Conversational Assistants (CAs) are continuously gaining traction across industries and are promptly adopted in the corporate world, offering intuitive interactions enabled by advancements in NLP and AI. However, as CAs handle sensitive tasks and enterprise data, special attention should be paid to security challenges, including inadequate authentication, authorization, and data privacy measures. Existing architectures –LLM-based and NLU/NLG-based– differ both in functionality and security; LLM-based models excel in automation and intuitive response but are prone to data vulnerabilities, while NLU/NLG-based models offer increased security but require greater expertise to develop. To address these issues, we propose a novel, low-code Role-based Access Control mechanism integrated into dFlow, an open-source Domain Specific Language, enabling the generation of secure-by-design, privacy-enhanced CAs. This approach dynamically evaluates user authorization, ensuring fine-grained access control, tailored responses, and robust data protection. Unlike existing frameworks, our mechanism enables self-hosting to mitigate interaction with external connections or services, thus enhancing data privacy. Additionally, it separates the access control logic from the application’s business logic, aligning with security-by-design principles and best practices. A large-scale workshop demonstrated the effectiveness of our approach, enabling 182 developers to create 1,185 secure dialogue flows with minimal effort. By reducing development complexity and embedding security at its core, this mechanism empowers organizations to build transparent, privacy-enhanced, secure and configurable CAs, addressing critical gaps in current CA development practices.
Read more: Here
