Tag: agentic AI

3 Hidden Hurdles Blocking Effective AI Agents—and How I Turn Them into Business Wins

AI agents promise leverage at scale, yet too many proofs of concept stall before they create measurable value. Over the past several launches, I’ve seen the same patterns repeat across IT and operations. The mandate is clear: “Discover three key challenges IT and ops teams face when building and managing AI agents that drive real business wins.” Here’s how I frame the work, where teams get stuck, and the playbook I use to move from demo to durable outcomes.

Hurdle 1: fragmented data and weak data governance. Agentic AI is only as strong as the data it can reliably access. In most organizations, knowledge is scattered across CRMs, ticketing tools, wikis, and data lakes—each with different schemas, permissions, and freshness guarantees. Without privacy-by-design and consistent access patterns, agents hallucinate, miss context, or violate policies. This isn’t a model problem—it’s an information architecture problem.

My approach starts with an integration-first mindset: anchor the agent to authoritative systems via CRM integration, unify retrieval across knowledge sources, and enforce role-based access at query time. I pair this with data contracts, lineage, and content freshness SLAs so the agent never acts on stale or restricted information. A unified analytics platform and strong data governance let me monitor coverage, drift, and security posture as the knowledge footprint grows.

Hurdle 2: reliability, observability, and AI risk management. Even well-fed agents can behave unpredictably without tight control loops. Teams often lack Agent Analytics, standardized evals, and guardrails to catch prompt injection, tool abuse, or subtle regressions. The result is fragile behavior that erodes trust with IT, security, and front-line operators.

I build a reliability stack that looks a lot like SRE for agentic AI: scenario-based evaluations before release, production tracing of every step and tool call, red-teaming for threat detection and response, and policy enforcement at runtime. Hallucination mitigation, input validation, and fallbacks (including human-in-the-loop) are non-negotiable. We track latency, cost, accuracy, and safety incidents in one Agent Analytics view so we can ship confidently and iterate quickly.

Hurdle 3: workflow integration and organizational adoption. The best agent can still fail if it can’t take action in real systems or if change management is an afterthought. Agents must fit the way people actually work—permission models, SLAs, audit trails, and existing approval paths—instead of creating shadow processes that confuse teams.

I integrate agents directly into systems of record and daily tools—ticketing, CRM, knowledge bases—so outcomes are auditable and reversible. I define clear RACI, rollout guardrails, and metrics in product roadmapping and sprint planning (e.g., first-contact resolution, time-to-resolution, deflection, cost per task). We ship narrowly scoped capabilities first, pair them with in-app guides and product tours, and expand privileges as confidence and KPIs improve. This is product management leadership, not just prompt engineering.

In practice, the pattern is consistent. For customer support, we anchored the agent to the CRM, knowledge base, and incident runbooks with strict access controls, then layered policy checks for regulated data. With unified analytics, we measured precision/recall of suggested actions, tracked cost and latency, and flagged risky prompts. The result: higher accuracy, cleaner handoffs, and faster time-to-value without sacrificing compliance.

If your agents aren’t delivering, start here: fix the data plane, instrument the control plane, and design for real workflows. Do this well and you’ll move beyond flashy demos to durable productivity gains and competitive differentiation—while keeping security, governance, and stakeholders on your side.

Inspired by this post on Pendo – Perspectives.

October 25, 2025
Turning Community Noise into Action: My Product Lessons from Zencity’s AI That Listens

I’m constantly looking for ways to turn messy, multi-source signals into decisions leaders can trust. Recently, I dug into how Zencity powers government decision-making with community voices—and it’s a masterclass in building AI products that are both responsible and useful.

Noa Reikhav, Head of Product, Zencity; Andrew Therriault, VP of Data Science, Zencity; and Shota Papiashvili, SVP of R&D, Zencity share a comprehensive view of how they designed an AI that listens and acts without sacrificing rigor.

How do you use AI to help city leaders truly hear their residents?

I was struck by the clarity of their platform vision—“They share how Zencity brings together survey data, 311 calls, social media, and local news into a unified platform that helps cities understand what people care about—and act on it.” That single line captures the essence of a unified analytics platform done right.

You’ll hear how the team built their AI assistant and workflow engine by being thoughtful about their data layers, how they combined deterministic systems with LLM-driven synthesis, and how they keep accuracy and trust at the core of every AI decision.

It’s a fascinating look at how modern AI infrastructure can turn noisy, messy civic data into clear, actionable insight.

Here are the takeaways that resonated with me most, and they align closely with how I approach AI Strategy and product management leadership. Data architecture defines what AI can do. Guardrails and transparency matter more than flashy outputs. Agentic systems become powerful when grounded in real, multi-tenant data. AI in the public sector can make democracy more responsive—if built responsibly.

The team’s layered data model is the backbone that enables trustworthy synthesis: raw data → elements → highlights → insights → briefs. As a product leader, I love how each layer introduces meaning and structure while preserving traceability. It’s the difference between a demo-friendly prototype and a durable platform.

Why context is everything when building AI for civic use. That’s not a platitude—it’s a requirement. Community conversations are hyper-local, emotionally charged, and policy-laden. Without context and rigorous data governance, you risk misclassification, bias, and broken trust.

How the team designed their AI assistant using MCP servers to safely negotiate data access. This is a smart pattern for privacy-by-design: let the assistant request access, let the system adjudicate, and make the boundary explicit and auditable. In multi-tenant environments, that clarity is the difference between scaling confidently and shipping risk.

Balancing agentic flexibility with deterministic trust. I’ve found this to be the most practical framing for real-world agentic AI: give the system room to explore, but bind its outputs to deterministic rails where it matters—taxonomy, citations, permissions, and evaluation criteria.

Evaluating accuracy when latency matters: how they think about evals, citations, and model-as-judge systems. I appreciate the pragmatism here. In production, you don’t have the luxury of slow truth-finding. You need tight feedback loops, interpretable citations, and layered evals to keep both precision and speed.

Using workflows like annual budgeting or crisis communication to deliver AI-generated briefs to the right people at the right time. This is where product-market fit shows up: not in features, but in end-to-end workflows aligned to real decision cycles and stakeholders.

Why government workflows are the ultimate “jobs to be done” framework. When the job is a public process—with deadlines, accountability, and high scrutiny—you don’t just need insights; you need timely, contextualized briefs that match the cadence of the work.

From my lens, the magic isn’t any single model. It’s the orchestration: deterministic systems with LLM-driven synthesis, strong guardrails, transparent citations, and an orchestration layer that routes the right brief to the right role at the right moment. That’s how you turn community noise into legitimate signal—and signal into action.

If you’re building AI for regulated, high-stakes environments, take note: invest in your data layers, make context a first-class citizen, embrace privacy-by-design with clear access negotiation, and treat evaluation as a living system. Do that, and you’ll earn the trust that makes your AI assistant—and your organization—indispensable.

Inspired by this post on Product Talk.

October 25, 2025
Pendo’s Summer Release: How I Reimagine Onboarding, Support, and Expansion in the SaaS + AI Era

I’ve been reflecting on How Pendo’s Summer Release reimagines onboarding, support, and expansion in the SaaS + AI era, and it resonates deeply with the product-led playbooks my team and I use every day. The core promise is simple and powerful: “These three best practices aren’t new, but how you achieve them is.” That framing captures the shift I see across high-performing product organizations—same outcomes, radically upgraded execution through AI, in-app experiences, and unified analytics.

For onboarding, I prioritize accelerating user activation with clear product tours, in-app guides, and great UX writing that removes cognitive load. The difference now is how precisely we personalize these moments: segmentation driven by product usage, CRM integration, and experiments (A/B testing with a disciplined minimum detectable effect) help us craft paths that meet users where they are. When onboarding is instrumented this way, it becomes a scalable engine for product-led growth rather than a one-time setup task.

Support is undergoing an equally meaningful transformation. Contextual, in-app help combined with agentic AI can diagnose issues, surface relevant knowledge, and guide users without forcing channel switches. I’m bullish on this, but only when it’s anchored in privacy-by-design, AI risk management, and strong data governance—trust is the prerequisite for any customer support AI strategy. When done right, support shifts from reactive ticket resolution to proactive value delivery.

Expansion, to me, is the earned outcome of consistent product value. In the SaaS + AI era, we can use unified analytics to identify readiness signals—feature adoption, outcomes achieved, and time-to-value—and trigger timely, ethical nudges in-app. The best motions align offers with real customer milestones, whether that’s consumption SaaS pricing upgrades, role-based add-ons, or advanced capabilities unlocked through demonstrated need. This is product-led growth at its most customer-centric.

Underpinning all three motions is measurement discipline. I push for a unified analytics platform that ties together behavioral data, retention analysis, funnels, and cohorts with downstream CRM integration. That allows product trios to make fast, informed decisions and connect activation, support efficiency, and expansion to business outcomes. Whether your stack includes Pendo, Amplitude analytics, or custom pipelines, the principle is the same—one source of truth that informs action.

Execution matters as much as strategy. Empowered product teams working in tight product trios can ship small, valuable increments, run clean experiments, and learn faster than the market shifts. Strong stakeholder management and clear product roadmapping keep leadership aligned on outcomes vs output OKRs, so we’re funding what works and pruning what doesn’t. In my experience, this operational rigor is what turns promising ideas into durable competitive differentiation.

If you’re looking to operationalize these ideas, start by defining activation and expansion milestones that map to your value proposition. Instrument your in-app guides and product tours to support those milestones, and commit to an experimentation cadence with well-defined MDE. Layer in agentic AI carefully—pilot in the support surface where context is rich and stakes are clear—and enforce privacy and governance from day one. Finally, close the loop with unified analytics so every improvement compounds.

Pendo’s Summer Release highlights a broader reality: our industry isn’t inventing new destinations, we’re modernizing the routes. Onboarding, support, and expansion remain the pillars—but AI, in-app experiences, and integrated data make them smarter, faster, and more human. That’s the shift I’m leaning into—and the one customers feel immediately.

Inspired by this post on Pendo – Best Practices.

October 25, 2025
Build the Cake, Then the Frosting: 3 Elements of a High‑Performing AI Strategy That Wins

Over the past few years leading product at HighLevel, I’ve watched too many teams rush to demo flashy agents before they’ve built a reliable foundation. The metaphor I use in every AI roadmap review still hits home: “Think of AI readiness as a three-layer cake. Most companies are trying to build the fancy frosting (the agent interface) without bothering to bake the actual cake underneath.” If we want durable impact, we have to bake first, frost later.

When I design an AI Strategy, I anchor on three elements that map directly to that cake: a data and instrumentation foundation, a governance and risk layer, and finally the agent experience itself. This sequence isn’t theory—it’s how we de-risk delivery, accelerate product-market fit, and create competitive differentiation without compromising trust.

Layer 1 — Data and instrumentation: The base of the cake is clean, well-instrumented data flowing through a unified analytics platform. I start with a clear event schema, rigorous data quality checks, and tight CRM integration so we can connect outcomes to users, accounts, and journeys. Privacy-by-design is nonnegotiable: we minimize PII, define retention, and ensure consent flows are explicit. With this in place, gen ai features have the context they need—retrieval works, grounding holds, and feedback loops from production inform continuous improvement.

On top of that, I build measurement in from day one: activation, retention, task success, latency, and satisfaction. Every AI interaction is observable. We run A/B testing with a well-defined minimum detectable effect, pair quant with qualitative review, and feed human-in-the-loop judgments back into ranking and prompt libraries. This is how we avoid “demo-ware” and deliver real, repeatable value.

Layer 2 — Governance and risk: Before scaling, I formalize AI risk management and data governance. That includes model evaluation against safety and quality thresholds, red-teaming for jailbreaks, and threat detection and response for prompt injection and data exfiltration. We establish policy for model and provider selection, versioning, and rollback; we log prompts, responses, and decisions for auditability; and we define escalation paths when the system is unsure. These controls don’t slow us down—they create the confidence needed for faster iteration and board management alignment.

I also align legal, security, and product early on a taxonomy of risks—bias, hallucinations, privacy, IP leakage—so we can write tests and guardrails once and reuse them across features. The result is fewer surprises in customer pilots and a far smoother path through enterprise procurement.

Layer 3 — The agent experience: Only now do we invest in the frosting—the agent interface and workflows. Here I focus on clear jobs-to-be-done, crisp UX writing, and transparent system behavior. We design agentic AI flows that show reasoning steps when helpful, ask for clarification when confidence is low, and gracefully hand off to humans in customer support scenarios. Product tours, in-app guides, and tooltips reduce the learning curve and accelerate user activation.

Crucially, we measure the interface, not just the model. Agent Analytics tracks intents, tool use, fallbacks, and user corrections so we can tune prompts, tools, and policies. This closes the loop from experience back to data and governance, and it directly informs product roadmapping and sprint planning. When the cake is baked this way, go-to-market becomes easier: we can prove ROI with hard numbers, fine-tune pricing, and scale adoption with product-led growth tactics.

If your AI roadmap feels stuck, start with an honest readiness audit against these three elements. Shore up instrumentation and data pipelines, codify governance, then refine the agent interface with real user telemetry. Bake first. Frost last. That’s how we ship AI that customers trust—and keep winning after the first demo high fades.

Inspired by this post on Pendo – Best Practices.

October 25, 2025
4 Costly Misconceptions About AI Agents—and What Product Leaders Must Do Instead

Building AI agents looks deceptively simple right now. After leading multiple agentic AI initiatives, I’ve learned that the difference between a demo and a dependable product comes down to disciplined product discovery, ruthless scoping, and a clear AI Strategy that aligns with business outcomes. Here are four common misconceptions I correct early with stakeholders—and the practices I use to avoid expensive detours.

Misconception 1: “An LLM plus a few prompts is a production-ready agent.” In reality, production-grade agents require orchestration and rigor: tool-use and retrieval, memory design, state management, deterministic fallbacks, and continuous evaluation. I instrument Agent Analytics from day one to trace tool calls, latency, error codes, and cost per task; then I use A/B testing with a clear minimum detectable effect (MDE) to validate improvements before broad rollout. This is where product roadmapping and sprint planning matter—sequencing capabilities so we avoid building speculative features that don’t move outcomes.

Misconception 2: “More autonomy is always better.” The right autonomy level is contextual and risk-adjusted. For high-stakes workflows, I design for human-in-the-loop and role-based guardrails, grounded in privacy-by-design and data governance. Policies like least-privilege access, audit logs, and reversible actions reduce operational risk while still delivering leverage. In practice, this hybrid approach also controls cost: narrower scopes, clearer prompts, and bounded tool access reduce hallucination surface area and improve reliability—key to AI risk management.

Misconception 3: “If we build it, users will adopt it.” Adoption is earned with thoughtful onboarding and in-app guidance, not promised by a feature launch. I pair agent launches with targeted product tours, contextual tooltips, and progressive disclosure to drive user activation and product-led growth. Increase revenue, cut costs, and reduce risk with Pendo’s Software Experience Management platform. Optimize the entire software experience to drive adoption and improve engagement. Whether you use Pendo or a comparable solution, the principle stands: instrument the experience, run experiments, and iterate quickly based on evidence, not intuition.

Misconception 4: “Security, compliance, and governance can wait.” Deferring controls is a false economy. I embed AI risk management from day zero: prompt injection defenses, PII redaction, DLP, grounding and citation strategies, and threat detection and response. Clear data retention policies, vendor diligence, and model evaluation standards keep leadership, security, and legal aligned. This is the crux of building trust—and it’s far easier to design up front than to retrofit under pressure.

How I execute in practice: start with a tightly framed use case tied to a measurable outcome; define outcomes vs output OKRs; build a slim vertical slice to validate feasibility; instrument Agent Analytics from the first commit; ship behind feature flags; and operationalize learning loops across support, success, and GTM. The result is a durable path to product-market fit for agentic AI—one that compounds learning while minimizing blast radius.

The leaders who win with AI agents won’t be the ones who move fastest in a demo. They’ll be the ones who manage risk transparently, learn in public with their users, and turn continuous insight into competitive differentiation. If you’re planning your next agent milestone, align the roadmap to outcomes, treat governance as a feature, and make adoption your North Star.

Inspired by this post on Pendo – Best Practices.

October 25, 2025
WTF is MCP? The powerful protocol giving enterprise AI agents real-world autonomy

I get asked this constantly by boards, CIOs, and product teams: WTF is MCP, and why does it matter for enterprise AI? Here’s my straightforward take from the trenches of rolling out agentic AI across complex, regulated environments—and why it changes how we design, govern, and scale autonomous capabilities.

“Model Control Protocol gives your AI agents arms and legs to go do stuff with your data.” That framing resonates because it’s both simple and accurate. MCP turns passive “chatbots” into active agents that can safely take action within defined guardrails.

In practice, MCP is the connective tissue between models and the tools, systems, and workflows we trust. It standardizes how agents request permissions, execute tasks, and report outcomes—so enterprises can move from demos to durable operations. The benefit isn’t just autonomy; it’s autonomy with accountability, aligned to our AI Strategy and data governance obligations.

When I pilot agentic AI in production, I start with a narrow scope: which systems the agent touches (for example, CRM integration via HubSpot), what actions it can take (read, write, or propose), and what evidence it must log (inputs, outputs, and approvals). That discipline keeps us compliant with privacy-by-design while unlocking real business impact.

Great MCP use cases emerge where read-write actions compress time-to-value. Think: pulling Amplitude analytics cohorts to personalize outreach, auto-generating Pendo in-app guides based on feature adoption, or triggering customer support workflows with predefined playbooks. Each action is observable, reversible, and measured—because in the enterprise, repeatability beats novelty.

From a product management leadership perspective, I treat MCP-enabled agents like any other product surface. We define clear outcomes, not outputs: success rate per task, mean time to resolution, quality score, and safety incidents. We validate uplift with A/B testing and a minimum detectable effect (MDE) before scaling. Then we feed results into an Agent Analytics dashboard, just as we would for product-led growth funnels.

Governance is where MCP earns trust. I enforce least privilege, time-boxed credentials, environment isolation, and tamper-evident audit logs. Every tool call is tied to a business purpose, owner, and SLA. We integrate with existing threat detection and response processes so cybersecurity teams see the same telemetry they’re used to—no shadow AI, no surprises.

There’s also an adoption playbook that works: start with a contained domain, ship a sandboxed agent, require human-in-the-loop approvals, then progressively relax controls as accuracy and alignment improve. Document the boundaries in plain language, and instrument everything from day one. This is how we de-risk AI risk management while accelerating impact.

The most exciting shift is cultural: teams move from asking “Can the model do this?” to “What outcomes should the agent own—and what guardrails make that safe?” That mindset unlocks empowered product teams, clearer ownership, and faster iteration. MCP is simply the operational backbone that lets those choices stick.

If you’re evaluating where to start, pick one workflow with high frequency, clear rules, and measurable outcomes. Wire it to MCP with tight scopes, ship it to a friendly cohort, and learn aggressively. Autonomy isn’t the end goal—reliable, governed value is. MCP just makes that scalable.

Inspired by this post on Pendo – Best Practices.

October 25, 2025
6 Hard Questions Your AI Agents Must Answer to Win: Performance, Risk, and Real ROI

“Do you know how your AI agents are performing?” I ask this question in every review because it exposes whether we’re managing by outcomes or by anecdotes. Too often, teams point to latency, token counts, or completion rates and call it a day—useful signals, but not the story.

In my role, shipping agentic AI into production means I need decision-quality evidence, not vibes. That starts with Agent Analytics built on a unified analytics platform and instrumentation that lets me trace behavior, quantify value, and manage risk. Below are the six questions I use to separate novelty from durable impact.

1) What outcome are we optimizing for—and how do we measure it? If we can’t map the agent’s work to outcomes vs output OKRs, we’re optimizing noise. I anchor on task success rate, time-to-resolution, containment rate (no human handoff), cost per successful outcome, and downstream business impact (retention, conversion, NPS/CSAT) to keep us honest.

2) Are the right guardrails in place for AI risk management and data governance? I expect documented policies for prompt injection defenses, PII redaction, access control, and auditability. Every tool call should be permissioned, every data boundary explicit, and every failure mode observable. If we can’t demonstrate compliance by design, we’re scaling risk instead of value.

3) Can I explain every decision the agent made? Agentic AI needs traceability: prompts, intermediate reasoning, tool calls, retrieved context, and final outputs. I route key events into Amplitude analytics so product, engineering, and risk can slice behavior end to end. If we can’t reconstruct the path to an answer, we can’t debug, improve, or trust it.

4) What is the true cost per successful outcome? Raw token spend is misleading. I model total cost of ownership across retries, tool usage, escalations, and human review time—then benchmark against a consumption SaaS pricing lens. If cost per resolution trends up as volume grows, we haven’t built a scalable system; we’ve built a demo.

5) How does the agent learn without breaking what already works? My bar is a disciplined experimentation loop: offline evals, online A/B testing with clear guardrails, and a rollback plan. We predefine a minimum threshold for improvement before rollout and track regressions by persona, task type, and channel so we can localize fixes quickly.

6) Where is this agent creating durable differentiation? I look for capabilities competitors can’t easily copy: unique data advantages, superior tool orchestration, or workflows that compound learning. If the edge is just a base model prompt, the moat will evaporate; if it’s embedded in product workflows and proprietary signals, we’re building advantage.

Answering these six questions turns agentic AI from a novelty into a managed system. With Agent Analytics feeding a unified analytics platform, we can tie behavior to business outcomes, enforce governance, and make portfolio trade-offs grounded in evidence. The result is a product management leadership motion that prioritizes real ROI over vanity metrics—and scales with confidence.

If you’re not satisfied with the answers today, start by instrumenting the journey end to end, aligning metrics to OKRs, and setting clear risk thresholds. The compounding effects show up quickly when every iteration is measurable, explainable, and accountable.

Inspired by this post on Pendo – Best Practices.

October 24, 2025
SaaS + AI Is Here: How Our Summer 2025 Release Builds an Intelligent Foundation to Win

Leading product at HighLevel, I’m watching the convergence of SaaS + AI reshape how we build, price, and scale software. The winners will combine a sharp AI Strategy with disciplined product management leadership to ship real outcomes, not just demos. That’s why my team and I have been focused on giving you pragmatic ways to move fast without breaking trust. Give your company an intelligent foundation for the SaaS + AI era with our Summer 2025 Release. When I set priorities for this release, I optimized for three things: speed with quality, responsible AI, and measurable business impact. Practically, that means enabling agentic AI and gen ai workflows where they actually create leverage, unifying analytics so teams can make decisions from a single source of truth, and hardwiring data governance and privacy-by-design into every layer. If you’re wondering how to keep up, here’s what’s working for us and our customers: tighten product roadmapping and sprint planning around clear outcomes, not outputs; align teams with simple, observable OKRs; and empower product trios to run lean product discovery loops. These practices reduce cycle time while raising confidence, especially when introducing AI into core experiences. On the go-to-market side, I’m doubling down on product-led growth—shipping value into the product with in-app guides, thoughtful product tours, and frictionless onboarding. Pair that with rigorous retention analysis and A/B testing, and you’ll see which AI-powered moments actually move activation, adoption, and expansion. Don’t overlook the fundamentals either: smart SaaS pricing (including consumption models where it fits) can unlock the economics that sustain AI investments. My goal is to give you a foundation that is both ambitious and accountable—a platform you can trust to scale responsibly while your teams iterate quickly. If you’re planning your 2H roadmap, this release is built to help you ship faster, de-risk AI, and create outsized customer value in the moments that matter most.

Inspired by this post on Pendo – Perspectives.

October 24, 2025
3 Powerful Ways AI Is Reshaping Cybersecurity—from Ruthless Attacks to Rapid Defense

Every week, I watch the cybersecurity landscape bend under the pressure of AI. The pace isn’t linear—it’s compounding. What worked for IT teams last quarter often needs a rethink today, and the difference between merely coping and truly competing lies in how quickly we adapt our strategy, tooling, and operating rhythms.

Learn the ways in which AI is transforming both cybersecurity offense and defense for IT teams.

From my vantage point leading product strategy, I see three shifts that matter most right now: AI is supercharging attackers, accelerating defenders, and reshaping governance. Together, they redefine how we prioritize investments, measure risk, and align product and security roadmaps.

First, AI has leveled up the offense. Large language models can industrialize social engineering—hyper-personalized spear-phishing at scale, deepfake voice notes that spoof executives, and highly convincing support chats that trick users into bypassing controls. Code-generation tools lower the barrier to crafting polymorphic malware and automating reconnaissance. The net effect is ruthless efficiency: more credible lures, faster campaigns, and broader reach with fewer human operators. I now assume adversaries have an AI co-pilot—and plan defenses accordingly.

Second, AI is accelerating the defense. Modern detection and response stacks are moving beyond rules to behavioral analytics—correlating identity signals, endpoint telemetry, and network events to spot subtle anomalies that signature-based tools miss. Copilot-style assistants are augmenting SecOps by summarizing incidents, explaining probable root cause, and proposing next steps. The aim isn’t blind automation; it’s decision acceleration—shrinking mean time to detect and respond while reducing analyst toil. On the build side, AI-assisted code scanning and dependency analysis help teams shift security left, catching vulnerabilities earlier and turning secure defaults into muscle memory.

Third, governance is being rewritten in real time. As AI models ingest sensitive data and generate code and content, data governance and privacy-by-design move from compliance checklists to active risk management. We’re formalizing AI risk management alongside traditional AppSec: model inventories, usage policies, red-teaming prompts, and guardrails against prompt injection and data leakage. Identity remains the control plane—zero trust principles, least privilege, and continuous verification become nonnegotiable. I’ve found that aligning security, product, and IT leadership on a single policy-as-code backbone prevents drift and keeps audits predictable.

Practically, I guide teams to start with a crown-jewel inventory: What data and systems would materially impact customers, revenue, or brand if compromised? Map data flows, instrument comprehensive telemetry, and prioritize detection coverage where it matters most. Choose AI to augment before you automate—prove the loop with humans in the middle, then graduate to higher autonomy levels with clear rollback paths and audit logs.

Culturally, this is a product problem as much as a security one. We bring empowered product teams and SecOps into the same room, set measurable objectives (signal-to-noise ratio, mean time to contain, escaped defect rate), and iterate with the same cadence we use for product features. When security outcomes are treated as customer outcomes, adoption soars and friction recedes.

The takeaway: AI has tilted the field, but not inevitably against defenders. With a clear AI strategy, disciplined data governance, and pragmatic automation, IT leaders can turn reactive security into a proactive advantage—meeting attackers’ speed with speed, and outlasting them with better judgment.

Inspired by this post on Pendo – Perspectives.

October 24, 2025
4 Hidden AI Risks Every CIO Must Tackle Now—and a Proven Playbook to Mitigate Them

Across enterprises, I’m watching AI sprint from lab experiments to business-critical workflows. That velocity is exciting—and it’s also where risk compounds. In my role partnering with CIOs and IT leadership, I’ve learned that winning with AI is as much about disciplined risk management as it is about breakthrough use cases.

Learn about the risks that AI poses to IT teams, and how they can mitigate them.

I frame the challenge as “4 AI risks for CIOs (and a guide to solve them)”: data governance and compliance, model reliability and bias, security and supply chain exposure, and operational cost/ROI drift. Below, I outline the risks I see most often and the concrete actions I take to de-risk them without slowing innovation.

Risk 1: Data governance and compliance. The fastest way to stall an AI Strategy is to overlook consent, lineage, and access controls. I establish privacy-by-design from day one: data minimization, clear retention policies, role-based access control, and auditable logs for training, inference, and feedback loops. I also insist on defensible vendor reviews (DPA, SOC2/ISO, regional data residency), PII classification, and internal model cards that document sources, sensitivities, and acceptable-use constraints. This makes IT leadership comfortable scaling from prototype to production.

Risk 2: Model reliability, hallucinations, and bias. AI that fabricates or skews output erodes trust and creates downstream risk. I operationalize quality with evaluation harnesses, golden datasets, human-in-the-loop review for high-impact actions, and red-teaming for safety. Retrieval-augmented generation with citations, content filters, and grounded prompts reduce error rates. To quantify progress, I define precision/recall targets and a minimum detectable effect (MDE) for experiments so we know when a change is truly better—not just different.

Risk 3: Security and AI supply chain. New surface area invites prompt injection, data exfiltration, and compromised dependencies. I apply zero-trust principles: strict allow/deny lists for tools and connectors, secrets isolation, egress controls, sandboxed environments for agents, and output validation before execution. Every model and plugin goes through threat modeling, dependency scanning, and vendor security reviews. For agentic AI patterns, I gate high-risk actions behind explicit approvals and granular scopes.

Risk 4: Operational cost and ROI drift. AI workloads can balloon with hidden inference costs, shadow IT, and duplicated platforms. I put governance around spend using consumption SaaS pricing guardrails, usage caps by environment, tagging by app/team, and a unified analytics platform to monitor latency, quality, and cost per transaction. This lets me reallocate budget toward the highest-impact use cases while sunsetting low-yield experiments.

Your 90-day playbook. Days 0–30: Inventory AI use cases, classify data sensitivity, choose one or two critical business workflows, and stand up core guardrails (access, audit, red-teaming). Days 31–60: Pilot with a cross-functional product trio (PM, design, engineering), define OKRs, instrument evaluations, and enable human-in-the-loop. Days 61–90: Productionize the winning flow, set usage and spend policies, enable observability dashboards, and roll out training for frontline teams with clear escalation paths.

The organizational layer matters as much as the technical one. I align stakeholders early, empower product trios to iterate quickly within boundaries, and deploy forward deployed engineers to embed with the business. This keeps trust high, reduces handoffs, and ensures that governance accelerates value rather than blocking it.

Done well, these practices turn AI risk into a competitive moat. By pairing disciplined governance with pragmatic experimentation, we capture the upside of gen ai while protecting customers, teams, and the business. That’s how I’ve helped enterprises move from scattered pilots to measurable, scalable impact—safely.

Inspired by this post on Pendo – Perspectives.

October 24, 2025
Implementing Agentforce the Smart Way: My Proven Playbook for Salesforce Agentic Success

Implementing Agentforce isn’t a feature rollout—it’s a strategic shift. In my role building AI-driven products, I treat Agentforce as its own product with clear outcomes, rigorous governance, and disciplined iteration. The objective is to create durable operational leverage inside Salesforce without compromising trust, data integrity, or customer experience.

Learn the ways in which Pendo helps companies design and iterate on their agentic strategy for Salesforce.

I start with product discovery. That means selecting the right use cases, defining the target user, and aligning on measurable outcomes rather than outputs. In practice, I prioritize use cases across sales, service, and marketing using an impact–effort–risk lens, then set crisp success metrics—response time, deflection rate, case resolution, win rate lift, and user adoption. This keeps everyone focused on value creation, not just model novelty.

Next, I design the agentic system with guardrails. I specify agent roles, tools, and policies; define when to escalate to humans; and embed privacy-by-design and data governance from day one. I also build an evaluation harness with offline tests and live A/B testing, ensuring we have a minimum detectable effect that’s meaningful for the business. The goal is to measure outcomes reliably and course-correct quickly.

When building the first slice, I scope narrow and ship fast. For example, start with a constrained service workflow—classify the case, propose a response, and take a safe action—with clear affordances in Salesforce so users understand what the agent did and why. I instrument the experience end-to-end and use Pendo for in-app guides, surveys, and behavioral analytics to reduce onboarding friction and capture real-time feedback at scale.

Iteration is where value compounds. I run weekly reviews of conversations, error taxonomies, and edge cases; adjust prompts and tool access; and maintain a steady experiment cadence. We track outcomes vs output to avoid vanity metrics, and we document learnings to de-risk the next use case. This steady drumbeat builds credibility with stakeholders and confidence with frontline users.

Change management is non-negotiable. I align leaders early, set expectations on what the agent can and cannot do, and define SLAs for humans-in-the-loop. I use product tours to teach new behavior, highlight quick wins, and establish transparent feedback channels. This combination of enablement and accountability accelerates adoption and creates a culture that embraces agentic AI responsibly.

Finally, I scale thoughtfully. Once the first use case demonstrates value, I standardize patterns, unify analytics, and evolve governance as usage grows. I review risk regularly, align OKRs with the roadmap, and keep a tight feedback loop between product, ops, and go-to-market teams. Treating Agentforce as an evolving product—not a one-off project—maximizes impact while protecting the customer experience.

Inspired by this post on Pendo – Perspectives.

October 24, 2025
Inside Pendo’s Decision: Replacing the Website Chatbot With an AI Agent to Boost ROI

Traditional website chatbots promised instant answers but rarely delivered the depth, context, and actionability modern buyers expect. After seeing patterns of high drop-off and shallow engagement, I stepped back and reframed the problem: We did not need another scripted bot—we needed an AI Agent capable of understanding intent, personalizing responses, and taking meaningful actions in the flow of discovery.

That is why Pendo replaced the website chatbot with an AI Agent. From a product management lens, the decision hinged on three criteria: accelerate time-to-value for visitors, reduce operational overhead through automation, and improve the quality of demand captured at the top of the funnel. An agentic AI approach met all three.

Increase revenue, cut costs, and reduce risk with Pendo’s Software Experience Management platform. Optimize the entire software experience to drive adoption and improve engagement.

This statement crystallizes the business case. An AI Agent can translate product intent into measurable outcomes by connecting to knowledge sources, analytics, and workflows. Instead of handing off a prospect to a form or a static knowledge article, the agent can surface relevant guidance, qualify interest, book meetings, and even trigger product tours—closing the loop between marketing, product, and customer success.

We anchored the implementation in data governance and privacy-by-design. That meant carefully curating training corpora, instituting role-based access controls, applying guardrails for sensitive topics, and designing graceful human-in-the-loop fallbacks. The result was not just a smarter front door, but a safer one—critical for regulated buyers and enterprise stakeholders.

To validate impact, we ran disciplined A/B testing with a clearly defined minimum detectable effect across conversion, engagement depth, and time-to-response. We also monitored secondary signals such as escalation rate to human support, session quality, and downstream product adoption. Early signals showed more qualified conversations, fewer dead ends, and faster paths to value—exactly the outcomes a product-led growth motion requires.

The experience uplift did not stop at the website. By aligning the agent with in-app guides and product tours, we created continuity from pre-signup exploration to onboarding and activation. Visitors received consistent, contextual help before and after they became users, which strengthened our product positioning and reduced friction across the journey.

Operationally, the shift lowered the marginal cost of each high-quality interaction while improving reliability. Agent handoffs to sales or support became intentional rather than reactive, and insights from conversations fed directly into product discovery. That closed feedback loop informed roadmap decisions and sharpened our go-to-market strategy.

If you are considering a similar move, start with a clear AI Strategy tied to measurable outcomes, a robust governance model, and a pragmatic rollout plan. Focus the agent on high-intent moments first, surround it with analytics and experimentation, and let the data guide expansion. The goal is not to replace humans—it is to elevate them by letting the AI Agent handle the repetitive, high-volume work so your teams can focus on complex, high-value interactions.

Inspired by this post on Pendo – Perspectives.

October 24, 2025