Chatbots are everywhere, for better or worse.
From customer service desks to recruitment platforms, HR portals to internal knowledge bases, businesses across the UK are racing to deploy AI-powered chatbots to cut costs and speed up response times.
And the numbers back up the trend: chatbot adoption across businesses grew nearly fivefold between 2020 and 2025, with the global market now valued at over £9 billion.
But here is the question most organisations skip past in the rush to automate: how safe is your chatbot, really?
Because while chatbots are brilliant at handling routine queries and working round the clock, they are also creating entirely new attack surfaces that many businesses have not even begun to think about.
Your Chatbot is Collecting More Data Than You Realise
Every time a customer or employee interacts with a chatbot, data is exchanged.
Names, email addresses, phone numbers, order details, sometimes even financial information or health data. That is a goldmine for anyone with malicious intent.
And the risks are not theoretical.
In June 2025, security researchers discovered that McDonald’s AI-powered recruitment chatbot, built by a third-party vendor, had exposed the personal data of an estimated 64 million job applicants worldwide.
The cause?
An administrator account, still using the default credentials “123456” as both username and password, combined with an API vulnerability that allowed anyone to access applicant records simply by changing a number in the URL.
That is not a sophisticated nation-state attack. It is a basic, preventable misconfiguration, the kind that a penetration test would catch in minutes.
Related Reading: What is an Attack Surface in Cybersecurity?
Chatbot Credentials Are Already Being Traded on the Dark Web
If you think chatbot security is a niche concern, think again.
IBM’s 2026 X-Force Threat Intelligence Index found that infostealer malware exposed over 300,000 ChatGPT credentials in 2025.
These stolen credentials do not just give attackers access to an account. They open the door to entire conversation histories, which can contain sensitive business data, internal strategies, customer details, and proprietary information.
The same report revealed a 44% increase in attacks that began with the exploitation of public-facing applications, many of which lacked even basic authentication controls. Chatbots sit right in that category: public-facing, always on, and often overlooked in security reviews.
Related Reading: The Myth of Safety: Why Hackers Aren’t Just Targeting Big Businesses
The Attack Surface You Have Not Tested
Most businesses think about firewalls, email phishing, and endpoint protection. Chatbots rarely make it onto the penetration testing scope, and that is a problem.
A chatbot is essentially a web application with an API backend, natural language processing, data storage, and often third-party integrations. Each of those layers presents potential vulnerabilities.
Common chatbot security risks include:
- Prompt injection, where attackers craft inputs that trick the AI into ignoring its rules and revealing data it should not share
- Insecure APIs that expose backend systems and user data
- Weak or default credentials on admin interfaces (as we saw with the McDonald’s breach)
- Data leakage through conversation logs that are stored without proper encryption or access controls
- Third-party risk, where the chatbot vendor’s security failings become your problem
Gartner projects that by the end of 2026, up to 40% of enterprise applications will integrate AI agents, a dramatic jump from fewer than 5% in 2025. That is a massive expansion of the attack surface happening at speed, and security is struggling to keep pace.
Related Reading: What is an Attack Surface Assessment?
Most Organisations Are Not Governing Their AI Tools
One of the more sobering statistics from IBM’s Cost of a Data Breach Report 2025 is that 63% of breached organisations lacked AI governance policies at the time of their breach.
That means the majority of businesses deploying chatbots and other AI tools have no formal framework for managing the risks those tools introduce.
Without governance, there is no visibility into what data your chatbot collects, where it is stored, who has access, or whether the vendor behind it has adequate security controls. And when something goes wrong, there is no incident response plan to fall back on.
Related Reading: Supply Chain Cyber Attacks: Why Your Supplier’s Problem Becomes Yours
What You Can Do About It
Deploying a chatbot does not have to be a security liability, but it does require the same rigour you would apply to any other customer-facing application.
Here are some practical steps:
Treat your chatbot like a web application. It has an interface, an API, a database, and user inputs. It needs testing accordingly.
Include chatbots in your penetration testing scope. If your annual pen test does not cover your chatbot and its backend infrastructure, you are leaving a gap. A good penetration test will probe for prompt injection, API vulnerabilities, authentication weaknesses, and data exposure risks.
Review your vendor’s security posture. If a third party built or hosts your chatbot, you need assurance that their security standards match yours. Ask about their testing, their incident response, and their data handling practices.
Put AI governance in place. Define what data the chatbot can collect, how long it is retained, who can access it, and what happens when something goes wrong.
Monitor and log chatbot interactions. Anomalous behaviour in chatbot conversations can be an early indicator of an attack. Make sure you have the visibility to spot it.
Related Reading: Web Application Penetration Testing: A Comprehensive Guide
What Next?
Chatbots are powerful tools, but they are also potential entry points for attackers.
The McDonald’s breach proved that even the most basic security oversights in a chatbot deployment can expose millions of records. And with over 300,000 AI platform credentials already circulating on the dark web, this risk is not going away.
If your business uses a chatbot or is planning to deploy one, the time to test its security is now, not after something goes wrong. Penetration testing is the most effective way to identify vulnerabilities in your chatbot’s architecture, APIs, and integrations before an attacker does.
Want to make sure your chatbot is not your weakest link? Get in touch with Fortifi to discuss how our penetration testing services can help you secure your AI-powered tools and protect your business.