News

In Defence of Good Bots: Good Bots Exist, But Only When We Build them That Way

Can bots be good? Kousik Chandrasekaran, Exterro’s Director of AI, shares in Cyber Defence Magazine how strong governance and intent can turn automation into a force for ethical investigation and defence.

This article is written by Kousik Chandrasekaran, Director of AI at Exterro, and originally appeared in the July edition of Cyber Defense Magazine.

The Word “Bot” Doesn’t Have the Best Reputation Right Now

You hear the word and think of election manipulation, fake social media accounts, scammy customer service chatbots, or malware scanning networks. And for good reason — some estimates say bots now make up over 60% of global internet traffic, and most of that isn’t helpful or harmless.

So the skepticism is understandable. In an age of deepfakes, data breaches, and AI hype, it’s fair to ask: are there any bots we can trust?

I believe there are — but only if we define what we mean by “good,” and take seriously what can go wrong even with the best intentions.

Let’s Define the “Good” Bot

In my world, bots aren’t about replacing people. They’re about assisting them. These are narrow, purpose-built automations that operate within clear constraints. They don’t decide what’s relevant in an investigation or make legal calls. Instead, they help humans get there faster by organizing, filtering, and surfacing information from huge volumes of messy data.

This is what I mean by assistive automation. It doesn’t remove people from the loop. It frees them from repetitive tasks so they can focus on what matters most.

For example, in a recent insider threat investigation, automation helped pull messages, call logs, and chat threads from multiple mobile devices. What would have taken days of manual work happened in a few hours — with full audit logs, clear context, and no loss of control.

The human investigator still made the final judgment. The bot simply helped distinguish signal from noise faster.

But even a well-scoped and well-governed tool like this can go wrong if we’re not careful.

Why Even “Good” Bots Can Fail

One common mistake is assuming that once a bot is labeled “assistive,” it is automatically safe. But intent doesn’t prevent failure.

Bots can mislead. They can miss critical context. They can reflect biased training data. And people — especially under time pressure — can over-trust their outputs, a phenomenon known as automation bias.

That’s why it’s not enough to build bots that work. We must build bots that are accountable.

Governance Is the Line Between Help and Harm

Good intentions alone aren’t enough. What separates a bot that empowers from one that exploits is governance.

Responsible automation should be designed around four non-negotiables:

Auditability — Every action the system takes is logged and traceable.
Explainability — You can understand why a result appeared, not just what the result is.
Data Control — Sensitive data remains within protected environments.
Human Oversight — The final decision always lies with the investigator, not the system.

These are not just design preferences. They are requirements — especially in legal, regulatory, and privacy-sensitive environments.

Organizations should also look to frameworks such as the NIST AI Risk Management Framework and ISO/IEC 23894 for guidance. Governance isn’t a checklist — it’s the structural foundation that keeps automation responsible.

Let’s Not Pretend All Bots Are Built This Way

Most bots today are not governed like this.

The internet is full of bots designed for manipulation, fraud, or pure speed with little regard for accuracy or safety. This isn’t a failure of technology — it’s a failure of priorities.

Unfortunately, “good” bots are still the minority. Building them requires expertise, investment, and patience — three things not every organization prioritizes.

That’s why part of defending responsible automation means acknowledging the gap between what is possible and what is common.

None of this requires magic — just discipline, clarity, and a commitment to human-first design.

Beyond Investigations: Quietly Useful Bots

While our work focuses on legal and forensic investigations, bots are doing good work elsewhere too.

Cybersecurity teams use automation to detect and isolate threats in real time. Accessibility tools rely on bots for voice-to-text and screen reading. Even in disaster response, bots help triage calls and flag misinformation.

These are not the bots making headlines. But they are quietly helping — under human supervision, within clearly defined roles, and with auditable outcomes.

So What Can We Do?

If you’re building bots, regulate yourself before someone else has to. Design for transparency, not just efficiency. Make explainability a product feature. Keep humans firmly in the decision loop.

If you’re using bots, ask tougher questions:

Where is the data going?
Can the results be audited?
Would you be comfortable defending the output in court?

If you’re a policymaker or leader, reward systems that prioritize responsibility — not just speed. Because speed without structure does not scale safely.

Final Thought

Bots ultimately reflect the priorities of the people who build them.

With the right boundaries and intentions, they can do more than save time. They can make systems smarter, fairer, and more responsive.

We don’t need to fear automation — but we do need to govern it. And if we do that well, then yes, some bots can absolutely be good.

Want to see how ethical AI works in practice?
Explore how Exterro is redefining responsible automation in legal, privacy, and digital forensics with Artificial Intelligence: