Know About 3 Chatbot Risks in 2024

3 Chatbot Privacy Risks and Concerns You Should Know About Whether you’re using ChatGPT or another chatbot, you need to be aware of the potential threats that put your data privacy into question. Chatbots have been around for years, but the rise of large language models, such as ChatGPT and Google Bard, has given the chatbot industry a new lease on life Millions of people now use AI chatbots worldwide, but there are some important privacy risks and concerns to keep in mind if you want to try out one of these tools.

What is a chatbot?

A chatbot is a software or computer program that simulates human conversation or “chatter” through text or voice interactions.

Users in both business-to-consumer (B2C) and business-to-business (B2B) environments increasingly use chatbot virtual assistants to handle simple tasks. Adding chatbot assistants reduces overhead costs, uses support staff time better and enables organizations to provide customer service during hours when live agents aren’t available.

How do chatbots work?

Chatbots have varying levels of complexity, being either stateless or stateful. Stateless chatbots approach each conversation as if interacting with a new user. In contrast, stateful chatbots can review past interactions and frame new responses in context.

Adding a chatbot to a service or sales department requires low or no coding. Many chatbot service providers allow developers to build conversational user interfaces for third-party business applications.

A critical aspect of chatbot implementation is selecting the right natural language processing (NLP) engine. If the user interacts with the bot through voice, for example, then the chatbot requires a speech recognition engine.  Business owners also must decide whether they want structured or unstructured conversations. Chatbots built for structured conversations are highly scripted, which simplifies programming but restricts what users can ask. In B2B environments, chatbots are commonly scripted to respond to frequently asked questions or perform simple, repetitive tasks. For example, chatbots can enable sales reps to get phone numbers quickly.

Why are chatbots important?

Organizations looking to increase sales or service productivity may adopt chatbots for time savings and efficiency, as artificial intelligence (AI) chatbots can converse with users and answer recurring questions.  As consumers move away from traditional forms of communication, many experts expect chat-based communication methods to rise. Organizations increasingly use chatbot-based virtual assistants to handle simple tasks, allowing human agents to focus on other responsibilities.

Chatbots have been around for years, but the rise of large language models, such as ChatGPT and Google Bard, has given the chatbot industry a new lease on life Millions of people now use AI chatbots worldwide, but there are some important privacy risks and concerns to keep in mind if you want to try out one of these tools.

1. Data Collection

Most people don’t use chatbots just to say hi. Modern chatbots are designed to process and respond to complex questions and requests, with users often including a lot of information in their prompts. Even if you’re only asking a simple question, you don’t really want it to go beyond your conversation.

According to OpenAI’s support section, you can delete ChatGPT chat logs whenever you desire, and those logs will then be permanently expunged from OpenAI’s systems after 30 days. However, the company will retain and review certain chat logs if they’ve been flagged for harmful or inappropriate content. Another popular AI chatbot, Claude, also keeps track of your previous conversations. Anthropic’s support center states that Claude tracks “your prompts and outputs in the product to provide you with a consistent product experience over time in accordance with your controls.” You can delete your conversations with Claude, so it forgets what you’ve been talking about, but this doesn’t mean Anthropic will immediately delete your logs from its systems
This, of course, begs the question: is my data being kept or not? Does ChatGPT or other chatbots use my data?
But the concerns don’t stop here.

How Does ChatGPT Learn?

In order to provide information, large language models are trained with huge amounts of data. According to Science Focus, ChatGPT-4 alone was fed 300 billion words of information during its training period. This isn’t taken straight from a few encyclopedias. Rather, chatbot developers use masses of information from the internet to train their models. This can include data from books, movies, articles, Wikipedia entries, blog posts, comments, and even review sites.

Keep in mind that, depending on a chatbot developer’s privacy policy, some of the aforementioned sources may not be used in training.

Many have criticized ChatGPT, claiming that it is something of a nightmare in terms of privacy, that ChatGPT cannot be trusted. So, why is this the case?

This is where things get a little blurry. If you ask ChatGPT-3.5 directly whether it has access to product reviews or article comments, you’ll get a firm negative. As you can see in the screenshot below, GPT-3.5 states that it wasn’t given access to user article comments or product reviews in its training.

Rather, it was trained using “a diverse range of text from the internet, including websites, books, articles, and other publicly available written material up until September 2021.”

But is the case the same for GPT-4?

When we asked GPT-4, we were told that “OpenAI did not use specific user reviews, personal data, or article comments” in the chatbot’s training period. Additionally, GPT-4 told us that its responses are generated from “patterns in the data [it] was trained on, which primarily consists of books, articles, and other text from the internet.”

When we probed further, GPT-4 claimed that certain social media content may, indeed, be included in its training data, but the creators will always remain anonymous. GPT-4 specifically stated that “Even if the content from platforms like Reddit was part of the training data, [it doesn’t] have access to specific comments, posts, or any data that can be linked back to an individual user.”

Another notable part of GPT-4’s response is as follows “OpenAI has not explicitly listed every data source used.” Of course, it would be tough for OpenAI to list 300 billion words’ worth of sources, but this does leave space for speculation.

In an Ars Technica article, it was stated that ChatGPT does collect “personal information obtained without consent.” In the same article, contextual integrity was mentioned, a concept that refers to only using someone’s information in the context it was initially used. If ChatGPT breaches this contextual integrity, people’s data could be at risk.

Another point of concern here is OpenAI’s compliance with the General Data Protection Regulation (GDPR). This is a regulation enforced by the European Union in order to protect citizens’ data. Various European countries, including Italy and Poland, have launched investigations into ChatGPT due to concerns about its GDPR compliance. For a short time, ChatGPT was even banned in Italy due to privacy worries. OpenAI has threatened to pull out of the EU in the past due to planned AI regulations, but this has since been retracted
ChatGPT may be the biggest AI chatbot today, but chatbot privacy issues don’t start and end with this provider. If you’re using a shady chatbot with a lackluster privacy policy, your conversations may be misused, or highly sensitive information may be used in its training data.

2. Data Theft

Like any online tool or platform, chatbots are vulnerable to cybercrime. Even if a chatbot did all it could to protect users and their data, there’s always a chance that a savvy hacker will manage to infiltrate its internal systems.

If a given chatbot service were storing your sensitive info, such as payment details for your premium subscription, contact data, or similar, this could be stolen and exploited if a cyberattack were to occur.

This is especially true if you’re using a less secure chatbot whose developers haven’t invested in adequate security protection. Not only could the company’s internal systems be hacked, but your own account stands the chance of being compromised if it doesn’t have login alerts or an authentication layer.

Now that AI chatbots are so popular, cybercriminals have naturally flocked to using this industry for their scams. Fake ChatGPT websites and plugins have been a major problem since OpenAI’s chatbot hit the mainstream in late 2022, with people falling for scams and giving away personal info under the guise of legitimacy and trust.

3. Malware Infection

If you’re using a shady chatbot without realizing it, you may find the chatbot providing you with links to malicious websites. Maybe the chatbot has alerted you of a tempting giveaway or provided a source for one of its statements. If the operators of the service have illicit intentions, the entire point of the platform may be to spread malware and scams via malicious links.

Alternatively, hackers may compromise a legitimate chatbot service and use it to spread malware. If this chatbot happens to be very people, then thousands or even millions of users will become exposed to this malware. Fake ChatGPT apps have even been on the Apple App Store, so it’s best to tread carefully.

In general, you should never click on any links a chatbot provides before running it through a link-checking website. This may seem irritating, but it’s always best to be sure that the site you’re being led to doesn’t have a malicious design.

Additionally, you should never install any chatbot plugins and extensions without verifying their legitimacy first. Do a little research around the app to see if it’s been well-reviewed, and also run a search of the app’s developer to see if you find anything shady.

Chatbots Aren’t Impervious to Privacy Issues

Like most online tools nowadays, chatbots have been repeatedly criticized for their possible security and privacy pitfalls. Whether it’s a chatbot provider cutting corners when it comes to user safety or the ongoing risks of cyberattacks and scams, it’s crucial that you know what your chatbot service is collecting on you, and whether it’s employed adequate security measures.

FAQs