Skip to main content

Project Reflections: Chatbot, RAG and Security

Project Reflections: Chatbot, RAG and Security
#

For my AIDA project, I am working on a chatbot solution for E.G. The purpose of the chatbot is to help visitors and potential stallholders get quick answers to practical questions about an event.

The chatbot is based on a knowledge base with information about opening hours, prices, location, rules, activities and how to apply for a stall. The idea is that the chatbot can reduce repetitive questions and make it easier for users to find information.

Working with RAG
#

In this project, I have used a RAG approach. RAG stands for Retrieval-Augmented Generation. This means that the chatbot first searches in a knowledge base and then uses the retrieved information to generate an answer.

This has helped me understand that the quality of the chatbot depends a lot on the quality of the data. If the knowledge base is clear and structured, the chatbot gives better answers. If information is missing or unclear, the chatbot may give weak answers or need to use a fallback response.

I have also learned that the chatbot needs clear instructions. It should not invent answers, promise available stall spaces, complete bookings or handle payment. If it does not know the answer, it should refer the user to the correct contact person.

Scope of the project
#

One important experience has been learning how to keep the scope realistic. At first, it is easy to think of many possible features, such as booking, payment, admin dashboards and visitor flow predictions.

However, for the MVP, I decided to focus on a simpler solution. The chatbot should mainly answer frequently asked questions and guide users further if needed.

The MVP includes:

  • A chatbot connected to a knowledge base
  • Answers to common visitor questions
  • Basic information for stallholders
  • Contact information
  • A fallback answer when information is missing

The MVP does not include:

  • Automatic booking
  • Payment
  • Approval of stallholders
  • Live visitor tracking
  • A full admin system

This makes the project easier to test and more realistic to complete.

Security reflections
#

During the course, we also worked with the topic of AI code agents and secrets. This made me think more about security when using AI tools in development.

A key point is that secrets such as API keys, tokens and passwords should not be shared with AI tools or committed to a public repository. Even if the AI company is not trying to steal the keys, mistakes can happen. For example, an AI agent could accidentally include a .env file in a summary, print environment variables, write secrets into logs or commit a secret to GitHub.

This is relevant for my project because a chatbot or AI system may use API keys, embedding models or external services. These keys should be handled carefully.

Some important practices are:

  • Do not commit .env files
  • Use .env.example instead of real secrets
  • Keep real keys on the server
  • Use test keys during development
  • Limit what AI tools and agents can access
  • Avoid giving AI access to files or systems it does not need

This helped me understand that AI tools can be very useful, but they also require clear boundaries.

What I have learned
#

Through this project, I have learned that building an AI solution is not only about getting the chatbot to answer questions. It is also about data quality, user needs, scope and security.

A chatbot can be useful even if it is simple. If it answers common questions correctly, it can save time and improve the user experience.

I have also learned that AI should not have access to everything by default. When working with AI agents or integrations, it is important to think about what the system can read, edit, run or share.

Next steps
#

My next steps are to test the chatbot with more realistic questions and improve the knowledge base based on the results.

I also want to make sure that the chatbot gives safe and reliable answers. It should be clear when it knows the answer, and honest when it does not.

The project has shown me how AI can be used in a practical way, but also why it is important to think about limitations, responsibility and security from the beginning.