A fintech company is about to deploy an AI-powered customer service chatbot that can answer questions about account balances, transaction history, and loan eligibility. Before deployment, they ask you to conduct a security review.
(1) Describe your threat model: who are the likely attackers, what are they trying to achieve, and what are the highest-value targets? Distinguish at least three different adversary classes.
(2) Identify the three highest-priority vulnerabilities you would investigate first. For each:
- Explain the attack mechanism in detail
- Explain why it is specific to AI systems rather than traditional software
- Estimate severity (Critical / High / Medium)
(3) For the highest-severity vulnerability, propose a concrete first mitigation that the team could implement before launch.