Safe AI customer service automation is possible. But it requires knowing what to ask for.
{.text-xl .text-neutral-600 .mb-8}
You're Right to Be Cautious
Vendors will show you a demo where the AI handles a returns question flawlessly. What they won't show you: what happens when a customer asks something the AI wasn't trained on, phrases a question unexpectedly, or pastes an angry email demanding legal action.
When you bring AI to procurement, the same objections surface:
- What if it invents a policy that doesn't exist?
- What if it says something that damages our brand?
- Can we prove what it said if regulators ask?
- What happens when it encounters something it shouldn't handle?
These objections have already burned companies that moved too fast. Here's what happened.
What Happens Without Guardrails
Cursor (April 2025)
A user reported login issues. The AI support bot "Sam" confidently explained it was due to a new "one device per subscription" policy. No such policy existed. The AI invented it. By the time the co-founder posted an apology on Hacker News, the story had already triggered a wave of subscription cancellations.
What was missing: The AI wasn't constrained to approved sources. When it didn't have an answer, it fabricated one that sounded plausible. Cursor now labels all AI responses explicitly.
Klarna (2024-2025)
In early 2024, Klarna announced their AI could do the work of 700 agents. They paused human hiring entirely. Fourteen months later, CEO Sebastian Siemiatkowski told Bloomberg: "Cost was too predominant. What you end up having is lower quality." They're now hiring humans again, targeting students and rural workers for remote support roles.
The gap: No escalation paths for conversations that needed human judgment. They assumed less human involvement meant more efficiency. Instead, the wrong conversations stayed automated.
Air Canada (2024)
A chatbot told Jake Moffatt he could book a full-price ticket and claim bereavement fares retroactively within 90 days. He did exactly that after his grandmother died. The policy didn't exist. When he sued, Air Canada argued the chatbot was "a separate legal entity responsible for its own actions." The tribunal called this "remarkable" and ruled against the airline. This case is now cited internationally.
What they didn't have: Source verification. An audit trail showing where the answer came from. When things went wrong, Air Canada couldn't even prove what the chatbot had actually said or why.
Each failure followed the same pattern: AI operated outside defined boundaries, invented information when uncertain, and the company discovered the problem only after customers did.
A Framework That Covers the Risk
The same things keep going wrong. Which means you can stop them. Five patterns cover the main risks for customer-facing AI.
| # |
Pattern |
What It Prevents |
| 1 |
Knowledge Boundaries |
AI inventing policies, prices, or promises |
| 2 |
Confidence Thresholds |
Guessing when it should escalate |
| 3 |
Action Permissions |
Unauthorized refunds, cancellations, changes |
| 4 |
Audit Trails |
"We can't prove what it said" |
| 5 |
Escalation Triggers |
Wrong conversations staying automated |
Here's what took me a while to understand: Patterns 1-3 prevent disasters. Patterns 4-5 help you catch problems early and route them correctly. If a vendor only offers the first three, you'll have fewer incidents but no visibility when they happen. If they only offer the last two, you'll know about every problem but still have them. You need both.
What to Ask For Each Pattern
One question per pattern. One red flag to watch for. And the context that vendors won't volunteer.
1. Knowledge Boundaries
This is what stops a Cursor-style incident. The AI only responds from your approved docs, FAQs, and policies. Nothing fabricated from general training data.
Ask: "For any response, can we see exactly which document it came from?"
Red flag: No source attribution visible, or vague claims about "grounding" without showing actual citations.
What nobody tells you: Your existing help docs probably have contradictions. Page A says refunds take 3-5 days; page B says 5-7 days. AI will surface every inconsistency you've been ignoring. Budget 2-4 weeks to clean your knowledge base before launch. Not optional. It's the difference between a successful pilot and an embarrassing one.
2. Confidence Thresholds
Think of this like a dial. The AI measures certainty for every response. Below a threshold, it escalates instead of guessing.
Ask: "Can we set and adjust the confidence threshold ourselves? What's the default?"
Red flag: The AI never says "I'm not sure" or "let me transfer you to someone who can help."
Worth knowing: You'll be tuning this for weeks. Set the threshold too high and everything escalates (you've built an expensive routing system). Set it too low and hallucinations slip through. Most teams land somewhere between 70-85% confidence as their trigger, but your number depends on your risk tolerance and ticket types. Expect to adjust weekly for the first month.
3. Action Permissions
Clear rules for what AI can do alone, what needs approval, and what it can't touch.
Ask: "Can we set different permission levels for different action types? What's the most granular control available?"
Red flag: Binary on/off for all actions, or no visibility into what actions AI is actually taking.
What nobody tells you: There's a big gap between AI that answers questions and AI that takes actions. An AI that can issue a €500 refund is not the same product as one that looks up order status. Most vendors blur this distinction because action-taking AI is genuinely harder to build safely. If a vendor claims their AI "does everything," ask specifically: can it modify customer accounts? Process payments? Cancel orders? If they're vague, they haven't figured it out.
4. Audit Trails
Every conversation logged with timestamps, sources cited, and confidence scores. Immutable and exportable.
Ask: "Can we export complete interaction histories? How long are logs retained? What exactly gets logged?"
Red flag: Logs only capture conversation summaries, or retention is shorter than your compliance requirements.
What nobody tells you: Your team will use audit trails daily. Debugging why the AI gave a weird answer. Identifying gaps in your knowledge base. Resolving customer disputes about what was said. Regulators are almost an afterthought. If logs are hard to search or only show summaries, you'll spend hours on issues that should take minutes. (I've watched teams burn entire afternoons on this.) Good audit trails are a productivity tool, not a compliance checkbox.
5. Escalation Triggers
This is what Air Canada was missing. Rules that route conversations to humans based on sentiment, topic sensitivity, customer value, or specific phrases.
Ask: "When a conversation escalates, does the human agent see the full history? How quickly does handoff happen?"
Red flag: Escalation adds significant delay, or the agent starts blind without conversation context.
What nobody tells you: Escalation is not failure. A healthy escalation rate is typically 15-30% depending on your ticket complexity. That's not a hard rule. But if you're pushing for single digits, you're probably forcing the wrong conversations to stay automated. And here's the thing: a handoff without context is worse than no AI at all. If the customer has to repeat everything to the human agent, you've made their experience worse, not better. Context transfer matters more than escalation speed.
Your Evaluation Checklist
Bring this to your next vendor conversation. (Print it out. Scrolling through a PDF while someone's giving you a demo is awkward.)
Priority: ●●● Essential | ●●○ Important | ●○○ Nice to have
{.text-sm .text-neutral-500 .mb-4}
| Capability |
Priority |
Y/N |
Notes |
| AI only responds from approved knowledge sources |
●●● |
☐ |
|
| Source attribution visible for each response |
●●● |
☐ |
|
| Confidence scoring with configurable thresholds |
●●● |
☐ |
|
| Defined action permissions by action type |
●●● |
☐ |
|
| Complete conversation audit trail |
●●● |
☐ |
|
| Configurable human handoff triggers |
●●● |
☐ |
|
| Full context transfer on escalation |
●●● |
☐ |
|
| Data residency controls (EU/US/etc.) |
●●○ |
☐ |
|
| SOC 2 Type II certification |
●●○ |
☐ |
|
| Real-time monitoring dashboard |
●○○ |
☐ |
|
| Custom escalation rules by topic/sentiment |
●○○ |
☐ |
|
What nobody tells you: The first 30 days are mostly setup, not automation. Expect to spend 80% of your time on knowledge base cleanup, threshold tuning, and escalation rule configuration. The AI improves as you feed it real conversations and adjust based on what you see. If you expect magic on day one, you'll be disappointed. Treat the first month as training and things get better from there.
How Hay Compares
We're the new kids. Intercom and Zendesk have been at this longer, have bigger teams, more integrations. Here's where we're different:
|
Hay |
Intercom Fin |
Zendesk AI |
| Cost per resolution |
€0.05-0.20 |
$0.99 |
$1.00+ |
| All 5 safety patterns |
Included |
Partial |
Higher tiers |
| Takes actions (not just answers) |
Yes |
Limited |
Enterprise |
| Open-source core |
Yes |
No |
No |
| EU data residency |
Default |
Available |
Enterprise |
Why open-source matters: You can inspect exactly how your customer data is being processed. Your security team can audit the codebase. If we disappear tomorrow, you're not locked in. For regulated industries or companies with strict vendor policies, this often moves AI from "not approved" to "we can work with this."
What to Actually Expect
No vendor can guarantee zero hallucinations. Not us, not anyone. Here's what realistic looks like:
- Week 1-2: Setup, knowledge base cleanup, initial configuration. AI handles simple FAQs.
- Week 3-4: Threshold tuning based on real conversations. Escalation rates stabilize.
- Month 2: Meaningful automation. Teams typically see 40-60% of eligible tickets handled without human intervention.
- Ongoing: Continuous improvement. New edge cases surface, you add to the knowledge base, coverage expands.
The right question isn't "will mistakes happen?" They will. The right question is: "When something goes wrong, how quickly can we catch it, understand it, and fix it?" That's what the five patterns are for.