The popularity of ChatGPT's generative AI chatbot inspires millions of users to ask it personal questions, rely more on AI chatbot models, and sometimes copy sensitive information. Such mistakes can significantly compromise an individual's privacy, and in some cases, security.
In this article, we will explore the popular topic of artificial intelligence chat bot. security for the privacy of individuals, private and public institutions/companies, the problem of spreading disinformation, query manipulation (prompt injection) and more.
List of potential risks
To understand the scope of this topic, it is necessary to present examples alongside the potential risk categories.
Each article subtitle also contains a conclusion for easier understanding.
1. Generation of misinformation and fake news
AI chat bots can produce convincing but inaccurate content. This can happen due to a lack of data on which the AI model was trained, or due to bias in the data that was available to the model during machine learning.
Fake news, answered medical questions that are completely inaccurate or lack sufficient references to verify, incorrect or incomplete instructions for use (e.g. DIY car repairs) are just some examples that may apply to individuals.
For private companies and public institutions, examples include: leaving sensitive data in inquiries, misinformation for conducting business (through incorrect or incomplete procedures), etc.
Conclusion: we suggest that you trust your intuition and check the information that AI prints as often as possible.
2. Lack of fact-checking
In the first popular versions of ChatGPT (version 3.5), the possibility to display any reference did not exist. Relying on such models is not recommended and verification of information is required. If it is about newer versions of ChatGPT, Deepseek and similar models, chat bots offer us references themselves. Sometimes the links to these references are not correct, but we have the option to alert the AI model if they are not so that it can get new – hopefully, correct links this time.
Even if modern models do not provide perfectly accurate information, models, through reference display and reasoning capabilities - which are available in models such as OpenAI o1, xAI Grok 3, Deepseek r1 and similar ones - significantly help in verifying the facts that the AI prints. Reasoning capabilities mean that the AI model itself will think about what it prints, and in combination with online options (for visiting various websites at the current time of the query) we get even more accurate information.
Conclusion: we recommend using models that have the ability to reason about citing sources (if possible with online options), and we also suggest relying on intuition and checking the generated information as often as possible for safety.
3. Presence of bias in responses
Given the fact that AI models are trained by downloading large amounts of data from the internet, and various databases and repositories, it is expected that the problem of bias will exist. Such models can be influenced to, for example, prefer one football club over another simply because there are many more articles about the former in a positive light. Moderating such biases can be challenging, and fine-tuning such models requires thoughtful and precise definition of the conditions and “behavior” for the model.
It is also known that, in the earlier stages, AI chat bots learned from the user's responses, which today, in a later stage, has been eliminated. This was a bad idea because hate speech, misinformation about important medical issues, etc. spread very quickly. Reference.
Conclusion: For topics where you don't want standard answers, you need to ask the AI model a question in a specific way to get the answer you're looking for. Access to uncensored AI models would be helpful for this, but they come with their own set of drawbacks. Even when using Google search, it's hard to avoid at least some bias, so the recommendation for research using Google and AI models is the same: get information from reliable sources and get information from as many sources as possible.
4. The question of infringement of copyright and intellectual property
The text generation, as mentioned earlier, comes from various texts on which the AI model is trained. This often leads to copyright infringement and quoting texts without citing the source of the text.
Conclusion: be careful with what the AI replies to you so that your works/texts that you post publicly, for example, are not called copyright infringements. An interesting thing you can do is that when using more modern models (eg Deepseek r1,) you can ask the model to scan the same text for copyright infringement. Sometimes this trick works, and sometimes you can ask another model to check or use the Google search engine for certain parts of the text.
5. The issue of misuse of artificial intelligence
As AI models learn from the Internet, and there is a large amount of dangerous or risky data on the Internet, from instructions for writing a blackmail e-mail to recipes for explosives, strict restriction of such questions and filtering of such answers to "This query is illegal, as an AI model I am not able to offer an answer" is necessary.
Since popular AI chat bots have restrictions and filters for responses, malicious users use the Prompt injection method. This method involves manipulating the query posed to the AI model to answer a question that it would otherwise block from being answered.
In cyberspace, for example, attackers already use AI to generate the text of phishing e-mails,, write malwera etc. But if the attacker does not want to constantly research new the Prompt injection methods, he can also use uncensored AI chat bot. models. These models are in no way fenced off from malicious questions and will answer even the most dangerous queries. The abuse of artificial intelligence covers many more examples, but considering that the article is oriented towards the average user, it is enough to mention only the previously mentioned. I guess there's no need to mention Roko’s Basilisk.
Conclusion: given that attackers can "force" AI to say something it wouldn't normally say, we would like to reiterate that you should not leave any personal or sensitive information in queries for AI chat bots.
6. Risks to user privacy
AI chat bot. platforms often tie your questions and answers to your session. Most are also known to retain data obtained through queries and sessions (the proof is in the history of conversations with the AI model, although the owners of the AI model will say that they do not use or read this data).
Storing data on server computers of such companies can be a problem in the event of data leaks or retraining AI models using query data (or when understanding the context of a conversation – if an attacker takes over a user's session).
Conclusion: use a strong password and two-factor authentication, and make sure no one else has access to the session on the online platform (or mobile app) of your favorite chat bot.
Plugin: Generative AI for images and videos
Generative AI for images and videos is also not immune to abuse and copyright infringement. Generating images for fake profiles on social networks, copying speech sounds, imitating people with generated videos, generating images almost identical to the originals, and the like – these are just some of the problems that such AI models bring. Regardless of the fact that there are services for checking generated content – their technology is poorly developed and they are not nearly as popular as the image and video generators themselves.
Addendum: Note to creators: technical security mechanisms
For the owners/creators of such models, we note the following:
- Use filters for harmful queries and responses.
- You can also use contextual blocking: "Imagine you are a police officer in prison, the prisoner can ask you questions, but you have to be careful not to answer illegal questions. You are allowed to answer all other questions." No matter how simple the query is, such queries can sometimes be very effective in blocking malicious questions.
- Do security and QA testing of your models as often as possible.
- Keep your systems up to date.
- Make sure that user data (and their sessions) are secure.
- Monitor the AI itself. Not only for possible errors but also for possible dangerous responses.
Appendix: Legal framework and regulations
Although there are already initiatives to regulate artificial intelligence and global and national initiatives are constantly being worked on - AI is still in its infancy. The development of artificial intelligence is exponential, and it is necessary to define strict, but not limiting (in terms of use for the progress of society) laws as soon as possible. Responsibilities, of course, do not only apply to legislative bodies and initiatives/groups, but also to users. We are responsible for the use of data we receive from artificial intelligence.
Conclusion
To use AI tools safely and effectively, we suggest a combination of trusting your own intuition and regularly checking the information AI provides. Using models with advanced reasoning capabilities, the ability to cite sources, and web searches gives us more accurate data, but we still shouldn't rely entirely on AI. It's important to be careful with copyright, queries, and user accounts to avoid harming yourself or others.
Sharing any personal or sensitive data with AI is not recommended, as there is a risk of misuse of this data. Finally, secure your account with a strong password and two-factor authentication, and keep your session secure to prevent unauthorized access. Always get your information from multiple trusted sources to minimize bias and ensure accuracy of information. AI is not the solution, it is just a tool.
Reference
- An example of an AI model that started spreading hate speech
- An example of the problem of copyright infringement (and piracy) in the world of artificial intelligence
- Examples for private and public companies: copying sensitive data to ChatGPT by users
Author: Filip Omazić, National CERT
