Last year, a grieving air traveler asked an Air Canada chatbot about bereavement costs. The bot created a refund policy that didn’t exist. The customer took it up, the airline ended up in court, and the story spread. The court rejected Air Canada’s argument that its chatbot is a “separate legal entity” responsible for its actions and ordered the airline to pay damages.
That incident is now a cautionary tale for every brand leveraging AI in customer interactions. And new research from customer communications platform Sinch suggests it’s far from over.
As many as 74% of enterprises have already been forced to turn back an AI agent deployed due to governance failures, according to the report. A sinch’s “AI Production Paradox” report. Here’s the twist: companies with the most mature security guards, those that have invested heavily in compliance, security regulations, and oversight, were held back at an even higher rate of 81%. Teams that do more to prevent failure fail more, not less.
“If governance was the solution, the most mature teams would be pulling back less, not more,” said Daniel Morris, chief product officer at Sinch. “Engineering teams are spending too much of their time building and maintaining security systems instead of focusing on improving the customer experience. That’s a security tax that is making organizations ineffective.”
Impact of the Guardrail tax
For advertising groups, that Guardrail tax has a direct cost. Every hour engineering spends rebuilding security infrastructure is an hour not spent improving the customer experience that drives revenue.
Air Canada is not alone. A car dealer’s chatbot agreed to sell a Chevy Tahoe for $1 after a prank. AI support bot at coding startup Cursor has instituted a no-login policy, triggering a wave of customer cancellations. A bot for a delivery company swore at a customer and wrote a poem condemning its employer. Each incident went viral. Each damaged the seal. And each one helps explain Sinch’s finding that three out of four businesses have already rolled out an AI agent.
Sinch surveyed 2,527 business decision makers in 10 countries and six industries. The most important findings for marketers:
- 62% of businesses already have AI communication agents in production, and 88% expect to deploy one within 12 months. The pressure to supply is intense.
- 74% have been forced to terminate an appointed agent due to governance failures. Three out of four marketing organizations have already felt the pain of an AI rollout that should have ended.
- 84% of teams spend at least half of their engineering time rebuilding security infrastructure from scratch. That’s the volume of engineering that probably goes into personalization, channel expansion, and campaign optimization.
- If an AI agent fails, 35% of the impact remains on the support line. Almost, 34%, resides in the perception of the product – and that is difficult to fix.
Infrastructure quality was the single strongest predictor of deployment success, the study found, surpassing model selection, team size, and budget. Yet many organizations say their current provider falls short in at least one key area.
AI customer communication agents handle customer conversations at scale: chatbots on websites, voice agents in contact centers, automated SMS and email responders, and multi-channel platforms that move and respond across channels. They range from simple FAQ bots to complex agents that authenticate users, process transactions, and generate personalized responses based on customer history.
Sinch’s research tracks agents already in production, not pilots or internal testing. These are the systems marketers rely on every day, where failure means frustrated customers, long wait times, and product damage that spreads by the minute.
Choosing the wrong foundation is a real risk
Jayashree Iyangar, global head of CX data and AI at HGS, a digital intelligence company, said the findings are similar to what she’s seen in the field. Advertisers have moved past the testing phase, he noted, and the real challenge is in implementation.
“The key question is how AI can be seamlessly programmed across multiple channels, not whether it can be deployed in one place,” Iyangar said.
He pointed out that the risk profile varies significantly by use case. A marketing chatbot that mistakes a promotional offer carries less weight than a service agent that mishandles a sensitive payment issue. “Human oversight within the loop remains central in service areas where the risk of negative customer impact is high,” he said. “This is also where we see many cases of AI reversal.”
Your customers are searching everywhere. Make sure it’s your product he appears.
The SEO toolkit you know, and the AI ​​visibility data you need.
Start a Free Trial
Start with
His take on infrastructure is consistent with Sinch’s findings. “A large part of the effort has been spent on building and maintaining security systems instead of improving the customer experience,” he said. You see organizations converging on centralized AI management teams that manage trust, compliance, and security separately from the AI-powered cases themselves.
Three steps sellers can take now
For marketing teams, research points to three practical moves.
- Let infrastructure control your vendor decision. Infrastructure quality predicts deployment success more than any other variable in Sinch’s data. When evaluating providers, ask about guardrail engineering, cross-channel orchestration, and the degree to which your team will take responsibility for security. The right platform handles most of the security work, so your team can focus on customer experience.
- Plot the guardrail tax on your road map. Security systems are not a one-time setup cost. They use continuous engineering resources that could otherwise be devoted to CX development. Budget for that fact right from the start rather than watching your timeline slide as you go backwards.
- Push for a different rule function. Iyangar’s observation about central AI management teams is directly related to the data. Keeping AI use cases and governance engineering separate reduces overhead. Marketing should not own the security infrastructure. It should partner with a dedicated management function that manages trust, compliance, and security, freeing marketing to focus on work that directly affects customers.
