Jing Yang,Yen-Lin Chen,Lip Yee Por,Chin Soon Ku

DOI: https://doi.org/10.3390/app13116355

2023-05-23

Applied Sciences

Abstract:Chatbots have become increasingly popular in recent years, but they also present security risks and vulnerabilities that need to be addressed. This systematic literature review examines the existing research relating to information security in chatbots, identifying the potential threats, proposed solutions, and future directions for research. The review finds that chatbots face various security threats, including malicious input, user profiling, contextual attacks, and data breaches, and that solutions such as blockchain technology, end-to-end encryption, and organizational controls can be used to mitigate these concerns. The review also highlights the importance of maintaining user trust and addressing privacy concerns for the successful adoption and continued use of chatbots. A taxonomy developed in this review provides a useful framework for categorizing the articles and their findings. The review concludes by identifying future research directions that include developing more sophisticated authentication and authorization mechanisms, exploring the use of privacy-enhancing technologies, and improving the detection and prevention of security threats, among others. This review contributes to the growing body of literature on information security in chatbots and can guide future research and practice in this field.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Julia Ive,Vishal Yadav,Mariia Ignashina,Matthew Rand,Paulina Bondaronek

2024-11-27

Abstract:Introduction: The use of chatbots is becoming increasingly important across various aspects of daily life. However, the privacy concerns associated with these communications have not yet been thoroughly addressed. The aim of this study was to investigate user awareness of privacy risks in chatbot interactions, the privacy-preserving behaviours users practice, and how these behaviours relate to their awareness of privacy threats, even when no immediate threat is perceived. Methods: We developed a novel "privacy-safe" setup to analyse user behaviour under the guarantees of anonymization and non-sharing. We employed a mixed-methods approach, starting with the quantification of broader trends by coding responses, followed by conducting a qualitative content analysis to gain deeper insights. Results: Overall, there was a substantial lack of understanding among users about how chatbot providers handle data (27% of the participants) and the basics of privacy risks (76% of the participants). Older users, in particular, expressed fears that chatbot providers might sell their data. Moreover, even users with privacy knowledge do not consistently exhibit privacy-preserving behaviours when assured of transparent data processing by chatbots. Notably, under-protective behaviours were observed among more expert users. Discussion: These findings highlight the need for a strategic approach to enhance user education on privacy concepts to ensure informed decision when interacting with chatbot technology. This includes the development of tools to help users monitor and control the information they share with chatbots

Human-Computer Interaction

Nazar Waheed,Muhammad Ikram,Saad Sajid Hashmi,Xiangjian He,Priyadarsi Nanda

DOI: https://doi.org/10.48550/arXiv.2205.08252

2022-05-17

Cryptography and Security

Abstract:Web-based chatbots provide website owners with the benefits of increased sales, immediate response to their customers, and insight into customer behaviour. While Web-based chatbots are getting popular, they have not received much scrutiny from security researchers. The benefits to owners come at the cost of users' privacy and security. Vulnerabilities, such as tracking cookies and third-party domains, can be hidden in the chatbot's iFrame script. This paper presents a large-scale analysis of five Web-based chatbots among the top 1-million Alexa websites. Through our crawler tool, we identify the presence of chatbots in these 1-million websites. We discover that 13,515 out of the top 1-million Alexa websites (1.59%) use one of the five analysed chatbots. Our analysis reveals that the top 300k Alexa ranking websites are dominated by Intercom chatbots that embed the least number of third-party domains. LiveChat chatbots dominate the remaining websites and embed the highest samples of third-party domains. We also find that 850 (6.29%) of the chatbots use insecure protocols to transfer users' chats in plain text. Furthermore, some chatbots heavily rely on cookies for tracking and advertisement purposes. More than two-thirds (68.92%) of the identified cookies in chatbot iFrames are used for ads and tracking users. Our results show that, despite the promises for privacy, security, and anonymity given by the majority of the websites, millions of users may unknowingly be subject to poor security guarantees by chatbot service providers

Rahime Belen Saglam,Jason R. C. Nurse,Duncan Hodges,Jason R.C. Nurse

DOI: https://doi.org/10.48550/arXiv.2107.03959

2021-07-08

Computers and Society

Abstract:Through advances in their conversational abilities, chatbots have started to request and process an increasing variety of sensitive personal information. The accurate disclosure of sensitive information is essential where it is used to provide advice and support to users in the healthcare and finance sectors. In this study, we explore users' concerns regarding factors associated with the use of sensitive data by chatbot providers. We surveyed a representative sample of 491 British citizens. Our results show that the user concerns focus on deleting personal information and concerns about their data's inappropriate use. We also identified that individuals were concerned about losing control over their data after a conversation with conversational agents. We found no effect from a user's gender or education but did find an effect from the user's age, with those over 45 being more concerned than those under 45. We also considered the factors that engender trust in a chatbot. Our respondents' primary focus was on the chatbot's technical elements, with factors such as the response quality being identified as the most critical factor. We again found no effect from the user's gender or education level; however, when we considered some social factors (e.g. avatars or perceived 'friendliness'), we found those under 45 years old rated these as more important than those over 45. The paper concludes with a discussion of these results within the context of designing inclusive, digital systems that support a wide range of users.

Jingquan Li

DOI: https://doi.org/10.2196/47551

IF: 7.076

2023-11-28

Journal of Medical Internet Research

Abstract:Artificial intelligence (AI) chatbots like ChatGPT and Google Bard are computer programs that use AI and natural language processing to understand customer questions and generate natural, fluid, dialogue-like responses to their inputs. ChatGPT, an AI chatbot created by OpenAI, has rapidly become a widely used tool on the internet. AI chatbots have the potential to improve patient care and public health. However, they are trained on massive amounts of people’s data, which may include sensitive patient data and business information. The increased use of chatbots introduces data security issues, which should be handled yet remain understudied. This paper aims to identify the most important security problems of AI chatbots and propose guidelines for protecting sensitive health information. It explores the impact of using ChatGPT in health care. It also identifies the principal security risks of ChatGPT and suggests key considerations for security risk mitigation. It concludes by discussing the policy implications of using AI chatbots in health care.

health care sciences & services,medical informatics

Attia Qammar,Hongmei Wang,Jianguo Ding,Abdenacer Naouri,Mahmoud Daneshmand,Huansheng Ning

DOI: https://doi.org/10.48550/arXiv.2306.09255

2023-05-29

Abstract:Chatbots shifted from rule-based to artificial intelligence techniques and gained traction in medicine, shopping, customer services, food delivery, education, and research. OpenAI developed ChatGPT blizzard on the Internet as it crossed one million users within five days of its launch. However, with the enhanced popularity, chatbots experienced cybersecurity threats and vulnerabilities. This paper discussed the relevant literature, reports, and explanatory incident attacks generated against chatbots. Our initial point is to explore the timeline of chatbots from ELIZA (an early natural language processing computer program) to GPT-4 and provide the working mechanism of ChatGPT. Subsequently, we explored the cybersecurity attacks and vulnerabilities in chatbots. Besides, we investigated the ChatGPT, specifically in the context of creating the malware code, phishing emails, undetectable zero-day attacks, and generation of macros and LOLBINs. Furthermore, the history of cyberattacks and vulnerabilities exploited by cybercriminals are discussed, particularly considering the risk and vulnerabilities in ChatGPT. Addressing these threats and vulnerabilities requires specific strategies and measures to reduce the harmful consequences. Therefore, the future directions to address the challenges were presented.

Cryptography and Security,Artificial Intelligence,Computers and Society

Rahime Belen Saglam,Jason R. C. Nurse

DOI: https://doi.org/10.48550/arXiv.2005.12644

2020-05-26

Computers and Society

Abstract:Conversational agents open the world to new opportunities for human interaction and ubiquitous engagement. As their conversational abilities and knowledge has improved, these agents have begun to have access to an increasing variety of personally identifiable information and intimate details on their user base. This access raises crucial questions in light of regulations as robust as the General Data Protection Regulation (GDPR). This paper explores some of these questions, with the aim of defining relevant open issues in conversational agent design. We hope that this work can provoke further research into building agents that are effective at user interaction, but also respectful of regulations and user privacy.

Ece Gumusel,Kyrie Zhixuan Zhou,Madelyn Rose Sanfilippo

2024-02-15

Abstract:This study presents a unique framework that applies and extends Solove (2006)'s taxonomy to address privacy concerns in interactions with text-based AI chatbots. As chatbot prevalence grows, concerns about user privacy have heightened. While existing literature highlights design elements compromising privacy, a comprehensive framework is lacking. Through semi-structured interviews with 13 participants interacting with two AI chatbots, this study identifies 9 privacy harms and 9 privacy risks in text-based interactions. Using a grounded theory approach for interview and chatlog analysis, the framework examines privacy implications at various interaction stages. The aim is to offer developers, policymakers, and researchers a tool for responsible and secure implementation of conversational AI, filling the existing gap in addressing privacy issues associated with text-based AI chatbots.

Human-Computer Interaction,Computers and Society

Dillys Larbi,Elia Gabarron,Paolo Zanaboni,Rolf Wynn,Eirik Årsand,Kerstin Denecke

DOI: https://doi.org/10.3233/SHTI240809

2024-08-22

Abstract:Background and objective: Social media physical activity chatbots use both chatbots and social media platforms for physical activity promotion and, thus, could face privacy and security challenges inherent in both technologies. This study aims to provide an overview of physical activity chatbot interventions delivered via social media platforms, specifically focusing on security and privacy measures. Methods: We conducted a scoping review on this topic across 4 databases: PubMed, PsycINFO, ACM Digital Library, and IEEE Xplore. We extracted and summarised information on the author, population, country of study, social media platform, intervention, data processed (i.e. gathered or stored), and security/privacy measures. Results: Out of 1299 identified articles, 12 were included in the analysis reporting about 9 different chatbots. Although all chatbots applied data processing methods, only a few considered anonymisation. One paper stated compliance with the General Data Protection Regulations. Other studies enforced some verification procedures before chatbot use. Conclusion: Current research fails to adequately report security considerations in social media physical activity chatbot design. However, integration of chatbots into social media platforms seems to be declining, possibly due to security concerns.

Yage Liu

DOI: https://doi.org/10.1145/3625469.3625483

2023-08-25

Abstract:In recent years, the pervasive integration of Artificial Intelligence (AI) chatbots into social media platforms has transformed the way individuals communicate and access information. This paper aims to critically examine the ethical responsibilities and privacy challenges associated with the application of Information and Communication Technology (ICT) in AI chatbots within social media environments. The purpose of this investigation is to highlight the complexities surrounding the implementation of chatbots and understand the implications of ICT with regards to ethical and privacy concerns. The study addresses the adoption of AI chatbots for varied applications such as customer support, content moderation, and personalized advertising. The central focus is on how ICT can inadvertently contribute to potential ethical dilemmas, including data bias, transparency, accountability, and privacy breaches. Moreover, the paper explores the existing regulatory frameworks governing the use of AI chatbots and recommends a set of best practices for ensuring ethical compliance and safeguarding user privacy. By evaluating the interplay between AI chatbots and ICT, this research offers valuable insights into the responsibilities and challenges that need to be considered to foster a more ethical and privacy-conscious implementation of AI chatbots in social media.

Law,Computer Science

Yunsan Guo,Jian Wang,Runfan Wu,Zeyu Li,Lingyun Sun

DOI: https://doi.org/10.1007/s42486-022-00106-5

2022-01-01

Abstract:Trust is an important factor influencing user acceptance of high-tech products. As the artificial intelligence and natural language processing develop, all kinds of conversational agents (chatbot) have appeared around us. These chatbots are able to provide people with convenient services such as ordering food, stock recommendations, fund diagnostics. However, it is still not clear how to make users feel chatbot trustworthy. In this study, we aimed to explore a set of design principles to build trust between users and conversational agents. Based on extensive research on trust, we proposed five design semantics and 10 design principles, and verified their effectiveness through experiments. The result of experiment suggest that our design principles can improve users’ trust towards chatbot, thus provided guidance and suggestions for designing more trustworthy chatbots in the future.

Simon Coghlan,Kobi Leins,Susie Sheldrick,Marc Cheong,Piers Gooding,Simon D'Alfonso

DOI: https://doi.org/10.1177/20552076231183542

2023-01-01

Digital Health

Abstract:This paper presents a critical review of key ethical issues raised by the emergence of mental health chatbots. Chatbots use varying degrees of artificial intelligence and are increasingly deployed in many different domains including mental health. The technology may sometimes be beneficial, such as when it promotes access to mental health information and services. Yet, chatbots raise a variety of ethical concerns that are often magnified in people experiencing mental ill-health. These ethical challenges need to be appreciated and addressed throughout the technology pipeline. After identifying and examining four important ethical issues by means of a recognised ethical framework comprised of five key principles, the paper offers recommendations to guide chatbot designers, purveyers, researchers and mental health practitioners in the ethical creation and deployment of chatbots for mental health.

public, environmental & occupational health,health care sciences & services,medical informatics,health policy & services

Sofian Hamad,Taoufik Yeferny

DOI: https://doi.org/10.48550/arXiv.2012.00826

2020-12-01

Cryptography and Security

Abstract:Advancements in artificial intelligence (AI), speech recognition systems (ASR), and machine learning have enabled the development of intelligent computer programs called chatbots. Many chatbots have been proposed to provide different services in many areas such as customer service, sales and marketing. However, the use of chatbot as advisers in the field of information security is not yet considered. Furthermore, people, especially normal users who have no technical background, are unaware about many of aspects in information security. Therefore, in this paper we proposed a chatbot that acts as an adviser in information security. The proposed adviser uses a knowledge base with json file. Having such chatbot provides many features including raising the awareness in field of information security by offering accurate advice, based on different opinions from information security expertise, for many users on different. Furthermore, this chatbot is currently deployed through Telegram platform, which is one of widely used social network platforms. The deployment of the proposed chatbot over different platforms is considered as the future work.

Ece Gumusel

DOI: https://doi.org/10.1002/asi.24898

2024-05-10

Journal of the Association for Information Science and Technology

Abstract:Abstract Since the introduction of OpenAI's ChatGPT‐3 in late 2022, conversational chatbots have gained significant popularity. These chatbots are designed to offer a user‐friendly interface for individuals to engage with technology using natural language in their daily interactions. However, these interactions raise user privacy concerns due to the data shared and the potential for misuse in these conversational information exchanges. Furthermore, there are no overarching laws and regulations governing such conversational interfaces in the United States. Thus, there is a need to investigate the user privacy concerns. To understand these concerns in the existing literature, this paper presents a literature review and analysis of 38 papers out of 894 retrieved papers that focus on user privacy concerns arising from interactions with text‐based conversational chatbots through the lens of social informatics. The review indicates that the primary user privacy concern that has consistently been addressed is self‐disclosure. This review contributes to the broader understanding of privacy concerns regarding chatbots the need for further exploration in this domain. As these chatbots continue to evolve, this paper acts as a foundation for future research endeavors and informs potential regulatory frameworks to safeguard user privacy in an increasingly digitized world.

information science & library science,computer science, information systems

Seraj A. M. Mostafa,Md Z. Islam,Mohammad Z. Islam,Fairose Jeehan,Saujanna Jafreen,Raihan U. Islam

2023-10-31

Abstract:Artificially intelligent chatbot, such as ChatGPT, represents a recent and powerful advancement in the AI domain. Users prefer them for obtaining quick and precise answers, avoiding the usual hassle of clicking through multiple links in traditional searches. ChatGPT's conversational approach makes it comfortable and accessible for finding answers quickly and in an organized manner. However, it is important to note that these chatbots have limitations, especially in terms of providing accurate answers as well as ethical concerns. In this study, we explore various scenarios involving ChatGPT's ethical implications within academic contexts, its limitations, and the potential misuse by specific user groups. To address these challenges, we propose architectural solutions aimed at preventing inappropriate use and promoting responsible AI interactions.

Artificial Intelligence

Muna Al-Hawawreh,Ahamed Aljuhani,Yaser Jararweh

DOI: https://doi.org/10.1007/s10586-023-04124-5

2023-08-26

Cluster Computing

Abstract:Artificial intelligence (AI) advancements have revolutionized many critical domains by providing cost-effective, automated, and intelligent solutions. Recently, ChatGPT has achieved a momentous change and made substantial progress in natural language processing. As such, a chatbot-driven AI technology has the capabilities to interact and communicate with users and generate human-like responses. ChatGPT, on the other hand, has the potential to influence changes in the cybersecurity domain. ChatGPT can be utilized as a chatbot-driven security assistant for penetration testing to analyze, investigate, and develop security solutions. However, ChatGPT raises concerns about how the tool can be used for cybercrime and malicious activities. Attackers can use such a tool to cause substantial harm by exploiting vulnerabilities, writing malicious code, and circumventing security measures on a targeted system. This article investigates the implications of the ChatGPT model in the domain of cybersecurity. We present the state-of-the-art practical applications of ChatGPT in cybersecurity. In addition, we demonstrate in a case study how a ChatGPT can be used to design and develop False data injection attacks against critical infrastructure such as industrial control systems. Conversely, we show how such a tool can be used to help security analysts to analyze, design, and develop security solutions against cyberattacks. Finally, this article discusses the open challenges and future directions of ChatGPT in cybersecurity.

computer science, information systems, theory & methods

Maha Charfeddine,Habib M. Kammoun,Bechir Hamdaoui,Mohsen Guizani

DOI: https://doi.org/10.1109/access.2024.3367792

IF: 3.9

2024-03-06

IEEE Access

Abstract:ChatGPT has been acknowledged as a powerful tool that can radically boost productivity across a wide range of industries. It reveals potential in cybersecurity-related tasks such as social engineering. Nevertheless, this possibility raises important concerns regarding the thin line separating moral use of this technology from its harmful usage. It is imperative to address the challenges of distinguishing between legitimate and malevolent use of ChatGPT. This research paper investigates the many concerns of ChatGPT in cybersecurity, privacy and enterprise settings. It covers harmful attacker uses such as injecting malicious prompts, testing brute force attacks, preparing and developing ransomware attacks, etc. Defenders' proactive activities are also addressed, highlighting ChatGPT's significance in security operations and threat intelligence. These defensive operations are classified based on the National Institute of Standards and Technology cybersecurity framework. They involve analyzing configuration files, inquiring about authoritative server, improving security in various systems, etc. Moreover, secure enterprise practices and mitigations spread through five classes are proposed, with an emphasis on clear usage standards and guidelines establishment, personally identifiable information protection, adversarial attack prevention, watermarking generated content, etc. An integrated discussion digs into the interaction of offensive and defensive applications, covering ethical and practical concerns. Future attacks are also discussed, along with potential solutions such as content filtering and collaboration. Finally, a comparative analysis with recent research on ChatGPT security concerns is directed. The paper provides a thorough framework to comprehend the range of implications associated with ChatGPT, enabling the navigation of cybersecurity and privacy challenges.

computer science, information systems,telecommunications,engineering, electrical & electronic

Nicole M. Radziwill,Morgan C. Benton

DOI: https://doi.org/10.48550/arXiv.1704.04579

2017-04-15

Abstract:Chatbots are one class of intelligent, conversational software agents activated by natural language input (which can be in the form of text, voice, or both). They provide conversational output in response, and if commanded, can sometimes also execute tasks. Although chatbot technologies have existed since the 1960s and have influenced user interface development in games since the early 1980s, chatbots are now easier to train and implement. This is due to plentiful open source code, widely available development platforms, and implementation options via Software as a Service (SaaS). In addition to enhancing customer experiences and supporting learning, chatbots can also be used to engineer social harm - that is, to spread rumors and misinformation, or attack people for posting their thoughts and opinions online. This paper presents a literature review of quality issues and attributes as they relate to the contemporary issue of chatbot development and implementation. Finally, quality assessment approaches are reviewed, and a quality assessment method based on these attributes and the Analytic Hierarchy Process (AHP) is proposed and examined.

Computers and Society,Software Engineering

Yongrui Wang

DOI: https://doi.org/10.54254/2755-2721/73/20240374

2024-07-05

Abstract:OpenAI launched ChatGPT in the United States on November 30,2022, with an astonishing success of more than 100 million users. CHATGPT trains by using online information, including personal information. With that comes the risk of personal information..This have a serious impact on society, including misleading the public, manipulating public opinion, etc. Furthermore, malicious users of artificial intelligence technology may use personal information for social engineering or phishing attacks, Inducing users to disclose more sensitive information or be subject to fraud. These are the challenges faced by personal information under the development of artificial intelligence. The research questions of the paper are how can people protect personal information and how to make more rational use of artificial intelligence. The study are conducted by consulting literature and learning about this area.Finally, in this paper, the author put forward that the threats of personal information include CHATGPTs management of personal information data and the generation of false information, and then the use of Chatgpt by criminals, and proposed the solution to this, stregthens peoples consciousness, formulates the law provision, uses the safer equipment.

Xiaodong Wu,Ran Duan,Jianbing Ni

2023-07-26

Abstract:This paper delves into the realm of ChatGPT, an AI-powered chatbot that utilizes topic modeling and reinforcement learning to generate natural responses. Although ChatGPT holds immense promise across various industries, such as customer service, education, mental health treatment, personal productivity, and content creation, it is essential to address its security, privacy, and ethical implications. By exploring the upgrade path from GPT-1 to GPT-4, discussing the model's features, limitations, and potential applications, this study aims to shed light on the potential risks of integrating ChatGPT into our daily lives. Focusing on security, privacy, and ethics issues, we highlight the challenges these concerns pose for widespread adoption. Finally, we analyze the open problems in these areas, calling for concerted efforts to ensure the development of secure and ethically sound large language models.

Cryptography and Security,Artificial Intelligence