What Should a Chatbot Policy Look Like?CISO Ian Thornton-Trump on Chatbots and the Need for Human Oversight
Chatbots are widely popular these days, but how secure are they? CISO Ian Thornton-Trump said he is opportunistic about using chatbots but warns that the technology needs oversight and testing to ensure "the responses that it's giving are accurate and the information it's able to access is also pertinent to the questions that are commonly asked."
"A lot of corporate websites are complex beasts with functions and capabilities that reach deep into the businesses and deep into databases," said Thornton-Trump, who advised companies to make sure the technology "is pen-tested, that you're dealing with a reputable company, and that you also have an errors and omissions policy that will cover errors and omissions made by a chatbot or an AI thing."
In this video interview with Information Security Media Group at Infosecurity Europe 2023, Thornton-Trump discussed:
- The risks and opportunities posed by using chatbots inside organizations;
- The recent decision by Ireland's Data Protection Commissioner to pause the EU launch of Bard, Alphabet's chatbot, over privacy concerns;
- What businesses need to think about when using generative AI.
At Cyjax, Thornton-Trump performs real-time analysis of immediate threats and keeps abreast of developing security threats. He previously worked as CTO at Octopi Managed Services. Prior to that, he served with the Military Intelligence Branch of the Canadian Forces, later joining the CF Military Police Reserves and retiring as a public affairs officer. After a year with the RCMP as a criminal intelligence analyst, he began working as a cybersecurity analyst/consultant for multinational insurance, banking and regional healthcare firms. Thornton-Trump teaches cybersecurity and IT business courses for CompTIA as part of its global faculty.