How to Build AI Bots Resistant to Attacks

Drawing on our experience in building AI assistants, we outline the assumptions and principles we follow to make our AI bots not only effective and helpful, but also safe, operating in line with organizational processes and resistant to misuse.

The foundation of every AI assistant is its knowledge base. In many companies, this knowledge is scattered across multiple sources – documents in different formats, databases, and other repositories. Usually their form makes it difficult for AI to relate the content contained in different paragraphs or understand relationships in tabular data.

At All for One, drawing on our experience, we have developed a dedicated data formatter that enables semi-automated conversion of such documents into a form understandable by AI. As a result, the assistant can answer questions on behalf of the company while maintaining consistency and reliability of information.

Introducing sensitive data or data related to company trade secrets into language models always involves risk; such data may be intercepted or made public due to data leaks, threats resulting from errors, or attacks on the model provider. That is why it is essential to understand what types of data our user will be operating on when interacting with AI, and to design an architecture aligned with the required level of protection..

At All for One, we have access to a broad range of platforms and tools, enabling us to select solutions tailored to each client’s individual needs.

Our assistants are more than just a combination of a language model and an interface. They consist of a set of components, each with a specific role, such as:

• an LLM module for natural language understanding,
• a database module,
• an output formatting module.

With this architecture, we can easily manage and change selected components to optimize costs and achieve the right level of stability and protection.

This is one of the key elements of each of our assistants. This module:

• prevents malicious token consumption,
• protects against prompt injection attacks,
• blocks conversations that go beyond the scope of the knowledge base.

In practice, this ensures that the assistant responds only to questions it was designed to handle.

After its go-live, the AI assistant is periodically and automatically tested and monitored for:

• stability,
• percentage of correct answers,
• speed of operation.

This approach ensures that any anomaly can be immediately flagged and forwarded to the appropriate people, who, given its criticality, can decide whether to intervene.

ChatGPT-type tools may appear to be ready-made products that can simply be deployed within an organization and made available to employees or customers. In reality, only a thorough understanding of risks, opportunities, and organizational specifics reveals how many additional components and safeguards must be incorporated.

o protect the company against prompt injection attacks, shield users from hallucinations, and deliver the best possible user experience, a comprehensive approach is essential – the approach we apply in our projects.