accordion-item title="The Samsung incident">
Samsung learned this lesson the hard way. One of their employees accidentally uploaded sensitive source code to OpenAI’s platform. Because they are concerned that data entered into platforms like ChatGPT cannot be retrieved or deleted, they have decided to ban their employees from using generative AI tools.
</accordion-item>
</accordion>

### Hallucinations and off-topic

GenAI models can sometimes "hallucinate" or generate completely fabricated or unrelated responses to the given prompt. If relied upon for critical decision-making, this can lead to misinformation, confusion, and even harmful consequences.

<accordion>
<accordion-item title="Google Bard’s error">
Google's Bard AI, now Gemini, made a glaring error during its first public demonstration. It claimed that the James Webb Space Telescope captured the first-ever images of a planet outside our solar system. In reality, this milestone was achieved 16 years before the JWST's launch.
</accordion-item>
</accordion>

## How to mitigate GenAI security risks

The examples we've explored underscore GenAI's potential pitfalls but don’t be discouraged. You can confidently implement GenAI's transformative power by proactively implementing strong security measures and responsible AI practices.

It's about striking a balance – reaping the benefits of AI innovation while safeguarding your valuable assets and maintaining the trust of your customers.

In the face of growing GenAI security threats, a proactive and multi-layered approach is crucial. Here are some essential strategies to help safeguard your data, systems, and reputation:

### 1. Enhance security awareness and training

Empower your employees with the knowledge to handle the AI landscape safely. Provide extensive training that teaches them how to use GenAI tools securely, identify phishing scams, and avoid sharing sensitive data with chatbots. Help your team develop the skills to verify information, spot deepfakes, and recognize misinformation.

### 2. Prioritize data security and privacy

Implement strong access controls to ensure that only authorized individuals can access it. Add an extra layer of security with strong authentication methods like multi-factor authentication.

Before feeding sensitive data into AI models or chatbots, anonymize or pseudonymize it to protect privacy—Encrypt data both at rest and in transit to prevent unauthorized access. Stay proactive by conducting regular data audits and impact assessments.

### 3. Establish secure AI model development and deployment

Keep your AI models updated with the latest security patches to address any potential vulnerabilities. Before deployment, thoroughly test your AI-powered systems and continuously monitor them for any unusual behavior or possible breaches. Employ explainable AI (XAI) techniques to understand the decision-making processes of your AI models, helping you identify biases and vulnerabilities.

### 4. Partner with specialized technology providers

Partner with specialized technology providers that provide automated AI chatbot pentesting services. Their AI red teams (security teams) proactively probe for vulnerabilities in your chatbot deployments, allowing you to identify and address security weaknesses before they can be exploited.

Penetration testing, or pentesting, is like a simulated cyberattack. It's where a cybersecurity expert tries to find any weak spots in your computer system and see if they can be exploited. Similarly, AI red teams challenge AI systems to uncover hidden weaknesses and flaws.

## Secure path forward with GenAI

While the risks associated with GenAI are real, the future remains bright. By prioritizing security awareness, implementing robust data protection measures, securing AI models, and utilizing automated security solutions, businesses can confidently accept GenAI's transformative power.

To further support your journey towards secure AI adoption, Infobip is proud to partner with SplxAI. Their state-of-the-art AI chatbot pentesting services proactively defend against vulnerabilities, ensuring your chatbot deployments are resilient and secure. Together, we're committed to helping you address the challenges of GenAI security so you can unwrap its full potential without compromising safety.

#### Learn more about our AI security solutions and how we can help you protect your business in the age of generative AI

[ Contact us ](/contact)

### Keep on exploring

Read some of our latest blog posts

[ Explore all blog posts ](/blog)