Artificial Intelligence (AI) is playing a vital role in all aspects of technology including cyber security. Application of Conversational AI like the chatbots are also becoming very popular in the medical field to provide timely and immediate medical assistance to patients in need. As medical chatbots deal with a lot of sensitive information, the security of these chatbots is crucial. To secure the confidentiality, integrity, and availability of cloud-hosted assets like these, medical chatbots can be monitored using AISecOps (Artificial Intelligence for Secure IT Operations). AISecOPs is an emerging field that integrates three different but interrelated domains like the IT operation, AI, and security as one domain, where the expertise from all these three domains are used cohesively to secure the cyber assets. It considers cloud operations and security in a holistic framework to collect the metrics required to assess the security threats and train the AI models to take immediate actions. This work is focused on applying the STRIDE threat modeling framework to model the possible threats involved in each component of the chatbot to enable the automatic threat detection using the AISecOps techniques. This threat modeling framework is tailored to the medical chatbots that involves sensitive data sharing but could also be applied for chatbots used in other sectors like the financial services, public sector, and government sectors that are concerned with security and compliance.

翻译：人工智能（AI）在包括网络安全在内的技术领域发挥着重要作用。对话式人工智能（如聊天机器人）在医疗领域日益普及，可为有需要的患者提供及时、即时的医疗援助。由于医疗聊天机器人涉及大量敏感信息，其安全性至关重要。为确保此类云端托管资产的机密性、完整性和可用性，可利用AISecOps（面向安全IT运营的人工智能）技术对医疗聊天机器人进行监控。AISecOps是一个新兴领域，它将IT运营、人工智能与安全这三个相互关联的不同领域整合为一个整体，通过协同运用这三个领域的专业知识来保护网络资产。该领域从整体框架出发考量云端运营与安全，收集评估安全威胁所需的指标，并训练AI模型以采取即时行动。本研究聚焦于应用STRIDE威胁建模框架，对聊天机器人每个组件中可能存在的威胁进行建模，从而利用AISecOps技术实现自动化威胁检测。此威胁建模框架专为涉及敏感数据共享的医疗聊天机器人量身定制，但也可应用于其他关注安全与合规性的领域（如金融服务、公共部门及政府机构）所使用的聊天机器人。