TL;DR
Establish policies for AI technology before the convenience of it becomes an unneeded risk. In this case, it has to do with purchasing.
We knew this was coming. AI platforms are beginning to include shopping and checkout capabilities directly within their interfaces.
Microsoft has launched a native checkout feature within Microsoft Copilot. A user can now search for a product, make a comparison, and check out within the AI platform. Other AI platforms are also testing this feature.
The mechanics are quite simple: The user asks for recommendations. The AI provides recommendations for products or services. The purchase link is then displayed within the same interface.
This is convenient for the consumer. However, this is not convenient for businesses.
Many businesses are already utilizing AI assistants to help with summarization, email composition, data analysis, and vendor research. When this technology is used to facilitate embedded purchasing, the difference between productivity software and a procurement platform is not clear.
This is not convenient. It’s risk
Uncontrolled spending is made simple, so can get out of hand fast. For instance, an employee looking into software within an AI platform might see a “buy now” button, which is connected to a company card. This might be outside of normal approval channels, meaning spending is uncontrolled.
Exposure of data is another issue. Shopping via AI is done by prompts. For instance, an employee might be looking into software by searching for “what is the best payroll software for our 75 employees?” or “security monitoring for our healthcare clients?” Even if the AI is secure, management should be aware of the data being entered (and logged on the other side).
Vendor screening can be impacted. For instance, most established businesses have processes in place to vet the cybersecurity posture of the vendor, the existence of insurance in case of data breaches, and the contract terms. A built-in checkout experience makes this process easier. However, the ease of the experience can outweigh the vetting process.
The solution is not to simply block AI products. People already use these products. A blanket ban will only drive these products underground.
The practical move is policy.
An effective internal policy should address:
• Who is authorized to make purchases via AI platforms
• What types of software or service require approval prior to payment
• What information is permissible to enter into AI systems during vendor research
• How AI-related expenses are tracked and reconciled
This should be consistent with other organizational policies related to cybersecurity, acceptable use, and purchasing. The employee should know if clicking “checkout” in an AI system is the same as signing a contract for software.
If you’re working with a managed IT provider, consider involving them in the above discussion. They can help you establish boundaries on AI usage, vendors, payment methods, and logging. It is all about operational clarity. This way, purchasing authority is maintained, and sensitive information is kept secure.
There is growth in AI commerce within productivity tools. This is an integration that will continue to tighten. This is an evolutionary process that is completely predictable.
Those organizations that establish boundaries at the outset will continue to control the usage of these productivity tools. Those that do not will find new subscriptions, redundant software, and scattered information before too long.
If you’re currently using AI assistants within your organization, consider your policies regarding acceptable usage and purchasing. It is an exercise in clarity. It is an exercise in avoiding silent risk that builds in the background while everyone assumes that someone else is watching it.