Most SMBs are using AI without legal safeguards
A PwC report reveals that 72% of companies have no formal AI policy in place. For small businesses and agencies, this figure likely reaches 80-85%. The problem is straightforward but critical: you’re using ChatGPT, Claude, or other tools to save time, but without a documented framework for how, who uses them, and what data goes into them.
This legal gap creates three concrete risks. First, regulatory compliance: the European AI Act already imposes certain obligations, and authorities are beginning to enforce them. Second risk is intellectual property: if an employee sends client data or trade secrets to ChatGPT, you have no contractual recourse. Third risk is liability: if an automated decision (hiring, credit approval, service denial) made with AI assistance causes harm, who is responsible?
An AI policy doesn’t need to be complex. It’s a document that specifies: which tools are approved, what types of data must never enter them, who can use them, how data is tracked. For a small business with 10-50 employees, 2-3 pages are sufficient, adapted to your industry.
What this means for your business
You probably already have an employee using ChatGPT daily. Without a written AI policy, you’re exposed to compliance risks, proprietary data theft, and legal liability if a failed automated decision causes harm. A formal policy, even a basic one, drastically reduces these risks and lets you negotiate with insurers. The absence of a policy becomes evidence against you in litigation. Start with a one-hour meeting with your legal director or counsel, document the basic rules, and communicate them. It’s a minor expense for major protection.
In brief
Compressed AI models are now within reach for SMBs
Multiverse Computing is commercializing compressed versions of OpenAI, Meta, and DeepSeek models via API. Benefits: dramatic reduction in operational costs, lower latency, less infrastructure needed. For an SMB with moderate volumes, switching from a full model to a compressed version can cut monthly costs by 3-4x while retaining 95% of capabilities.
Bot traffic will exceed human traffic by 2027
Cloudflare’s CEO predicts that traffic generated by AI agents will surpass human traffic by 2027. Direct implication for SMBs: your servers, bandwidth, and authentication systems must be sized to absorb this bot traffic, certified as legitimate. This is an infrastructure change you need to anticipate.
Natural AI interfaces vs. complex enterprise software
A startup has raised $12M to build an ‘enterprise AI OS’ where you speak to your business tools via natural prompts instead of navigating menus. For SMBs without a dedicated IT team, this approach cuts training time and boosts adoption. The trend is clear: traditional enterprise software interfaces are gradually losing ground.
AI security: the real technical issues are becoming clear
A team has launched a free digest that translates AI security research from arXiv into clear language for practitioners. The first issue covers cross-stack attacks and LLMs automating their own adversarial attacks. It’s the most accessible way to stay current on what can actually cause problems in a production AI implementation.
Get The AI Brief in your inbox
3x per week, the essentials of AI decoded for business leaders.