Essential AI guardrails: How to do security testing, APIs, and logs

Customer-facing artificial intelligence (AI) can help to enhance service by providing customers with a faster response to their questions and summarizing cases. It can help to direct the agents and may also help the customers to understand about the product or policy they are searching for. 

However, there is a danger in AI as well. Even the most basic chatbots can be a security threat if the AI guardrails aren't set correctly. It can reveal private data or provide incorrect results if it is not examined correctly. If there are no guardrails in place, a chatbot can be easily manipulated by attackers.

This makes it essential for all the AI use cases that come into customer contact to undergo a cybersecurity audit before they are deployed.

Step 1: Start with a use case

The first step is to have a clear understanding of what the AI system is supposed to do.
Will it just respond to general customer queries? Or will it execute more sophisticated tasks, like accessing customer information, making recommendations, opening service tickets, approving requests, handling refunds, resetting passwords, updating account information, etc.?

The risk is dependent on the answer.

A simple FAQ chatbot might be less at risk. An AI assistant, which handles account access, complaints, or financial disputes, is significantly more vulnerable and will require enhanced controls.

The team needs to record what the AI is capable of. They should also record what it is unable to do. For instance, AI shouldn't provide legal counsel. It should not show internal policies. It should not make assumptions if it is not very confident. 

The bot needs to be taught not to make final decisions in sensitive cases without human intervention.

Step 2: Security testing is required

The customer-facing AI needs to be subjected to security testing prior to launch. This should entail regular application security testing as well as AI-specific testing.

Standard testing should check for broken authentication, weak access controls, insecure APIs, injection flaws and  exposed secrets. Teams should employ vulnerability scanning, secure code review, penetration testing and threat modeling.

Testing that is specific to AI is just as crucial as traditional security testing. Prompt injection is a possible attack method to try and alter the AI. The attacker might attempt to get system prompts or internal rules. It could also try to gain access to another customer's information.
If the AI is allowed to use tools or APIs, there must be strict control over the AI's use of them.

The AI should not have access to any systems or data of which it is not a part of the job. That means it should not have a wide range of permissions or access. That's where the principal of least privilege comes in.

Step 3: It is crucial that a vendor assessment is carried out

AI systems are often reliant on outside vendors. These vendors can be model providers, chatbot platforms, cloud services, analytics tools, and customer support integrations.
A review of each vendor prior to using the AI system with customers is needed.

The review should consider the following: encryption, access control, data retention, logging, incident response, and subcontractors. It should also validate on handling customer data. For instance, the company ought to be conscious if customer information is utilized to train the vendor's models. It should be aware of the location of the data. It should also ask if it's possible to audit logs, delete data and have role-based access control.

Security certifications can be of assistance. Depending on the industry and use case, there may be several relevant certifications. Certifications are not the only requirement, though. The company still has to gain the vendor's knowledge of their actual security controls.

If the vendor is weak, it is a weak link in the system.

Step 4: API review is essential

APIs are where AI is helpful. They're also the areas where AI can get dangerous.

Strong authentication should be used with APIs. They need to employ secure tokens. They should validate scopes. They should do authorization on the server side. The AI should NOT determine what a customer can see. That should be determined by the backend system.HY
AI should not be trusted by the API. AI can generate inaccurate, incomplete or fake requests. The backend should always be able to validate every field to take action.

Rate limits should be in place. This is to reduce the risk of abuse. It also prevents overload of systems.

The API should only return data in response to the request, only what is necessary for the task. It shouldn't return a full customer profile when all you need is a status update. Data minimization reduces the damage should there be a failure.

Step 5: Logging must be validated

A strong logging solution is required for the AI systems. Without logs, teams can't investigate issues. 

Logs should contain user requests, AI responses, API calls, authentication information, failed authorization, blocked prompts, escalations, and human handoffs.

The logs should also indicate the version of the model used. They are to note which guards were activated. When available, they should monitor the scores of confidence.

However, logs have to be safeguarded. They should never store passwords, tokens, all account numbers, or payment information. Mask, tokenize or encrypt sensitive fields.
Log accesses should be restricted. The security team should watch for unusual activity. These can be repeated attempts to inject the prompt, unnatural API usage, data queries, and failed access attempts.

Logging is more than just a technical control. It is an accountability regulating control.

Step 6: Your human review determines the final quality of your work

Relying on AI should not be a substitute for human decision-making.

Cases with high risk require human review. Examples of these are complaints, weak customers, fraud claims, identity issues, denied services, legal concerns and financial disputes.

The bottom line on essential AI guardrails

AI guardrails are more than a document. These are technical measures and as such involve security testing, vendor review, API protection, logging validation and access control, monitoring, and human oversight.

Speed is crucial for customer experience. Customers want convenience. Businesses want efficiency.

The first step is to have trust.

Before AI is experienced by a customer it should undergo a cyber security assessment. That review should be documented, practical, and technical and should be done before any real customer is put at risk.

Quick links 

• JP Morgan I Operationalizing AI in CX: Practical steps, risks and guardrails 
  
• AI governance: A CX leader's guide to responsible AI implementation
• How to get generative AI governance in place