Securing Virtual Assistant Chatbots Against Machine Learning Attacks

Virtual Assistant Chatbots are becoming a vital part of every company's technology infrastructure.
Are you protecting yours?

VA Shield

Machine Learning attacks are the next major threat vector in the security world. How well we protect against them will determine how widely and confidently we can deploy A.I.

A New Security Threat

Machine Learning Attacks

Virtual Assistant Chatbots are vulnerable to a new type of attack made at the machine learning level. As the machine learning models used by these systems are built with open source algorithms, trained with internally and externally sourced datasets and then improved over time with additional incoming data, there are new vulnerabilities inherent in the technology that are now beginning to be exploited. Add to this the fact that the vehicle used to attack the system is the very text conversation that is the foundation of the technology and it is clear that these new security threats need to be proactively addressed.


Extraction Attacks

The attacker learns the rules the Virtual Assistant Chatbot operates on by extracting information from the model to understand its behavior. The attacker then exploits this knowledge to attack the system.

Manipulation Attacks

The attacker alters the intended behavior of the Virtual Assistant Chatbot by manipulating its dataset or model to change how it behaves in different situations. The attacker then uses these vulnerabilities to attack the system.
What Makes Virtual Assistant Chatbots Vulnerable

Attacks on Virtual Assistant Chatbots are specifically difficult to defend against because nothing is currently done to analyze the context of the conversation between the user and the system so companies are blind to malicious actions. Not only is this dangerous because companies miss new external attacks, but even worse is the fact that hacked responses coming out from the system to users are trusted by both the company and also the user. Both company and user implicitly trust the output from the system making a hacked Virtual Assistant Chatbot the perfect vehicle for attacks.

Real World Examples of ML Attacks
Here are six real-world examples of the result of a successful Virtual Assistant Chatbots extraction or manipulation attack.

Data Theft

An attacker can attack the underlying model and allow it to send out malicious links from the system, change passwords or outright remove user data.


An attacker can submit faulty or doctored documentation, receipts or scans through the system which are then used by the company for various business purposes.

Analytics Poisoning

An attacker can poison the data a company tracks by making fake requests to the system. Since companies rely on data analytics to make business decisions, an attack on the integrity of the data can lead to inaccurate conclusions and faulty strategy.


An attacker can open a company up to expensive lawsuits from customers or governments if confidential information or sensitive data are accessed or taken.

IP Theft

The attacker can steal proprietary company IP such as how a company prices products, what triggers a discount or how a robo advisor makes recommendations.

Degraded QoS

An attacker can send large numbers of optimized requests to the system to degrade the Quality of Service or force escalations to human operators.

Why Scanta

You need a security solution that is intelligent enough to separate legitimate conversations from malicious actions. This requires a company with a deep understanding of AI, machine learning, natural language processing and data science. Scanta combines these skills to create a new level of security empowered to stop machine learning attacks on Virtual Assistant Chatbots by analyzing context at the conversational level.

The Solution is VA Shield™
Security For Machine Learning Systems

VA Shield™ helps businesses protect their Virtual Assistant Chatbots from machine learning attacks to keep them running continuously, safely and securely without disrupting existing security workflows.

Keeping Good Company
Dunkin Donut
Get Our Latest Updates