6 Ways to Securely Implement your AI-based Chatbot

Critical security measures that work toward the safe deployment of your chatbot.

Inbenta has extensive experience deploying intelligent, conversational chatbots throughout large enterprises. Over the years, we’ve learned a lot about cybersecurity measures, what to prepare for, and what to guard against. After a more recent in-depth review, we’ve outlined the following best practices for securely deployed your AI-based chatbot onto your site.

Understanding the risks

In order to be truly useful, chatbots must be available in as many places as possible within a customer’s workflow — this allows a chatbot to provide customers with contextual help throughout the process. Most AI providers offer their enterprise technology through Software as a Service, so in many cases, having the entire AI software in your servers is not possible — or even desirable. The inability to contain the chatbot on your protected servers may lead to increased security risks for your company and customer data.

Below, you’ll find six tips to maximize your security when deploying AI chatbots and conversational interfaces onto your website.

1. Secure your JavaScript

In many cases, chatbots are deployed onto websites using JavaScript snippets that are dynamically loaded into web pages. These snippets create the UI for the conversational agent. Although this is not intrinsically dangerous, there are few recommendations that should be taken into account:

  • Do not include external “< script >” tags in your critical web pages, like the login window, or the check out page.
  • When you do include those external scripts, use a Subresource Integrity with your “< script >” or “< link >” tags to external sources.
  • When possible, include and host all necessary scripts in your secured web server.

2. Secure your access to RESTful API services

Choose providers with at least access to a RESTful API with a two-layer authentication. This should include security keys with temporal access tokens, ideally with origin verification, like domain keys.

Keep the API security keys safe to limit access to the API services.

Lastly, remember that accessing your chatbot AI software through RESTful API will often need more coding resources from your side but, in general, it will provide a more secure environment for mission critical applications.

3. Secure your webhooks

Webhooks allow a chatbot to interact with other systems in the backend. An intelligent chatbot will have limited capacity to help users if it cannot access CRM, databases, billing systems, etc. While this is inherently not insecure, some caution is necessary.

Secure your webhooks by means of implementing an authentication layer and validating the origin of the requests they receive. Also, only allow encrypted communications through HTTPS.

4. Keep all passwords secret and safe

Most development environments for chatbot providers use some sort of web-based Integrated development environment (IDE) usually accessible by username and password, so make sure you keep your password safe. Choose a password that maximizes security, and change your password often — and of course, never, ever share usernames or passwords with co-workers.

5. Maintain your software stack with frequent updates

The vulnerabilities of different software systems are often known by a whole community of cyber attackers, so keep your software stack updated with the latest versions in order to keep your applications safe.

Hackers are continuously scanning the Internet for vulnerable systems. With a small, simple script, they can scan every IP address to look for some particular known vulnerability. When they recognize a vulnerability in your system, they begin a recurring onslaught to your software stack.

6. Protect the privacy of sensitive data

Do not request sensitive information through any chatbot data flow. If strictly necessary, then make sure that the chatbot only handles the minimum information required to validate the identity of users and let the back-office and secure system specifically designed to handle sensitive data carry out the necessary operations.

As an example, don’t make your chatbot ask for a credit card number. Instead, ask for a randomized digit, and let a back office system validate the information.

Safety doesn’t end here.

These guidelines are only one part of maintaining a safe and secure system. For customers, it is just as important to follow the latest security updates and safety guidelines when using our technology — or anyone else’s technology, for that matter. Together, we can work to keep the Internet and its applications a safe, fulfilling space.


At Inbenta, we are specialists in Artificial Intelligence for Natural Language Processing, a complex science that involves understanding how humans communicate, and letting computers understand the nuances of complex communications. We also have learned the importance of security when deploying chatbots that tend to have a great impact on the overall user experience. To ensure the constant safety of our customers and their users, we work together with external security companies to keep our infrastructure as safe as possible.

Jordi Torras