Tag: privacy-by-design

High-Quality Data, High-Velocity AI: My Product Playbook for Governance, Trust, and Scale

Every breakthrough we ship in AI reinforces a simple truth I live by: "Companies that prioritize data quality, governance, and structure will accelerate their AI initiatives the fastest." That statement captures the difference between flashy demos and durable, scalable products. In my experience, the strongest AI Strategy starts with the discipline to treat data as a product, not an afterthought.

When teams rush to production with generative AI or LLMs, the first issues rarely come from the model itself—they come from the data. Poor lineage leads to hallucinations, inconsistent schemas inflate costs, and weak access controls erode trust. For LLMs for product managers, this is the gap between a compelling prototype and a reliable system customers depend on every day.

Let me clarify what I mean by data quality, governance, and structure. Quality is completeness, accuracy, freshness, and consistency across sources. Governance is policy, ownership, and accountability—privacy-by-design, regulatory compliance, and AI risk management built in from day one. Structure is the architecture: clear data contracts, standardized schemas, metadata and lineage, and role-based access that keeps sensitive signals protected while enabling speed.

Here’s the product playbook I use to operationalize this. First, map critical sources and define data contracts at the edges so producers and consumers can move independently. Second, standardize schemas and entity resolution to eliminate ambiguous joins. Third, enforce privacy-by-design with policy-as-code and automated redaction. Fourth, converge analytics into a unified analytics platform so definitions, freshness, and observability are shared. Fifth, instrument end-to-end lineage and quality SLAs with alerting. Finally, close the loop with human feedback and labeling to continuously improve model performance.

For generative AI workloads, a retrieval-first pipeline is essential. Unify trusted sources (product analytics, CRM, support, docs), embed and index them with guardrails, and focus on context window management to keep prompts lean, relevant, and cost-effective. This approach improves response quality, reduces token spend, and makes updates near-real-time—without retraining the base model every week.

Measure what matters. Tie model outcomes to product metrics through rigorous A/B testing, and size experiments with minimum detectable effect (MDE) so you can ship confidently. Use product analytics to verify that better data actually improves activation, retention, and support deflection. When teams can trace an AI improvement back to a specific data-quality fix, they invest in governance with conviction.

Culture closes the gap. Empowered product teams and product trios (PM, design, engineering) make crisper decisions when data stewards are embedded and accountable. Clear ownership, shared definitions, and transparent dashboards reduce friction with security and compliance while speeding up delivery. This is how product management leadership sustains velocity without trading away trust.

The bottom line: if we want faster, safer, and more scalable AI, we start with the data. Build strong foundations, treat governance as enablement, and structure every step so improvements compound. With that in place, Generative AI stops being a science experiment and becomes a durable competitive advantage.

Inspired by this post on Amplitude – Perspectives.

November 19, 2025
Intercom is now a Shopify Plus Technology Partner: AI-powered support to scale ecommerce

I’m thrilled to share that Intercom is now a certified Shopify Plus Partner on the Technology Track. As someone who obsesses over product quality, speed, and measurable outcomes, this milestone reflects the rigorous standards we hold ourselves to and the trust Shopify Plus merchants can place in our solution.

The Shopify Partner Program Technology Track supports the largest Shopify merchants by helping them find the apps and solutions they need to build and scale their business. The program is available specifically for Shopify Partners who provide a level of product quality, service, performance, privacy, and support that meets the advanced requirements of Shopify Plus merchants.

As a Technology Partner, Shopify has recognized Intercom as a provider trusted to help high-growth ecommerce brands scale.

“The Shopify Partner Program Technology Track is designed to meet the advanced requirements of the world’s fastest growing brands. We’re happy to welcome Intercom to the program, bringing their insight and experience in Customer Support to the Plus merchant community.”

— Jeff Kennedy, Head of Product Partnerships, Shopify

For Shopify Plus merchants, this certification means that our integration is vetted and optimized, and that our roadmap aligns with Shopify’s priorities. In practice, that translates into faster resolutions, less context switching, and more personalized conversations—without compromising privacy or performance.

Over the past year, we’ve launched a series of enhancements to our Shopify integration to give merchants more control and speed in support, including:

Data Connector templates so our AI Agent Fin can fully resolve requests from customers who want to get information about their Shopify order.

Multi-store support for merchants to manage conversations from multiple storefronts in one inbox.

Inbox order actions for merchants to take actions like editing shipping addresses, cancelling and refunding whole orders, deduplicating or creating duplicate orders based on existing ones, all without leaving the conversation.

EU workspace support to ensure merchants stay aligned with EU data residency requirements.

Launch your AI customer service faster—this hero graphic invites users to try the #1 AI agent with a bold headline and clear CTA, emphasizing practical, real‑world demos over polished Hollywood sizzle.

Updated data mapping and custom fields to keep Shopify order data and customer profiles fully in sync.

These updates make it faster and easier for merchants to resolve queries, personalize conversations, and drive loyalty, all from one platform. I’ve seen these capabilities reduce average handle time and minimize escalations—especially for complex order changes and post-purchase workflows.

We’re already seeing how our Shopify integration is helping merchants scale their support and deliver better customer experiences: teams are deflecting routine inquiries with AI while empowering agents to focus on high-value, relationship-building conversations.

Our team is continuing to invest in Shopify-specific capabilities. Here’s what we’re working on:

Expanded Fin Tasks for complex order actions with new pre-built workflows.

Enabling Model Context Protocol (MCP) support.

Smarter product search powered by Shopify data.

These additions will help merchants resolve faster, personalize at scale, and stay ahead of rising customer expectations – particularly as we approach peak season. We’ll continue to ship in tight feedback loops with Plus merchants to ensure each improvement moves the needle.

If you’re a Shopify Plus merchant, learn more about how we can help you scale your support with Fin, the best performing AI Agent for ecommerce. Ready to move fast? Get started with Fin now.

Inspired by this post on The Intercom Blog.

November 18, 2025
Win AI Search: Proven Playbook to Get Your Startup Recommended by ChatGPT & Perplexity

AI search is quickly becoming the new homepage for startups. When a buyer asks a model for the best tools, they often take the short list at face value. I treat this moment as a product surface I can influence with strategy, content, structure, and distribution—much like any other go-to-market channel.

Early on, I set a simple objective for my team and me: "Learn how LLMs like ChatGPT and Perplexity decide which startups to recommend and what signals help a brand get discovered in AI search." That sentence became our north star for experiments, instrumentation, and content architecture.

Here is the mental model that consistently holds up in practice. Large language models synthesize answers from a knowledge graph built from crawled content, citations, and high-signal sources. They weight consensus, clarity, recency, authority, and machine-readability. I don’t pretend to know the internals, but across hundreds of tests, the same patterns correlate with being surfaced and cited.

First, I make our entity unambiguous. I standardize the company name, product names, and leadership bios across the site and external profiles. I implement Organization and Product markup with schema.org and link out with sameAs to authoritative profiles like LinkedIn, Crunchbase, GitHub, and key directory listings. The goal is to collapse ambiguity so AI search knows exactly who we are and which claims are attributable to us.

Next, I publish definitive, answer-first pages. For every core query—what we do, who it’s for, outcomes, differentiators, pricing, comparisons, and integrations—I ship a page that leads with a crisp summary, then supports it with evidence, examples, and plain language. I include Q&A sections, realistic use cases, and named case studies so models can quote and ground responses in verifiable facts.

I then make the site maximally machine-readable. I add schema.org for SoftwareApplication, Product, FAQPage, and HowTo where relevant. I keep titles, H1/H2 structure, internal links, and metadata descriptive and consistent. I expose last-modified dates, maintain an XML sitemap, and keep a visible changelog and release notes. Freshness matters—Perplexity, in particular, tends to privilege recent, well-cited material when answering time-sensitive questions.

Citations are non-negotiable. I earn credible mentions on third-party properties, analyst lists, comparison pages, and customer reviews. I prioritize authoritative placements over volume, then make sure our site references those sources to reinforce the signal. When Perplexity cites our page alongside a respected third-party review, our inclusion rate in answers rises noticeably.

I also design for developers, buyers, and machines at once. That means clean docs, integration pages, and transparent security and trust content. Clear API references, integration guides, and reliability notes give models concrete artifacts to summarize. Pricing, privacy, and support policies reduce uncertainty and increase the likelihood that an answer will include us.

Measurement turns this from a hunch into a system. I run controlled content experiments, track minimum detectable effect on discovery and mentions, and instrument referral patterns from AI assistants when citations appear. I monitor which prompts surface our brand, which sources are cited, and which pages are repeatedly used as references. When we move a KPI, we codify the pattern into our playbook and scale it.

Trust is the compounding advantage. I maintain a transparent trust center, privacy-by-design posture, and clear data governance practices. I remove vague claims, back up benefits with evidence, and keep all performance or security statements auditable. Models tend to lift brands that feel low-risk, well-documented, and widely corroborated.

If you want a fast start, here’s the checklist I rely on. Standardize your entity and ship schema.org. Publish answer-first pages for core jobs-to-be-done, comparisons, and integrations. Earn authoritative third-party citations and reference them. Keep release notes, changelogs, and dates current. Instrument AI discovery and iterate based on what gets cited. Do this consistently, and your startup earns a fair shot at being recommended when buyers ask AI for the best options.

Inspired by this post on Amplitude – Best Practices.

November 7, 2025
Prototypes vs Products: How I De-risk Ideas Fast and Ship Reliable Value at Scale

Note: This is part of the product creator series of articles, based on the overview article, The Era of the Product Creator. This series is for anyone who wants to create a successful product—whether or not you’ve had formal training or experience in product management, product design, or engineering. Over the years, I’ve watched smart teams stumble because they treated a prototype like a product. The distinction is simple but vital: prototypes exist to learn; products exist to earn trust by delivering value reliably at scale. When we blur that line, we ship avoidable risk to customers and slow ourselves down later with rework. When I build a prototype, I’m testing assumptions as quickly and cheaply as possible. It might be a clickable Figma mock, a Wizard‑of‑Oz demo, or a quick script stitching together a ChatGPT connector with a CustomGPT workflow. It’s intentionally disposable. I expect missing edge cases, fake data, hand‑waving on latency, and limited attention to security or privacy. The only goal is to answer the riskiest questions fast. A product is a promise. It’s hardened for reliability, performance, security, and privacy‑by‑design. It’s observable with real analytics, supports CI/CD and rollback, meets accessibility guidelines, and can be maintained by empowered product teams. It has clear SLAs, incident management runbooks, and instrumentation that lets me track outcomes vs output OKRs and DORA metrics. Keeping prototypes and products separate makes us faster and safer. Prototypes accelerate discovery; products operationalize value. If I catch myself “polishing” a prototype, I pause and either discard it or define the path to production with the right engineering rigor, data governance, and stakeholder management. Here’s how I decide. In prototype mode, I timebox learning to days, not weeks, and focus on a single risky assumption—value, usability, or feasibility. I validate through qualitative research and usability tests, not vanity metrics. To graduate to product work, I require a crisp problem statement, evidence of problem‑solution fit, a technical plan for scale and observability, a privacy and threat modeling review, and a measurement plan (including minimum detectable effect) for upcoming A/B testing. AI adds new wrinkles. For gen AI and agentic AI, I evaluate model behavior offline before exposing anything to customers. That includes prompt design, context window management, guardrails to minimize hallucinations, and clear fallback strategies. I define red‑team scenarios, logging for auditability, and policies for data retention and encryption as part of AI risk management. A recent example: we prototyped an agent workflow in a day that felt magical in demos. We resisted the urge to ship. Instead, we added authentication, rate limiting, PII redaction, human‑in‑the‑loop review, observability, and in‑app guides and product tours for onboarding. Only then did we move to a limited release with a well‑defined go‑to‑market strategy and support readiness. One more trap to avoid: calling a prototype an MVP. An MVP is still a product—minimal in scope but complete enough to deliver value, gather trustworthy data, and support customers. If you wouldn’t put your name on it or support it in production, it’s a prototype, not an MVP. If you’re a product creator, align your product trios around this discipline. Use prototypes to learn quickly in discovery, and use products to deliver outcomes in delivery. That mindset protects customer trust, speeds iteration, and moves you toward product‑market fit with far less waste.

Inspired by this post on SVPG.

November 7, 2025
AI at Home, Impact at Work: Experiments That Supercharged My Product Leadership

I recently tuned into an insightful All Things Product episode featuring Teresa Torres and Petra Wille on how experimenting with AI in everyday life sharpens how we build AI-powered products at work. The core premise resonated deeply with my AI Strategy: low-stakes, personal experiments accelerate confidence, clarify limitations, and build an AI product toolbox we can bring into the office with rigor.

If you want to dive in, you can listen on Spotify or Apple Podcasts. I found the conversation especially relevant for product trios and anyone shaping LLMs for product managers in high-stakes environments.

The idea is simple but powerful: when I prototype with AI at home—where the stakes are low—I learn faster, make safer mistakes, and internalize critical product patterns. Over time, those patterns transfer directly to work: tighter context management, sharper bias awareness, clearer human-in-the-loop guardrails, and a more nuanced view of when to use AI as a thought partner versus when to consider agentic AI.

In my own practice, I’ve mirrored many of the scenarios discussed: using ChatGPT by OpenAI to plan meals, analyze public data sets like school budgets, and even sanity-check real estate evaluations. These seemingly mundane tasks are fertile ground for learning about context window limits, hallucination (artificial intelligence), AI bias, and privacy-by-design trade-offs. Each experiment helps me craft better prompts, structure data for clarity, and decide when a human review step is non-negotiable—core habits for AI risk management.

At work, I treat AI as a thought partner for writing, research synthesis, and contract review. I also explore when and how to responsibly evolve toward agentic AI for repeatable workflows. The distinction matters: a thought partner augments judgment; an agent automates execution. Building the right scaffolding—data governance, auditability, constraints, and escalation paths—ensures we unlock speed without compromising safety.

Three lines from the episode stayed with me: “I’m trying to write things that only I can write — that’s my guiding writing light right now.” — Teresa. “The more we use AI, the more we learn what it’s good at, what it’s not good at, and where context becomes a limitation.” — Teresa. “It’s a safer playground — we can build our toolbox at home before bringing those lessons to work.” — Petra. These are practical north stars for product management leadership in the GenAI era.

For anyone getting started, here’s what worked for me: begin with “low-stakes” personal experiments, write down your prompts and outcomes, and reflect on failure modes. Treat each activity as product discovery: What problem am I solving? What outcome matters? What data and context does the model need? Which decisions must stay human-in-the-loop? This discipline builds an AI product toolbox you can confidently apply to real customer problems.

I also keep a running toolkit of references and tools that inform my practice: Context window as a concept helps me size and sequence information. Visual and video tools like Midjourney and Sora expand how I think about multimodal experiences. I rotate between Claude by Anthropic and ChatGPT by OpenAI depending on task fit, and I’ve used Claude Code when I need structured assistance with code review. For knowledge capture and workflow, Readwise and Ghost help me structure insights and ship content.

If you want more structured learning paths, I found Josh Seiden’s Learn AI With Me, A 30-Day Sprint to be a practical primer, and the broader community conversation at Product at Heart Conference is invaluable. For a deeper grounding in risk, I recommend reviewing topics like Hallucination (artificial intelligence), AI bias, and Agentic AI—and revisiting the complementary episode, Context is King.

I’d love to hear how you’re experimenting: Where have you seen AI meaningfully reduce toil? Where does it still struggle? How are you balancing creativity, data safety, and compliance as you scale? Drop a comment below and let’s compare notes—especially on patterns that help product trios move faster without sacrificing trust.

Bottom line: start small at home, carry lessons into the office, and build with curiosity and intentionality. That’s how we level up our product discovery, sharpen our value proposition, and lead teams confidently through the GenAI transition.

Inspired by this post on Product Talk.

November 4, 2025
Global Product Manager Playbook: Build Borderless Products, Align Teams, Win Every Market

Products without borders are exhilarating—and unforgiving. In my role leading product strategy, I’ve learned that “global” isn’t a launch plan; it’s a system. It’s the discipline of creating one product vision that flexes to many markets without breaking the core experience, the roadmap, or the business.

Here’s what a Global Product Manager does, key skills, tools, challenges, and how to grow into this high-impact role.

At its heart, the Global Product Manager role orchestrates product-market fit in multiple regions simultaneously. I translate a unified value proposition into localized realities—aligning product positioning, go-to-market strategy, pricing and packaging, and compliance—while keeping the platform cohesive. That means partnering closely with product trios, regional leaders, sales, customer success, and marketing to drive outcomes vs output OKRs that actually move the business.

Operationally, I start with deep product discovery across segments and geographies: what pains are universal, and where do we need regional nuance? From there, I map points of parity we must maintain globally and the differentiators we’ll localize—copy, workflows, payments, support models, and integrations. The art is delivering a consistent core with flexible edges so we can scale without fragmenting the codebase or the customer experience.

Trust is the non-negotiable. I build privacy-by-design into the product and roadmap, and I collaborate early with legal and security on data governance, data residency, and evolving regulations like GDPR. The right guardrails reduce rework later and enable faster regional launches—because compliance is a feature customers feel, even when they don’t see it.

On the commercial side, I partner on consumption SaaS pricing, product-led growth motions, and country-level market entry. Some markets need lighter onboarding and in-app guides; others demand concierge support or partner-led distribution. I use retention analysis to identify fit and inform sequencing, then adjust messaging and activation flows to shorten time-to-value and improve user activation by region.

My analytics and enablement stack is intentionally boring—and ruthlessly consistent. A unified analytics platform with Amplitude analytics gives us comparable funnels across countries. For experimentation, I run A/B testing with a clear minimum detectable effect (MDE) and disciplined rollout plans. Pendo powers product tours and in-app guides tailored by locale, while Intercom and CRM integration with HubSpot help me close the loop with GTM and support teams. The outcome is a learning system, not just a dashboard.

The hardest part isn’t translation—it’s alignment. Time zones, competing priorities, and matrixed ownership test even strong cultures. I rely on stakeholder management, crisp decision records, and product roadmapping and sprint planning rituals that respect regional input without derailing the global plan. When tension rises, I return to first principles decision making and the try do consider framework to make trade-offs transparent and repeatable.

If you’re growing into this role, start by owning a multi-region initiative end to end: lead localization for a critical workflow, run market-specific A/B testing with clear MDE, and publish a country launch plan that ties discovery insights to OKRs and resourcing. Build your credibility by shipping outcomes, not artifacts—then scale your impact by mentoring peers and creating shared templates for pricing, positioning, and experimentation. That’s how you shift from capable PM to trusted global operator.

Ultimately, a Global Product Manager is a force multiplier. We reduce complexity for the organization while increasing resonance for customers. If “products without borders” is your mandate, build the systems—analytics, governance, enablement, and decision-making—that make borderless execution reliable, repeatable, and fast.

Inspired by this post on Product School.

November 3, 2025
Unlock Customer Gold: Securely Access Intercom Data in ChatGPT to Align Every Team

I see customer conversations as a goldmine for every team—yet too often, they’re trapped inside the support platform. That silo makes it harder to make confident, customer-first decisions across product, sales, marketing, and leadership. I’ve felt that pain firsthand, which is why this update matters.

From today, the new Intercom connector for ChatGPT changes this. Intercom customers can now allow all teams to securely access conversations, tickets, and user data directly inside ChatGPT. Without having to switch tools, you can now get all the context you need to put the customer first across every area of your business.

Here’s how I approach it in practice: when frontline insights are accessible in the same workspace where I ideate, plan, and write, my team moves faster with more conviction. It’s the difference between guessing at customer needs and grounding decisions in real conversations.

How to connect Intercom to ChatGPT

Connecting Intercom to ChatGPT is easy:

1. In ChatGPT, open Settings → Connectors.

2. Search for “Intercom” and select it.

3. Sign in with your Intercom account to approve the secure connection.

(The connector is read-only and respects your existing Intercom permissions, so people only see what they already have access to. See more about security and setup details here.)

Once you’re in, you can start exploring your customer data using prompts written in natural language, like:

“Help me prepare for a meeting with customer X by updating me on outstanding issues raised in the last four weeks.”

“Find positive Intercom conversations mentioning our new feature Y, and add customer quotes to my campaign brief in Drive.”

“Build a list of the most common feature requests based on customer inquiries.”

What this unlocks

Connecting Intercom to ChatGPT makes customer feedback available across the company in a usable way. In my own workflow, this turns previously buried signals into actionable inputs for roadmaps, messaging, and enablement—without hopping between tools.

Support tickets contain direct information about what’s breaking, what’s confusing, and what people actually need. Normally, that information stays siloed in the support team. When I can query those conversations in plain language, I get immediate clarity on friction points and opportunities, and I can share that context with cross-functional partners in minutes.

When anyone can query it in plain language, it becomes useful for decision-making across the board. Teams stop working at cross-purposes because they’re looking at different parts of the picture. Now, product can see what’s actually frustrating users. Sales can understand common objections. Marketing can use the language customers actually use. Leadership can spot trends as they’re happening.

My recommendation: establish a lightweight ritual around this data. For example, build a weekly highlights digest sourced from Intercom conversations and review it in your product sync or go-to-market standups. It’s a simple way to align stakeholders and keep customer reality front and center.

We’ll be adding more connectors soon so you can access Intercom data in other AI tools your team already uses.

Inspired by this post on The Intercom Blog.

October 25, 2025
Turning Community Noise into Action: My Product Lessons from Zencity’s AI That Listens

I’m constantly looking for ways to turn messy, multi-source signals into decisions leaders can trust. Recently, I dug into how Zencity powers government decision-making with community voices—and it’s a masterclass in building AI products that are both responsible and useful.

Noa Reikhav, Head of Product, Zencity; Andrew Therriault, VP of Data Science, Zencity; and Shota Papiashvili, SVP of R&D, Zencity share a comprehensive view of how they designed an AI that listens and acts without sacrificing rigor.

How do you use AI to help city leaders truly hear their residents?

I was struck by the clarity of their platform vision—“They share how Zencity brings together survey data, 311 calls, social media, and local news into a unified platform that helps cities understand what people care about—and act on it.” That single line captures the essence of a unified analytics platform done right.

You’ll hear how the team built their AI assistant and workflow engine by being thoughtful about their data layers, how they combined deterministic systems with LLM-driven synthesis, and how they keep accuracy and trust at the core of every AI decision.

It’s a fascinating look at how modern AI infrastructure can turn noisy, messy civic data into clear, actionable insight.

Here are the takeaways that resonated with me most, and they align closely with how I approach AI Strategy and product management leadership. Data architecture defines what AI can do. Guardrails and transparency matter more than flashy outputs. Agentic systems become powerful when grounded in real, multi-tenant data. AI in the public sector can make democracy more responsive—if built responsibly.

The team’s layered data model is the backbone that enables trustworthy synthesis: raw data → elements → highlights → insights → briefs. As a product leader, I love how each layer introduces meaning and structure while preserving traceability. It’s the difference between a demo-friendly prototype and a durable platform.

Why context is everything when building AI for civic use. That’s not a platitude—it’s a requirement. Community conversations are hyper-local, emotionally charged, and policy-laden. Without context and rigorous data governance, you risk misclassification, bias, and broken trust.

How the team designed their AI assistant using MCP servers to safely negotiate data access. This is a smart pattern for privacy-by-design: let the assistant request access, let the system adjudicate, and make the boundary explicit and auditable. In multi-tenant environments, that clarity is the difference between scaling confidently and shipping risk.

Balancing agentic flexibility with deterministic trust. I’ve found this to be the most practical framing for real-world agentic AI: give the system room to explore, but bind its outputs to deterministic rails where it matters—taxonomy, citations, permissions, and evaluation criteria.

Evaluating accuracy when latency matters: how they think about evals, citations, and model-as-judge systems. I appreciate the pragmatism here. In production, you don’t have the luxury of slow truth-finding. You need tight feedback loops, interpretable citations, and layered evals to keep both precision and speed.

Using workflows like annual budgeting or crisis communication to deliver AI-generated briefs to the right people at the right time. This is where product-market fit shows up: not in features, but in end-to-end workflows aligned to real decision cycles and stakeholders.

Why government workflows are the ultimate “jobs to be done” framework. When the job is a public process—with deadlines, accountability, and high scrutiny—you don’t just need insights; you need timely, contextualized briefs that match the cadence of the work.

From my lens, the magic isn’t any single model. It’s the orchestration: deterministic systems with LLM-driven synthesis, strong guardrails, transparent citations, and an orchestration layer that routes the right brief to the right role at the right moment. That’s how you turn community noise into legitimate signal—and signal into action.

If you’re building AI for regulated, high-stakes environments, take note: invest in your data layers, make context a first-class citizen, embrace privacy-by-design with clear access negotiation, and treat evaluation as a living system. Do that, and you’ll earn the trust that makes your AI assistant—and your organization—indispensable.

Inspired by this post on Product Talk.

October 25, 2025
Urgent Alert: Spot Fraudulent Job Offers Impersonating Pendo—and Protect Your Career

In my role leading product management, I take brand trust and cybersecurity seriously—especially when it affects people’s livelihoods. Over the past few weeks, I’ve seen a troubling uptick in brand impersonation and social engineering targeting candidates. It’s a reminder that protecting our community isn’t just a technical problem; it’s a product management leadership and stakeholder management responsibility.

We want to warn you about recent instances of fraudulent job offers purporting to be from Pendo and/or its affiliate companies.

If you receive an unexpected outreach claiming to be from Pendo with a fast-track offer, requests for payment, or a push to move conversations to informal channels, treat it as a red flag. Scammers often spoof logos, clone profiles, and use vague role descriptions to create urgency. Their goal is to extract personal data, money, or access—classic social engineering tactics that undermine data governance and privacy-by-design principles.

Here’s how I advise candidates to protect themselves while keeping their job search momentum. Validate every opportunity through the company’s official careers page and confirm the recruiter’s identity through corporate channels. Check that email addresses and domains match publicly listed corporate information, and be wary of communication conducted exclusively through messaging apps. Never pay fees, buy equipment up front, or share sensitive data like Social Security numbers or banking information before a formal, verified offer is in place.

If something feels off, pause and verify. Contact the company via the channels listed on its website, ask for a video meeting with the recruiter using an official corporate account, and request written details on the role and interview process. If it’s fraudulent, report it to the company, the platform where the outreach occurred, and—when appropriate—local authorities. Acting quickly helps with threat detection and response and protects other candidates from harm.

From a product and security perspective, this is a cross-functional issue that benefits from AI risk management discipline. Strong signals include clear public guidance on recruiting practices, a dedicated reporting mailbox for suspected scams, and hardened email authentication (SPF, DKIM, DMARC). Pair these with privacy-by-design reviews for hiring workflows, recruiter verification checklists, and ongoing education for talent teams. These measures reduce attack surface while reinforcing brand integrity.

If you believe you’ve shared information with a fraudulent recruiter, take immediate steps: change any reused passwords, enable two-factor authentication, place fraud alerts or freezes with credit bureaus as appropriate, and monitor accounts for suspicious activity. Document all communications; they can help security teams and platforms act faster.

Recruitment fraud is emotionally taxing and can erode confidence in the process. Don’t let scammers slow your momentum. Stay vigilant, verify before you trust, and share this warning so others can avoid similar traps. If you’re ever unsure about a message that appears to come from Pendo, pause, validate through official channels, and prioritize your safety first.

Inspired by this post on Pendo – Best Practices.

October 25, 2025
Urgent Alert: Spot Fraudulent Job Offers Impersonating Pendo—and Protect Your Career

In my role leading product management, I take brand trust and cybersecurity seriously—especially when it affects people’s livelihoods. Over the past few weeks, I’ve seen a troubling uptick in brand impersonation and social engineering targeting candidates. It’s a reminder that protecting our community isn’t just a technical problem; it’s a product management leadership and stakeholder management responsibility.

We want to warn you about recent instances of fraudulent job offers purporting to be from Pendo and/or its affiliate companies.

If you receive an unexpected outreach claiming to be from Pendo with a fast-track offer, requests for payment, or a push to move conversations to informal channels, treat it as a red flag. Scammers often spoof logos, clone profiles, and use vague role descriptions to create urgency. Their goal is to extract personal data, money, or access—classic social engineering tactics that undermine data governance and privacy-by-design principles.

Here’s how I advise candidates to protect themselves while keeping their job search momentum. Validate every opportunity through the company’s official careers page and confirm the recruiter’s identity through corporate channels. Check that email addresses and domains match publicly listed corporate information, and be wary of communication conducted exclusively through messaging apps. Never pay fees, buy equipment up front, or share sensitive data like Social Security numbers or banking information before a formal, verified offer is in place.

If something feels off, pause and verify. Contact the company via the channels listed on its website, ask for a video meeting with the recruiter using an official corporate account, and request written details on the role and interview process. If it’s fraudulent, report it to the company, the platform where the outreach occurred, and—when appropriate—local authorities. Acting quickly helps with threat detection and response and protects other candidates from harm.

From a product and security perspective, this is a cross-functional issue that benefits from AI risk management discipline. Strong signals include clear public guidance on recruiting practices, a dedicated reporting mailbox for suspected scams, and hardened email authentication (SPF, DKIM, DMARC). Pair these with privacy-by-design reviews for hiring workflows, recruiter verification checklists, and ongoing education for talent teams. These measures reduce attack surface while reinforcing brand integrity.

If you believe you’ve shared information with a fraudulent recruiter, take immediate steps: change any reused passwords, enable two-factor authentication, place fraud alerts or freezes with credit bureaus as appropriate, and monitor accounts for suspicious activity. Document all communications; they can help security teams and platforms act faster.

Recruitment fraud is emotionally taxing and can erode confidence in the process. Don’t let scammers slow your momentum. Stay vigilant, verify before you trust, and share this warning so others can avoid similar traps. If you’re ever unsure about a message that appears to come from Pendo, pause, validate through official channels, and prioritize your safety first.

Inspired by this post on Pendo – Perspectives.

October 25, 2025
4 Costly Misconceptions About AI Agents—and What Product Leaders Must Do Instead

Building AI agents looks deceptively simple right now. After leading multiple agentic AI initiatives, I’ve learned that the difference between a demo and a dependable product comes down to disciplined product discovery, ruthless scoping, and a clear AI Strategy that aligns with business outcomes. Here are four common misconceptions I correct early with stakeholders—and the practices I use to avoid expensive detours.

Misconception 1: “An LLM plus a few prompts is a production-ready agent.” In reality, production-grade agents require orchestration and rigor: tool-use and retrieval, memory design, state management, deterministic fallbacks, and continuous evaluation. I instrument Agent Analytics from day one to trace tool calls, latency, error codes, and cost per task; then I use A/B testing with a clear minimum detectable effect (MDE) to validate improvements before broad rollout. This is where product roadmapping and sprint planning matter—sequencing capabilities so we avoid building speculative features that don’t move outcomes.

Misconception 2: “More autonomy is always better.” The right autonomy level is contextual and risk-adjusted. For high-stakes workflows, I design for human-in-the-loop and role-based guardrails, grounded in privacy-by-design and data governance. Policies like least-privilege access, audit logs, and reversible actions reduce operational risk while still delivering leverage. In practice, this hybrid approach also controls cost: narrower scopes, clearer prompts, and bounded tool access reduce hallucination surface area and improve reliability—key to AI risk management.

Misconception 3: “If we build it, users will adopt it.” Adoption is earned with thoughtful onboarding and in-app guidance, not promised by a feature launch. I pair agent launches with targeted product tours, contextual tooltips, and progressive disclosure to drive user activation and product-led growth. Increase revenue, cut costs, and reduce risk with Pendo’s Software Experience Management platform. Optimize the entire software experience to drive adoption and improve engagement. Whether you use Pendo or a comparable solution, the principle stands: instrument the experience, run experiments, and iterate quickly based on evidence, not intuition.

Misconception 4: “Security, compliance, and governance can wait.” Deferring controls is a false economy. I embed AI risk management from day zero: prompt injection defenses, PII redaction, DLP, grounding and citation strategies, and threat detection and response. Clear data retention policies, vendor diligence, and model evaluation standards keep leadership, security, and legal aligned. This is the crux of building trust—and it’s far easier to design up front than to retrofit under pressure.

How I execute in practice: start with a tightly framed use case tied to a measurable outcome; define outcomes vs output OKRs; build a slim vertical slice to validate feasibility; instrument Agent Analytics from the first commit; ship behind feature flags; and operationalize learning loops across support, success, and GTM. The result is a durable path to product-market fit for agentic AI—one that compounds learning while minimizing blast radius.

The leaders who win with AI agents won’t be the ones who move fastest in a demo. They’ll be the ones who manage risk transparently, learn in public with their users, and turn continuous insight into competitive differentiation. If you’re planning your next agent milestone, align the roadmap to outcomes, treat governance as a feature, and make adoption your North Star.

Inspired by this post on Pendo – Best Practices.

October 25, 2025
WTF is MCP? The powerful protocol giving enterprise AI agents real-world autonomy

I get asked this constantly by boards, CIOs, and product teams: WTF is MCP, and why does it matter for enterprise AI? Here’s my straightforward take from the trenches of rolling out agentic AI across complex, regulated environments—and why it changes how we design, govern, and scale autonomous capabilities.

“Model Control Protocol gives your AI agents arms and legs to go do stuff with your data.” That framing resonates because it’s both simple and accurate. MCP turns passive “chatbots” into active agents that can safely take action within defined guardrails.

In practice, MCP is the connective tissue between models and the tools, systems, and workflows we trust. It standardizes how agents request permissions, execute tasks, and report outcomes—so enterprises can move from demos to durable operations. The benefit isn’t just autonomy; it’s autonomy with accountability, aligned to our AI Strategy and data governance obligations.

When I pilot agentic AI in production, I start with a narrow scope: which systems the agent touches (for example, CRM integration via HubSpot), what actions it can take (read, write, or propose), and what evidence it must log (inputs, outputs, and approvals). That discipline keeps us compliant with privacy-by-design while unlocking real business impact.

Great MCP use cases emerge where read-write actions compress time-to-value. Think: pulling Amplitude analytics cohorts to personalize outreach, auto-generating Pendo in-app guides based on feature adoption, or triggering customer support workflows with predefined playbooks. Each action is observable, reversible, and measured—because in the enterprise, repeatability beats novelty.

From a product management leadership perspective, I treat MCP-enabled agents like any other product surface. We define clear outcomes, not outputs: success rate per task, mean time to resolution, quality score, and safety incidents. We validate uplift with A/B testing and a minimum detectable effect (MDE) before scaling. Then we feed results into an Agent Analytics dashboard, just as we would for product-led growth funnels.

Governance is where MCP earns trust. I enforce least privilege, time-boxed credentials, environment isolation, and tamper-evident audit logs. Every tool call is tied to a business purpose, owner, and SLA. We integrate with existing threat detection and response processes so cybersecurity teams see the same telemetry they’re used to—no shadow AI, no surprises.

There’s also an adoption playbook that works: start with a contained domain, ship a sandboxed agent, require human-in-the-loop approvals, then progressively relax controls as accuracy and alignment improve. Document the boundaries in plain language, and instrument everything from day one. This is how we de-risk AI risk management while accelerating impact.

The most exciting shift is cultural: teams move from asking “Can the model do this?” to “What outcomes should the agent own—and what guardrails make that safe?” That mindset unlocks empowered product teams, clearer ownership, and faster iteration. MCP is simply the operational backbone that lets those choices stick.

If you’re evaluating where to start, pick one workflow with high frequency, clear rules, and measurable outcomes. Wire it to MCP with tight scopes, ship it to a friendly cohort, and learn aggressively. Autonomy isn’t the end goal—reliable, governed value is. MCP just makes that scalable.

Inspired by this post on Pendo – Best Practices.

October 25, 2025