Common AI Implementation Mistakes to Avoid Part 3
Common AI Implementation Mistakes to Avoid
Part 3: Inadequate Ethical Filters
The use of AI in internal and external applications is rapidly being deployed across all sectors with great alacrity. Whilst this offers exciting new capabilities, it also widens the potential attack surface of a company’s infrastructure. AI chatbots, even with filters, can be tricked into breaking ethical barriers, which could lead to serious consequences.
The ‘mistakes’ highlighted within this mini-series are based on findings from real tests. Ethical filters are often applied when AI is deployed as a chatbot within an internal or external web application. However, even robust filters can be bypassed, and as such it is imperative that the risk appetite for a breach of ethics is carefully considered.
Data security is paramount, but it is also crucial to ensure that the infrastructure your company deploys reflects the ethical standards you would expect from employees.
Inadequate Ethical Filters
A chatbot without suitable ethical filters can cause significant reputational damage. Many chatbots use third-party LLMs as their base. Where these are implemented ‘out of the box’, known input exploits can often be reused.
It may be tempting to suggest that unethical behaviour from a chatbot is not the company’s responsibility. This is a fundamental misunderstanding. If a chatbot hosted on a company’s infrastructure outputs racist remarks, illegal instructions, or other inappropriate responses, it will be seen as the company’s voice. The reputational damage could be severe and must be taken seriously.
The risk escalates if ethical weaknesses combine with misconfigured permissions or datasets. In such cases, a chatbot might return unethical responses about specific employees or clients. Brushing this aside as a ‘rogue bot’ or claiming it does not reflect company values is not a defence. Failing to prepare for such incidents is itself a failing.
It is also important to recognise that ethical filtering goes far beyond blocking swearing or discriminatory content. A chatbot can still cause harm if it contradicts professionals or asserts authority in areas where it has no competence. In one test for a healthcare company, the client specified that their chatbot was intended solely for policy guidance and must not provide medical advice. They had implemented custom filters to prevent this. Despite that, within five minutes we were able to make the chatbot provide medical information - using only normal, straightforward questioning, mimicking ‘normal’ use.
This highlights a serious risk: a chatbot giving medical advice is not only a breach of ethical standards but also a threat to patient safety. Even if the chatbot caveats its answers, desperate individuals may act on its words, risking real-world consequences.
Some may argue this is not cybersecurity. In reality, it can be. Unethical responses may feed into social engineering or blackmail attempts, where individuals feel threatened or coerced into giving up sensitive information. Ethical failures don’t just damage trust, they can create direct security vulnerabilities with real-world consequences.
The Key Takeaways:
- Chatbots without robust ethical filters risk reputational damage - anything they say could be seen as the company’s voice.
- Ethical filtering goes beyond blocking offensive language: chatbots must be prevented from giving advice or contradicting professionals in sensitive areas.
- Inadequate ethical controls can fuel social engineering or blackmail, turning reputational risks into real security vulnerabilities.
Good ethics should not be an optional extra – it is vital to who we are as humans, and should be at the forefront of the services we all provide.
Improve your security
Our experienced team will identify and address your most critical information security concerns.