Understanding Chatbots

By on

Click to learn more about author Keith D. Foote.

A new tool for communicating with customers and potential customers has recently become available. It is called a chatbot, and it simplifies interactions between computers and humans. Chatbots provide a novel and exciting way for businesses to deal with the immediate needs of potential customers. Chatbots can respond to online queries 24 hours a day, in real-time, while human employees focus on other work, or when the business is closed. Several organizations, including Facebook, Google, Amazon, Apple, and Microsoft, have developed their own chatbots. Chatbots have also become a popular tool for banks.

Chatbots are considered, by some, to be the cutting edge of computers interacting with humans. Responding to questions using a natural language is a common goal of businesses offering 24-hour service at minimal costs. From a technological perspective, chatbots represent the next logical step in the evolution of “Question and Answering” systems using natural language processing (NLP). By design, a chatbot gathers behavioral information from its users, allowing it to develop and respond to questions more intelligently. This is how it trains itself to gradually become better at its job. As the chatbot gains experience, it continues to improve.

Chatbots have become popular because they normally provide consumers with quick, intelligent answers to their questions. When people ask a question, they generally don’t want to wait 24 hours for an answer but prefer to get an immediate response. Chatbots provide that service. If a customer doesn’t receive a quick answer, they typically move on and make their purchase at another website (one that answers their questions). By responding immediately, chatbots keep customers engaged and increase the chances they’ll make a purchase.

Installing a Chatbot

There are a variety of approaches that can be used when installing and integrating a chatbot. To maximize effectiveness, a chatbot should be designed with a specific customer base (or specific employees) in mind. Depending on what it is used for, some platforms are better choices than others. The different technologies, such as machine learning, natural language processing, and semantic understanding, can be adjusted to provide communications that are useful to specific customer bases.

Installing and implementing a chatbot is actually fairly easy. As chatbots have become more and more popular, a large number of tools have also become available for building and implementing them. These are a few of the tools and templates available:

  • Landbot offers a very efficient, user-friendly interface for creating chatbots that integrate with other services, including Twitter, Slack, and Facebook. This provides a great option for businesses wishing to communicate with their customers on a variety of different platforms.
  • Chatfuel concentrates on Facebook integration. This service supports bots for Facebook Messenger responses and goes beyond the standard chat response features normally used by Facebook.
  • Sequel also focuses on Facebook. This service supports drag and drop features for creating the bots.
  • Botsify supports chatbots that can integrate with WordPress sites. Botsify chatbots are more flexible and customizable than many other versions.
  • ManyChat is also focused on Facebook, but this platform is remarkably user-friendly.

How Chatbots Work

A chatbot uses machine learning software to support conversations (or chats) between humans and computers through websites, mobile apps, messaging applications, or the telephone. Two different tasks (user request analysis and returning the response) are performed by the chatbot. A user request analysis identifies the user’s intent and then seeks and extracts the relevant data. The goal of the chatbot is to provide an appropriate response to the request. (If the request is not understood, the chatbot cannot provide the correct answer.)

When returning the response, the chatbot strives for the most appropriate response. The response may be in the form of:

  • Text retrieved from a database containing different standardized answers
  • Stored data in enterprise systems
  • Contextualized information (information that is in context, based on the data provided)
  • A question which helps the chatbot understand the user’s question
  • Verbal responses

Security Concerns Around Chatbots

Unfortunately, chatbots offer hackers yet another way to access private and confidential information, which has been stored on the business’ website. The location of sensitive data, how long it has been stored, who has access, and how the data is used, are security issues which become potential risks. This is especially true for highly regulated industries that handle very sensitive information, such as finance and healthcare. Before setting up a chatbot, an organization should establish rules about the data gathered. According to Chaitanya Hiremath, CEO of Scanta:

“We are giving more and more responsibility to chatbots to automate conversational tasks people previously performed. These conversations used to be monitored by supervisors, managers, and good old common sense to guide behavior. Now, this is being automated by machine learning-trained systems that run unsupervised 24×7 in the background. The good news is we can get cost-effective hyper-productivity from these systems. The bad news is that bad actors can poison and manipulate these systems and cause high scale damage.”

Chaitanya continues:

“Take, for example, the case of the Microsoft Tay chatbot that was designed to learn from interacting with its users. Hackers poisoned the chatbot with racist and misogynistic comments, and in a matter of a day, Tay had started mimicking these hateful conversations. Now think about other potential cases of getting hacked advice from a banking robo-advisor or healthcare advisor bot. Would you click on a survey link that a customer service chatbot you were using provided you? We don’t trust email anymore, but we do trust chatbots?”

Chatbot security risks can generally be broken down into two categories — vulnerabilities and threats. Even systems with tight security systems have potential vulnerabilities and may risk exposure to attacks. Vulnerabilities are typically long-term issues that need to be dealt with on a regular basis. Changing passwords, updating employee access, and closing backdoors are all steps needed to eliminate weaknesses that allow the system to be accessed and compromised. Private platforms normally have complete control over their security. However, public chatbots change the situation dramatically. Chatbots are often left unmanned (that’s their purpose), which gives hackers time to find and take advantage of any access available.

When asked why chatbots are so vulnerable to attack, Chaitanya Hiremath responded, saying:

“First of all, these systems are usually either built on open-source machine learning models and trained on open-source datasets or built on publicly-accessible AI-as-a-Service platforms. This gives bad actors the blueprints they need to probe a system, spot weaknesses, and craft an attack. Secondly, chatbots are constantly gathering new information to learn from. This makes them uniquely vulnerable to learning from poisoned data gathered from malicious users. Lastly, the conversations held on these chatbots are going virtually unmonitored. Companies trust that users are legitimately using a chatbot, not attacking the system. And users trust the output of the chatbot as being legitimate since it is coming from a trusted company.”

Attacks against machine learning are also called adversarial attacks. Traditional techniques, such as dropout and weight decay, do not generally provide useful defenses against adversarial attacks. At present, there only seems to be two defenses:

  • Adversarial Training: An ML training solution that generates many examples of adversarial attacks and trains the model to avoid being tricked by each of them. Open-source versions of adversarial training are available in the cleverhans library.
  • Defensive Distillation: This strategy trains the model to provide output “probabilities” of different classes, rather than making hard decisions about what class to output. These probabilities come from an earlier model that was trained for the same task while using hard class labels. The process creates a model that has been trained to defend against these efforts, making it difficult for hackers to attack the system. (Originally, distillation was introduced in “Distilling the Knowledge in a Neural Network,” described as a model compression technique, with a small model being trained to imitate a larger one in an effort to gain computational efficiency.)

The two primary methods for gaining chatbot security are authentication and authorization. Authentication refers to the user identity verification process, while authorization describes giving permission for specific users, allowing them to perform specific tasks or providing access to a portal. Additionally, Scanta (the company Chaitanya Hiremath is CEO of) has developed a powerful layer of chatbot security using artificial intelligence. It is called the VA Shield, and Chaitanya described it, saying:

“It is a SaaS security solution that provides an enhanced layer of real-time supervision at the conversational level to prevent attacks on chatbots. Companies can customize policies to monitor, analyze, or block suspicious conversations to stop malicious use and prevent compromised systems from releasing confidential, false, or improper information. This security solution works by adding a critical Zero Trust security framework to chatbot systems that keep them running smoothly and securely.”

In Conclusion

While customer service chatbots will reduce costs, the improvements they make to the customer experience can also have a significant positive impact. Chatbots can be accessed 24/7 and will often answer questions more rapidly than humans. Chatbots are most effective when used in customer service applications for service-heavy industries, such as retail, travel, and telecom. Chatbots are predictably more valuable to businesses fielding thousands of customer calls, rather than those responding to 4 or 5 calls per week.

Chatbot security is an issue that “must” be addressed.

For organizations that process a high volume of requests, the impact of a chatbot can be substantial. For example, Bank of America describes an increase from 7 to 10 million users in six months. This was caused by the bank’s launch of proactive insights (also known as Erica). Erica provides customers with guidance and recommendations based on their specific behaviors, which helps them to manage their money.

Christian Kitchell, AI solutions and Erica executive at Bank of America stated:

“Within a month of launching insights, we saw a better than two times jump in engagement, and we’ve sustained that through the path of last year. It’s a function of more clients starting to recognize the appeal and value that we bring — because we’ve been enhancing Erica quite a bit through our development cycle.” 


We use technologies such as cookies to understand how you use our site and to provide a better user experience. This includes personalizing content, using analytics and improving site operations. We may share your information about your use of our site with third parties in accordance with our Privacy Policy. You can change your cookie settings as described here at any time, but parts of our site may not function correctly without them. By continuing to use our site, you agree that we can save cookies on your device, unless you have disabled cookies.
I Accept