AI Chatbot provides company data

AI News
Michael LewisLeave a Comment on AI Chatbot provides company data


It took less than an hour. Dr. Ali Dehghantanha was able to steal sensitive client data and internal project information from Fortune 500 companies simply by talking to the AI chatbot.

Dr. Ali Dehantanha
Dr. Ali Dehantanha

Dehghantanha is Professor of Cybersecurity and Threat Intelligence at Guelph University and Chair of Research in Canada.

He worked for a large professional services company and conducted aggressive audits. This is because we wanted to determine if we could manipulate the AI assistant to reveal privileged client information.

Unfortunately, it is possible.

Similarly, Dehghantanha was able to draft a compelling email that appears to be from the CEO, containing actual project information that could easily be sent to employees.

“Chatbots have access to far more client and project data than they need to, and there was no system to notice when AI was being manipulated,” he says.

The case is not unique, says Dehghantanha. The AI Assistant had strong policies, compliance and contracts in place, but in reality, the digital guardrail was easily bypassed.

By using carefully crafted prompts, role-playing scenarios and multi-step conversations, he persuaded the AI to take unpredictable actions.

He warns that hackers can do the same today, and that the next major business violation could come from AI assistants.

“The more AI assistants are connected, the bigger the offensive surface,” he says. “Connecting sensitive data without serious safeguards effectively provides a new superpower for all employees and potentially all attackers.

“Are you giving a key to a new intern to all filing cabinets? Would you like to look at the door?”

AI assistant Rise puts businesses at risk

According to Dehghantanha, AI assistants and chatbots are becoming more common across the industry.

He says the benefits of productivity are great, but these chatbots consider the organization to be risky.

“The best defense isn't just writing new policies, it's stress-testing AI like the real enemies do,” he says. “It only provides the minimum access needed. It monitors abnormal behavior in real time. Most importantly, from day one, AI security is incorporated into your risk strategy.”

Dehghantanha is available for interviews.

contact:

Dr. Ali Dehantanha
adehghan@uoguelph.ca



Source link

Related Posts

SoundHound AI reports first quarter 2026 financial results, holds conference call and webcast on May 7th

Michael Lewis

MRVL News Today, December 3: Celestial AI Acquisition Sparks Market Optimism

Michael Lewis

What's behind the headlines of large AI data centers?

Michael Lewis

Leave a Reply

Your email address will not be published. Required fields are marked *