Article summary: Modern consumer printers come bundled with subscription services, mandatory account registrations, internet requirements, and firmware that blocks cheaper ink. Understanding the hidden costs of buying a new printer before you commit changes the calculation significantly.

The printer costs less than a night out for dinner. It seems like an easy purchase.

Then the ink runs out.

The first trip to buy replacement cartridges is often when people realize the “bargain printer” wasn't much of a bargain after all.

That's by design.

For decades, printer manufacturers have relied on a business model that keeps hardware prices low and makes up the difference through ongoing ink and toner sales.

Today's printers have taken that approach even further. Many require online accounts, internet connectivity, subscription services, or manufacturer-approved cartridges. Some even use firmware updates to restrict the use of lower-cost third-party ink.

None of it appears on the box. And making informed decisions about the hardware and software you bring into your business starts with knowing what you’re actually committing to.

The Business Model Behind the Bargain Price

Printer manufacturers sell hardware at thin margins or below cost, then recoup through ink. It’s an intentional structure. The printer exists to give you a reason to buy cartridges.

JD Young estimates that an $80 bestselling consumer inkjet printing 1,000 pages per month would cost approximately $16,280 over five years when ink and hardware costs are combined.

Ironically, the cheaper printer turned out to be the more expensive option. The analysis found it could cost nearly $5,900 more to operate over five years than a higher-priced model designed to deliver more pages per cartridge.

The hardware price is often the least relevant number in the comparison.

Third-party cartridges can cut ink costs by 50% or more compared to manufacturer originals. 

That savings opportunity is precisely why manufacturers work hard to block access to them.

Subscription Plans and What They Actually Commit You To

HP is the most prominent example of printer subscription entanglement. 

The company offers two main programs: 

1. The HP Instant Ink which covers ink only.

2. The HP All-In Plan which bundles a printer and ink together.

What you sign up for

According to reporting by Tom’s Hardware, the HP All-In Plan costs between $8 and $36 per month based on the printer model and monthly page allowance. It requires a 24-month commitment and includes cancellation fees if you exit early. 

Print more than your monthly page allowance and additional charges apply. Although HP advertises a 30-day trial, customers must provide a payment method when enrolling and return the printer within 10 days of cancellation to avoid fees.

Opting into HP+ is marketed as a free upgrade. The actual conditions require an HP account, an active internet connection, and use of HP Original Ink for the lifetime of the printer. Once accepted, those restrictions are applied via a firmware update that cannot be undone.

What happens when you cancel

HP Instant Ink cartridges stop functioning when the subscription ends, even if ink remains in them. According to HP's terms, subscription cartridges are remotely disabled when the service is cancelled, requiring the user to install standard replacement cartridges to continue printing.

Internet Requirements and Account Sign-Ups

HP+ printers require a permanent internet connection to function, not just to set up. 

HP confirms this as a program requirement. A printer on HP+ that loses internet access cannot print until connectivity is restored.

Beyond HP, most modern wireless printers require a manufacturer account for full setup, cloud printing, or firmware access. It is one more set of credentials to create, manage, and secure.

That matters from a security standpoint. Each new vendor account is another entry point, another password to manage, and another data relationship to maintain. Handling those credentials with the same care as any other business account keeps that exposure manageable.

Firmware Updates and Third-Party Ink Restrictions

The mechanism behind third-party ink blocks is firmware: software updates pushed directly to the printer over the internet. 

HP’s Dynamic Security feature causes the printer to check an authentication chip on every cartridge. If the chip does not match HP’s signature, the printer refuses to print.

This has been the subject of multiple lawsuits. 

One complaint brought on behalf of European consumers, HP was accused of encouraging customers to register their printers for automatic updates and then deploying firmware that blocked aftermarket cartridges without clear disclosure. The case ultimately resulted in a $1.35 million dollar fund to compensate eligible HP printer owners.

The practical consequence is that cartridge compatibility is not always fixed at the time of purchase. A firmware update can alter which cartridges a printer will accept months or even years later.

What to Check Before You Buy

The best time to uncover these limitations is before the printer comes home. Start with these questions:

• Does this printer require an internet connection to operate, or only for setup and optional features?

• Is this model enrolled in HP+ or an equivalent program that permanently restricts ink to brand cartridges?

• What is the cost per page using manufacturer cartridges, and does the model support third-party alternatives?

• Does this printer prompt for a subscription during setup, and what are the cancellation terms?

• What happens to installed cartridges if a subscription lapses or is cancelled?

Need Help Evaluating Your Print Setup?

The hidden costs of buying a new printer add up fast when you’re not looking for them. A bit of due diligence before purchase saves money for years.

If you’re outfitting an office, reviewing a current print setup, or trying to understand why a printer is costing more than expected, BrainStomp can help you evaluate your options. Reach out at brainstomp.com/contact or call 260-918-3548.

Article FAQs

Do all new printers require an internet connection?

Not all of them. Many modern consumer models only need connectivity for cloud printing, remote access, or initial setup.

What is HP+ and what does it commit me to?

HP+ is a program that applies enhanced features to compatible HP printers via a firmware update. Accepting it is permanent and requires an HP account, an active internet connection, and the use of HP Original Ink for the lifetime of the printer. It cannot be reversed after the update is applied.

Can I use third-party ink cartridges in any printer?

Many printers support third-party cartridges, and they can reduce ink costs substantially. HP printers with Dynamic Security firmware do not. Before buying, check whether the specific model uses Dynamic Security and whether automatic firmware updates might introduce it post-purchase.

What happens to HP Instant Ink cartridges if I cancel the subscription?

They stop working. HP Instant Ink cartridges verify subscription status with HP’s servers, and cartridges issued through the plan are disabled when the subscription ends, regardless of how much ink remains in them.

Article summary: AI tools embedded in Outlook, Gmail, and CRM platforms now draft and summarize emails fast enough that review steps get skipped. The risk is that AI email summaries sent to clients can contain wrong figures, statements pulled from unrelated threads, or content the tool was never supposed to access. A short vetting habit before client emails go out protects your credibility and keeps AI a productivity tool rather than a liability.

The AI drafted the email. You gave it a quick look, adjusted one sentence, and clicked send. Your client reads it the next morning and replies asking why the invoice total doesn’t match what you just confirmed.

The AI had pulled a figure from a different thread. It looked right. It wasn’t.

That scenario happens more often than most businesses realize. 

The same speed that makes AI email summaries appealing can also create risk. When a draft arrives instantly, users are more likely to skip the careful review that might have identified an error.

Building a review habit before AI-assisted emails reach clients is part of the same thinking behind keeping communication accurate and secure.

How AI Email Tools Create a Silent Delivery Risk

Tools like Microsoft 365 Copilot and Gmail Gemini work by scanning your email history, drafts, and connected documents to generate summaries and draft replies. The output arrives formatted, grammatically clean, and ready to send.

That polish creates a specific trust problem. 

When people write, they often signal uncertainty with phrases like "I think," "it appears," or "let me verify that." AI-generated summaries rarely do. They present information with the same level of confidence whether it is accurate, incomplete, or wrong.

Thomson Reuters’ guidance on AI accuracy advocates human verification of all AI-generated results, a principle that applies directly to client-facing emails. When AI-generated content reaches customers, clients, or partners, even a small error can undermine credibility and strain relationships.

When the Tool Breaks Its Own Rules

In early 2026, Microsoft disclosed a bug in Microsoft 365 Copilot Chat that allowed the tool to process and summarize certain emails marked as confidential, even when organizations had configured DLP policies to exclude that content.

According to Microsoft's service advisory, the issue affected confidential emails stored in users' Sent Items and Drafts folders. A code defect caused Copilot Chat to ignore the intended restrictions for those messages until Microsoft deployed a fix in February 2026.

BleepingComputer reported Microsoft’s confirmation that the tool continued processing labeled emails because “a code issue is allowing items in the sent items and draft folders to be picked up by Copilot even though confidential labels are set in place.” The policies were in place. A coding error caused Copilot to process content those policies were supposed to exclude.

That’s not a warning about a theoretical future risk. It happened.

Three Ways AI Summaries Go Wrong

Factual hallucinations

AI language models generate text by predicting what should come next, not by verifying facts. 

When summarizing a thread, the model can fill gaps with plausible-sounding content that was never in the original email. Numbers shift. Dates move. Commitments appear that nobody made.

Research published in 2024 found that 38% of business executives reported making incorrect decisions that year based on hallucinated AI output.

Data pulled from the wrong context

AI summary tools scan broadly. 

A summary of one client thread may pull in a figure, a name, or a project detail from a different conversation if the model finds it contextually adjacent. The result reads correctly but refers to the wrong client or the wrong deal.

The Microsoft Copilot incident made this concrete at the platform level. At the individual email level, the same risk is subtler and constant.

Tone that doesn’t match the relationship

AI tools generate professionally formatted text by default. That default may not fit a long-standing client relationship where directness and informality are appropriate. 

The summary might soften a problem that needs to be stated plainly. It might phrase a delivery estimate in a way that reads like a guarantee.

Tone errors don’t introduce wrong facts, but they shape what a client expects next, and correcting that expectation later is its own problem.

Before You Hit Send: A Vetting Checklist

The review process does not need to be time-consuming. Five simple checks before sending an AI-assisted client email will catch most issues.

1. Does every number in this email match what I can verify in the actual project or account?

2. Are all dates, deadlines, and deliverables accurate and current?

3. Is anything here sourced from a different client, project, or thread?

4. Does the tone match the actual relationship, or does it sound like a template?

5. Am I comfortable if the client quotes this back to me as a factual record?

That last question is the most practical filter. If you would want to correct something before the client could reference it, correct it before sending.

One More Risk Worth Knowing About

Security researchers at Permiso reported in 2026 testing that AI email summary tools can sometimes be influenced by the content they are summarizing.

In their testing, attacker-controlled text embedded in an email was able to influence how Microsoft Copilot generated its summary. The result could include misleading statements, fake alerts, or other content shaped by the attacker's instructions. It's a form of prompt injection, the same technique used to manipulate AI systems through the information they process.

The attack relies on the trust people place in the summary rather than the original email. If someone skips the source and reads only what the AI produced, a manipulated summary can misrepresent what was said.

The habit that prevents most of these issues is simple: whenever an email involves financial information, commitments, approvals, or client decisions, review the original message rather than relying solely on the AI-generated summary.

Ready to Build a Review Process Your Team Will Actually Use?

AI email tools are useful. The time savings are real. The problem isn’t the tools; it’s the assumption that the output is ready to send without a check.

A 60-second review habit doesn’t slow down AI-assisted communication. It protects the client relationship that took years to build, and the business reputation that lives in every email you send.

BrainStomp can help your team build clear guidelines for AI tool use in client communications, covering what to verify, what to flag, and what to keep out of AI tools entirely. Reach out at brainstomp.com/contact or call 260-918-3548.

Article FAQs

What is a hallucination in an AI email tool?

A hallucination is when an AI produces text that sounds accurate but contains fabricated or incorrect information.

Are tools like Copilot and Gmail Gemini safe for client communication?

They’re genuinely useful productivity tools, but they aren’t a substitute for review. Both have documented cases of summarizing content inaccurately or pulling from unintended sources.

What is prompt injection in the context of email?

Prompt injection is a technique where malicious instructions are hidden inside content that an AI tool processes, in this case an incoming email. The instructions can influence what the AI writes in a summary or draft, potentially inserting false statements or altered figures that the recipient reads as accurate.

Article summary: When employees connect to company systems from personal devices on unmanaged networks, the traditional “trust the device, trust the user” model breaks down. Zero trust remote work security checks every user, device, and connection before access is granted, regardless of where the request comes from, and it’s the only model built for how distributed work actually operates.

Someone on your team logs in from their kitchen table. Personal laptop, home WiFi, same network as the family streaming devices and a teenager’s gaming setup. They open company email, pull up a shared file, and get to work. Normal Tuesday.

From a security standpoint, that’s a lot of trust placed in devices and networks you’ve never verified. That gap is the core problem that zero trust remote work security is built to close.

What Breaks When Everyone Works from Home

The traditional security model relied on a defended perimeter. Everything inside the boundary is trusted. Everything outside isn’t.

Remote work dissolved that boundary. 

Company email is now accessible from a personal tablet, a hotel WiFi, and a managed office desktop, all at the same time. The perimeter became everywhere. When it’s everywhere, it’s effectively nowhere.

According to McKinsey research cited by Microsoft, attacks on endpoints surged fourfold after the shift to widespread remote work, with home networks and personal devices the primary targets.

Attackers didn’t change tactics. They redirected attention toward softer targets. 

The research also found that Gartner estimates up to 90% of successful ransomware attacks hit unmanaged endpoints first. Personal and home-office devices fit that description exactly.

What Zero Trust Actually Means

Zero trust is a security model with one rule: nothing gets trusted until it’s verified. Every login, every device, every connection is checked before access is granted, regardless of whether the request comes from the office, the home, or anywhere else.

NIST SP 800-207 is the federal standard for zero trust architecture. It is moving security away from static network perimeters and toward continuous verification of users, devices, and the resources they’re trying to reach.

For a small business in practice, that translates to a few concrete things. 

A user logs in with verified credentials plus a second factor. Their device is checked to confirm it meets baseline security standards before the connection is allowed. They get access only to what they actually need for that day’s work. 

No one gets in by default just because they used the right password.

Five Controls That Matter Most for Home Offices

Device health checks before access is granted

A personal laptop running an outdated operating system with no antivirus is a liability the moment it connects to company systems. 

Device compliance checks, delivered through endpoint management software, verify that a device meets minimum standards before any access is allowed. No check passed, no access granted. That’s a rule that doesn’t depend on employees remembering to update software on their own.

Multi-factor authentication on every account

A password alone doesn’t prove who is logging in. 

Strong MFA is the most important single control for remote work. Credential theft is the entry point for most remote work breaches, and 

MFA stops most of those attacks even after a password has already been stolen. Phishing emails that appear convincingly legitimate are the most common means of credential theft in home-office environments.

Least-privilege access

Every account should only have access to the specific files, systems, and apps that person needs for their role. Nothing more. 

When a device gets compromised, least-privilege access limits the damage to what that account could reach. The attacker gets in, but there’s a wall between them and everything else.

Encrypted connections

Work traffic crossing the open internet needs encryption. 

For most small businesses, this means requiring a VPN for remote access, and confirming that file storage and communication platforms encrypt data while it’s in transit. An unsecured connection is readable to anyone on the same network.

Visibility and ongoing monitoring

Zero trust isn’t a one-time setup. It requires continuous verification. 

That means logging who accessed what, from where, and when, and flagging patterns that don’t fit. A user who normally logs in from Indiana at 9 a.m., showing up from overseas at 3 a.m. is worth a second look. 

Where to Start Without Rebuilding Everything

Zero trust doesn’t require replacing everything. Most businesses already have some of the pieces in place. The work is connecting them.

IBM’s 2024 Cost of a Data Breach Report found that organizations with mature zero trust practices saved an average of $1.76 million per breach compared to organizations without them.

The IBM research also found that the average breach cost hit $4.88 million in 2024, a record high. 

For small businesses, the cost of a breach is proportionally more disruptive. That context puts the investment required to apply zero trust principles in perspective.

The practical starting point is identity. Enable MFA across every account, starting with email and any cloud services your team uses daily. That addresses the most common attack vector immediately.

Next, audit which accounts have broad access they don’t actively use. 

Tightening those permissions costs nothing. If some employees connect from personal devices, that’s the next conversation: what’s allowed, what’s required from those devices, and how it gets checked.

Find the Gaps in Your Remote Setup

Applying zero trust remote work security to home offices doesn’t require an enterprise budget. It requires a clear picture of who is accessing what, from which devices, and with what level of verification behind each connection.

Most businesses are closer to a solid baseline than the technical terminology suggests.

BrainStomp can audit your current remote work setup, identify the highest-risk gaps, and walk you through practical next steps that fit your team. Reach out at brainstomp.com.

Article FAQs

What is zero trust security for remote workers?

Zero trust is a security model where every login, device, and connection is verified before access is granted, regardless of location. For remote workers, that means confirming device health, requiring MFA, and limiting each account to only the access it genuinely needs.

Why is home office security harder than office security?

The office relies on a controlled network, managed devices, and physical access controls. Home offices use personal hardware on shared networks that IT never configured. Each of those variables creates gaps that don’t exist in a managed environment, and attackers have learned to find them.

What is least-privilege access?

It means each user account is restricted to only the specific files, systems, and applications needed for that person’s role. If a device is compromised, the attacker is limited to what that account could reach. It substantially reduces the blast radius of any single breach.

Where should a small business start with zero trust?

Start with MFA on every account, beginning with email and cloud platforms. Then review account permissions and remove access that nobody actively uses. Those two steps address the highest-risk gaps without requiring new software or a major project.

Article summary: When employees sign up for cloud tools without IT’s knowledge, businesses pay twice: once for the subscription and again when those unmanaged apps expose data or duplicate tools already in use. Shadow IT cloud costs are real, they grow quietly, and they show up on the books long before anyone notices them. A simple audit and a one-step approval process are enough to stop the bleeding.

Picture your marketing team signing up for a file-sharing tool. Nobody told IT. It costs $12 a month per user, charged to a company card as “office supplies.” Harmless on its own. 

Now add the sales team’s CRM add-on, the HR team’s recruitment tracker, and the three separate video editing apps installed last spring by two different people. Nobody tracked any of them.

That’s shadow IT. It’s the cloud tools and software that employees set up without IT’s knowledge or approval. 

Staying on top of your software environment and access controls is foundational to running a secure business, and shadow IT makes both harder at once.

What Shadow IT Actually Costs You

The financial hit comes from several directions. Most of it is invisible until someone decides to go looking.

Shadow IT accounts for 30 to 40% of IT spending in large organizations. For smaller businesses, the proportions are similar. The spend doesn’t shrink just because the company is smaller.

Torii’s 2025 SaaS Benchmark Report found that organizations manage an average of 668 applications, and more than half are classified as shadow IT.

That figure comes from first-party data across hundreds of organizations. 

Most of those apps were installed one at a time, by someone solving a real problem. Nobody added them to an inventory. Nobody checked whether the same feature already existed in a paid tool.

Three Places the Money Actually Goes

Duplicate subscriptions and redundant tools

The most direct shadow IT cloud cost is paying for the same functionality more than once. One team signs up for a project tool. Another department already has that capability inside a platform the company is already paying for. Both run. Both get billed.

Research from Zylo found that shadow IT makes up 34% of the average company’s SaaS portfolio, even though it accounts for only 4% of recorded spend. 

Abandoned subscriptions

Subscriptions run until someone stops them. 

When an employee leaves, their personal Dropbox, AI writing tool, and task manager keep billing every month. The charge is small enough to slip through expense review. Until it compounds.

The breach cost multiplier

This is the cost that gets the least attention, and it’s the largest.

IBM’s 2024 Cost of a Data Breach Report found that 35% of the breaches studied involved shadow data, and those incidents cost 16.2% more on average and took 26 percent longer to identify and contain.

The IBM report puts the average breach cost with shadow data at $5.27 million. 

That’s not a small business number for most companies, but the pattern holds at every scale. Unmanaged data is harder to find, harder to contain, and more expensive to recover from.

What a Shadow IT Audit Usually Finds

Most businesses assume they have 10 to 20 active cloud subscriptions. The real number is almost always higher.

Common findings from a first audit:

• Two or more tools doing the same job, bought by different teams without coordination

• Active subscriptions tied to email addresses of people who left the company months ago

• Apps with broad data permissions that nobody reviewed before signing up

• Personal cloud accounts used to share work files outside any IT oversight

None of these shows up on a standard expense report. They surface when someone cross-references financial records, active accounts, and SaaS authentication logs.

How to Get It Under Control

You don’t need an enterprise platform to start. A few consistent habits close most of the gap.

A quarterly subscription audit is the most practical first step. 

Pull every recurring software charge from company cards and expense records. Match each one to a current employee and a documented business purpose. Anything that doesn’t match gets reviewed and cancelled.

An approval step before new tools go live is the next piece. 

A simple request form, even just an email to IT, catches most unauthorized signups before they become a pattern. Pair that with revoking app access as part of every offboarding checklist, and abandoned subscriptions stop accumulating.

One written policy, shared with the team, is worth more than any detection tool. Employees often use unauthorized tools because the approved process is too slow or they don’t know a better option exists. Making the right path easier than the workaround is how shadow IT stops growing.

It’s Time to Find Out What You’re Actually Paying For

Shadow IT cloud costs are the kind of thing businesses absorb quietly until something forces a closer look. A security incident. An unexpected bill. A compliance audit.

Getting visibility isn’t complicated. It requires someone to own the process and a handful of habits that stick.

BrainStomp can help you run a clear software audit, identify what’s running and what’s a risk, and put a simple approval process in place that keeps the list from growing back. Reach out at brainstomp.com.

Article FAQs

What is shadow IT in cloud services?

Shadow IT refers to any cloud tools, apps, or software that employees set up and use for work without IT’s knowledge or approval. Common examples include personal file-sharing accounts, unapproved project management tools, and AI tools used to handle company data outside any governance.

How does shadow IT increase cloud costs?

It drives waste through duplicate subscriptions, abandoned subscriptions, and breach-related costs when unsecured apps expose business data.

How do I find out what shadow IT we have?

Start by pulling every recurring software charge from company cards and expense reports. Cross-reference those against a current employee list and your approved software inventory. Anything unaccounted for is a candidate for review.

Is shadow IT just a budget issue or a security risk too?

Both. The immediate cost is wasted on unused or duplicate licenses. The bigger risk is that unapproved apps handle business data without IT oversight, creating gaps in access control and breach visibility. The financial damage from a data breach involving unmanaged apps dwarfs the cost of any subscription.

 Article summary: Most businesses have connected dozens of third-party apps to their email, cloud storage, and collaboration tools, and then forgotten about them. A third-party app access audit lets you see exactly what’s connected, cut what isn’t needed, and close a security gap that’s easy to overlook. Done regularly, it takes under an hour and meaningfully shrinks your attack surface.

Think about the last time someone on your team signed up for a new productivity tool using “Sign in with Google” or “Connect to Microsoft 365.” 

It took about 10 seconds. The app got permission to read email, access files, or manage calendar entries. Then the team moved on. 

That happens dozens of times a year in a typical business.

The problem isn’t that your team uses connected apps. It’s that those connections rarely get reviewed. Over time, you end up with a growing list of third-party tools all with persistent access to your business data.

A regular third-party app access audit is how you get that list under control and keep it there. It’s one of the more practical ”good” cybersecurity habits a business can build.

Why Connected App Permissions Are a Security Risk

When someone authorizes a third-party app, they’re granting it an OAuth token. This is a credential that lets the app access specific data on their behalf without needing their password. OAuth (Open Authorization) is the industry-standard protocol that powers “Sign in with Google” and similar flows.

The catch: those tokens don’t expire on their own. 

Unless someone actively revokes access, an authorized app keeps its permissions indefinitely. This happens even if the person who authorized it has left the company, the app is no longer in use, or the vendor behind it has changed hands.

Attackers who exploited the 2024 Internet Archive breach used tokens that had remained valid and unrotated for 22 months.

That kind of long-lived, unmonitored access is a core reason third-party integrations make attractive targets. Dormant connections are forgotten backdoors.

Where to Look

The first step in a third-party app access audit is getting a full picture of what’s actually connected to your accounts. 

Here’s where to check in the two most common business platforms.

Google Workspace

In the Google Admin Console, navigate to Security > Access and Data Control > API Controls > App Access Control. 

This lists every third-party app authorized to access your Google Workspace data, along with the permissions each one holds.

Microsoft 365

In the Microsoft Entra Admin Center (formerly Azure Active Directory), go to Identity > Enterprise Applications. From there, you can review app permissions by user and see what each app has been granted access to.

For smaller teams without admin access, individual users can check their own connected apps. In Google, visit myaccount.google.com > Security > Third-party apps with account access. 

In Microsoft, check myapps.microsoft.com. Microsoft notes that users often click through consent prompts without reviewing the scope of what they’re granting.

How to Decide What to Keep and What to Cut

Not every connected app is a problem. The goal isn’t to disconnect everything. It’s to make sure each connection is deliberate and still justified.

Questions to ask about each app

• Is this app still actively used? If nobody has opened it in six months, it probably doesn’t need ongoing access.

• Does it need the permissions it has? An app asking for full email access when it only sends notifications is asking for more than it needs.

• Was it authorized by a current employee? Former employees may have connected apps that are still active, even after their accounts were closed.

• Is the vendor reputable? Look for a clear privacy policy, active maintenance, and a legitimate business presence.

Red flags to watch for

• Apps you don’t recognize by name

• Apps authorized by users who no longer work at the company

• Apps with admin-level or full-mailbox access that aren’t business-critical tools

• Apps that were authorized by a small number of users with no clear IT approval

How to Revoke Access

Once you’ve identified apps to remove, the process is straightforward.

In Google Workspace, select the app in the Admin Console and choose “Block Access,” or remove the specific OAuth grant from an individual user’s account. 

In Microsoft 365, go to the Enterprise Applications page in Entra and remove the app’s assignment. Individual users can also disconnect apps directly from their personal security settings.

After revoking access, it’s good practice to rotate passwords for connected accounts.

A few habits that keep things manageable going forward:

• Run an app access review at least quarterly

• Require IT approval before new apps are connected to company accounts

• Add app revocation to your employee offboarding checklist

Ready to Get Your App Permissions Under Control?

Third-party app access is one of those areas where businesses often have more exposure than they realize. The apps themselves aren’t the problem. The unmanaged access is.

A quarterly review, a clear approval process, and a solid offboarding checklist will cover most of the risk. None of it requires specialized tools or deep technical expertise. It does require someone to own the process.

If you’d like help running your first audit, setting up ongoing monitoring, or building an app approval workflow for your team, BrainStomp can help. Reach out at brainstomp.com/contact.

Article FAQs

What is a third-party app access audit?

It’s a review of all external applications that have been granted permission to access your business accounts to confirm each one is still needed and appropriately scoped.

How often should I audit third-party app permissions?

Quarterly is a reasonable baseline for most businesses. High-risk environments or those handling regulated data may want to review monthly. At minimum, run a check whenever an employee leaves the company.

Do OAuth tokens expire on their own?

Not usually. Most OAuth tokens remain valid until someone actively revokes them. That means apps you authorized years ago may still have access to your accounts today.

What should I do if I find an app I don’t recognize?

Revoke its access immediately. Then check any available audit logs for that app to see what data it may have accessed. If you see anything unusual, treat it as a potential security incident and investigate further.

Can individual employees revoke app access themselves?

Yes. In Google, users can visit myaccount.google.com > Security > Third-party apps with account access. In Microsoft, myapps.microsoft.com shows connected apps. That said, admins should also manage this at the organizational level to ensure full visibility across the business.

Article summary: Simple push notification MFA has a well-documented weakness: attackers who have your password can flood your phone with approval prompts until someone taps “allow” out of frustration or inattention. Number matching MFA closes this gap by requiring users to type a code shown on their login screen rather than blindly approving a prompt. The switch is quick to enable in Microsoft 365 and Google Workspace as a meaningful step toward stronger authentication.

In September 2022, a hacker with a stolen password needed one more thing to get into Uber’s corporate network: someone on the other end of an MFA push notification to tap Approve. So the attacker sent dozens of prompts. Then dozens more. 

Eventually, tired of the alerts, a contractor approved one. The attacker was in.

That’s an MFA fatigue attack. And it works because push-based MFA (multi-factor authentication) asks very little of the person approving. One tap. No context. No confirmation that the login was even initiated by you. 

MFA fatigue attack protection starts with understanding that flaw. Building a layered cybersecurity posture means going a step further than simply having MFA turned on.

How MFA Fatigue Attacks Work

An MFA fatigue attack only works if the attacker already has your credentials. They obtained them through phishing, a data breach, or a purchased dump from a dark web marketplace. The password is compromised. The only obstacle left is the second factor.

The attack is simple. The attacker attempts a login with the stolen credentials, which triggers a push notification on the target’s phone. They do it again. And again. The prompts arrive during a meeting, at 2 a.m., mid-commute. There’s no technical bypass involved. The attacker is betting on human exhaustion.

Microsoft tracked over 382,000 MFA fatigue attacks in a single 12-month period and found that 1% of users accept the very first prompt they receive without scrutiny.

At a 50-person company, that’s roughly one person who will approve the first request reflexively. One approval is all an attacker needs.

Why an “Approve” Button Is the Weak Link

Traditional MFA push notifications are fast and frictionless by design. A prompt appears on your phone: "Are you trying to sign in?" You tap Yes. Done.

But that same simplicity is the vulnerability. The prompt gives the user no information about which app triggered the request, where the login attempt originated, or whether they initiated a sign-in at all. 

In a prompt bombing campaign, the user is being worn down until judgment fails. 

Cisco was breached in 2022 in the same way. An employee received voice calls from someone impersonating IT support while push notifications flooded in, with instructions to just approve one to resolve the issue.

Stolen credentials are the prerequisite. 

Sound password hygiene and an understanding of how phishing attacks deliver those credentials reduce exposure at the front end.

But number matching adds a control that holds even after credentials are gone.

What Number Matching Changes

With number matching enabled, the login screen displays a two-digit number. The user opens their authenticator app and must type that specific number to complete sign-in. No number typed correctly, no access granted.

This one change eliminates two failure modes. 

First, accidental approvals become nearly impossible. There’s nothing to tap blindly. 

Second, it creates a brief but meaningful check: the user must see both their login screen and their phone at the same time, making it obvious if a request wasn’t self-initiated.

In Microsoft 365 and Microsoft Authenticator

Microsoft made number matching the default for all Authenticator push notifications in May 2023. 

If your organization uses Microsoft 365, your users are likely already seeing it. Admins can verify the setting is active for all users via Microsoft Entra Admin Center under Security > Authentication Methods > Microsoft Authenticator.

Microsoft also offers two additional context features that can be enabled alongside number matching: 

1. Displaying the name of the application requesting authentication, 

2. Showing the geographic location of the sign-in attempt. 

Both help users immediately identify a suspicious prompt before they respond.

In Google Workspace

Google Workspace doesn’t use a number matching system in the same way, but administrators can require stronger authentication methods through the Admin Console under Security > Authentication > 2-Step Verification. 

Google’s prompt already shows device name, location, and time of the sign-in request, giving users enough detail to recognize when something looks off.

Is Number Matching Enough?

Number matching MFA is a meaningful upgrade, not a final destination.

CISA explicitly recommends number matching as an interim mitigation for organizations that use mobile push-based MFA and cannot yet implement phishing-resistant authentication. It is described as one of the best available steps short of a full platform change.

The strongest option is phishing-resistant MFA, which uses hardware-bound cryptographic keys (FIDO2 security keys or Windows Hello for Business). 

Even if an attacker tricks a user into entering their credentials on a fake login page, the hardware key won’t authenticate against a domain it doesn’t recognize. 

For most small businesses, number matching is the right step to take this week. Phishing-resistant MFA is the right goal to plan toward.

What matters most right now: teams should know that an unexpected flood of MFA prompts is a sign of an active attack, not a reason to start tapping Approve.

Train your team to deny unexpected prompts immediately and report them to IT. That response, combined with number matching, closes most of the gap that push-only MFA leaves open.

Upgrade How Your Team Signs In

MFA fatigue attack protection doesn’t require new software or a major rollout. If you’re on Microsoft 365, number matching is likely already on. The question is whether it’s verified, configured correctly, and whether your team understands what to do when prompts arrive unexpectedly.

BrainStomp can help you audit your current MFA setup, enable number matching and additional context, and put a plan in place for stronger authentication over time. Reach out at brainstomp.com/contact.

Article FAQs

What is MFA fatigue?

MFA fatigue (also called push bombing or prompt bombing) is an attack technique where a hacker uses stolen credentials to trigger repeated MFA push notifications on a target’s phone until the user approves one out of frustration or distraction. It requires no technical bypass of MFA itself.

What is number matching in MFA?

Number matching is a security setting that requires the user to type a two-digit code shown on their login screen into their authenticator app before the login is approved. It prevents accidental approvals because the user must actively look at both devices and enter the correct number.

Is number matching the same as phishing-resistant MFA?

No. Number matching is a strong upgrade over simple push notifications, but CISA classifies it as an interim step. 

Article summary: Password lists in Excel, Word, or Notepad create a single point of failure. They make credential theft, password reuse, and unsafe sharing far more likely. A password manager for small businesses reduces real risk by generating unique passwords, controlling sharing, and storing credentials in a secure vault. This protects accounts and lowers the chance that one mistake exposes multiple systems.

If you’ve ever searched through an Excel sheet, Word document, or Notepad file trying to find “the password,” you’re not alone. It feels fast. It feels familiar. And it often feels like the easiest way to keep a team moving.

The problem is that it’s fragile.

Files get copied, emailed, and stored on shared drives or synced folders. Someone renames the file “Passwords – Updated,” and before long there are multiple versions circulating.

If that file is exposed, whether accidentally or through malware, it doesn’t reveal just one login. It can expose all of them.

That’s why a password manager is such a practical upgrade for small businesses. It’s one of the simplest ways to strengthen everyday IT security.

Why Password Lists Are Risky

Password lists create risk because they turn credentials into something that’s easy to spread and hard to control. 

They don’t just store passwords. They normalize habits that attackers rely on, like reuse and informal sharing. 

Storing passwords in an Excel or Word document on your PC is a common mistake that makes credentials easier to expose in the real world. Passwords are generally more valuable because people typically use the same password for multiple logins.

NIST guidance notes that using distinct passwords helps prevent “password stuffing” attacks, where a leaked password is automatically tried across many other sites and services.

CISA recommends a practical alternative: a password manager, an “easy-to-use program that generates, stores, and even fills in all your passwords.” Unlike a static document, it reduces the need for copy-and-paste storage and makes password reuse far less likely.

That’s why a password manager is such a practical security upgrade for small businesses.

It replaces password lists that lack built-in ways to:

• Control who can view credentials

• Share account access without revealing the actual password

• Track who accessed an account

• Make unique passwords the default

Attackers Love Stolen Credentials

Attackers don’t need movie-style hacking if they can get valid logins. Stolen credentials are one of the simplest ways into a business because they look like normal access. 

Verizon’s 2025 Data Breach Investigations Report (DBIR) says in the Basic Web Application Attacks pattern, about 88% of breaches involved the use of stolen credentials. 

The report also shows credential abuse as a frequent initial access path, which helps explain why one exposed password rarely stays contained.

Why a Password Manager for Small Business Reduces Real Risk

A password list is a workaround. A password manager is a system. That difference matters, because security works best when the safest option is also the easiest one to use.

Unique Passwords Become the Default

A password manager for small businesses makes strong, unique passwords the easy option. People don’t have to invent passwords, remember them, or reuse the same “good one” everywhere. 

The manager generates long passwords automatically and stores them securely, so each account can have its own password without creating extra work.

Autofill Reduces Phishing and Copy/Paste Mistakes

Password lists force people into copy-and-paste habits, which is how credentials end up where they shouldn’t be.

Autofill reduces that exposure. It also helps reveal suspicious sites, since the password vault won’t autofill on a look-alike page.

Sharing Becomes Controlled

Sharing access shouldn’t mean sharing the password itself. 

Password managers let teams share credentials through a controlled vault, limit who can use them, and remove access when it’s no longer needed.

A Password Manager is Designed for This Job

Spreadsheets and documents were never built to protect credentials. 

Password managers were. They encrypt your vault, support secure sharing, and make safer habits automatic. 

CISA describes a password manager as “an easy-to-use program that generates, stores, and even fills in all your passwords,” which is essentially what many teams try to accomplish with spreadsheets like Excel.

What to Look For in a Password Manager for Small Businesses

Not all password managers are built for teams. A good password manager for small businesses should make secure behavior easy day to day, while giving you enough control to manage access without turning it into a full-time job.

• Team vaults and secure sharing so people can access what they need without passing passwords around.

• Admin controls to add/remove users, set permissions, and keep access organized.

• Multi-factor authentication (MFA) support for the vault itself, plus strong master password requirements.

• Audit logs or activity reporting so you can see who accessed or changed shared items.

• Password generator + autofill across browsers and mobile devices.

• Easy onboarding and offboarding so access stays controlled as roles change.

• Cross-platform support (Windows/Mac, iOS/Android, major browsers).

• Breach/weak password alerts, if available, to catch risky reuse early.

Replace Password Files With a Safer System

Password lists feel convenient at first. But that convenience disappears the moment the file is copied, shared, or exposed. 

A password manager is a straightforward upgrade that reduces real risk without adding friction. It gives your team one secure place for credentials, makes strong passwords the default, and replaces informal sharing with controlled access.

Ready to stop guessing where passwords live and who has them? 

Reach out to BrainStomp. We’ll help you take a practical approach to improving password security, so your team can work quickly without creating unnecessary exposure.

Article FAQs

Why is storing passwords in Excel risky?

Because one file can expose many accounts at once. Spreadsheets get copied, shared, synced, and searched easily, and they encourage password reuse and unsafe sharing.

What’s the best password manager for a small business?

The best option is one your team will actually use. Look for secure sharing, admin controls, MFA support, cross-device autofill, and an easy way to manage access. Bitwarden and LastPass are common choices.

Do password managers work for teams?

Yes. Team features like shared vaults and role-based access let people use the credentials they need without passing passwords around or storing them in files.

What should we do with old password spreadsheets?

Treat them as sensitive. Restrict access immediately, migrate the credentials into a password manager, then securely delete the files (and any copies) once you’re confident everything is moved.

Article summary: ClickFix attacks use fake CAPTCHAs and “helpful instructions” to trick users into running malicious commands on their own devices. Clear patterns,  like treating any prompt that asks you to open Run or paste a command as suspicious, stop these attacks before they start. This reduces the risk of malware and account compromise while giving teams a simple response plan if someone clicks.

CAPTCHAs are so common online that most people barely notice them anymore. You click the box, prove you’re human, and move on.

A ClickFix attack starts the same way, then it takes a sharp turn.

Instead of verifying anything, it displays “helpful instructions” that nudge you into running a command on your own device. No suspicious download. No obvious attachment. Just a few keystrokes that feel routine—until they aren’t.

If you’re responsible for keeping a small team’s IT secure, this is the kind of everyday tactic that’s worth staying ahead of. 

The good news is that ClickFix is simple to stop once you know the pattern.

What Is a ClickFix Attack?

A ClickFix attack is a social-engineering technique designed to trick a user into running a malicious command themselves. 

Microsoft  describes this tactic as one that “trick[s] users into executing a malicious command themselves,” often by presenting a believable prompt that looks like a routine troubleshooting or verification step.

Instead of relying on a traditional malware download, ClickFix uses written instructions to guide the user into launching built-in tools like the Windows Run dialog and pasting in a command. 

What It Looks Like 

A ClickFix attack usually shows up as a normal-looking interruption: a page that claims you need to “verify,” “fix,” or “continue.” It’s often wrapped in a convincing fake CAPTCHA or error message. The tone is helpful and instructional, not threatening. That’s deliberate.

Darktrace describes users being “guided through a three-step process” where the “CAPTCHA” or prompt ultimately leads them to execute a command on their own machine. 

The instructions often look like quick troubleshooting steps, and the page may even display a progress message to make it feel legitimate.

Security Now’s Episode 1066 explains why this is so effective: it hides behind something routine, like completing a CAPTCHA, while steering the user into a copy-and-paste action that isn’t normal web behavior.

The notes cite Huntress research that ClickFix “fueled 53% of all malware loader activity” in 2025 within that dataset, a reminder that this tactic is far from a one-off gimmick.

If you want one simple “spot it fast” rule for your team, it’s this: a real CAPTCHA never needs you to leave your browser to follow keyboard instructions that run something on your device. That pattern is a hallmark of a ClickFix attack.

Why ClickFix Attacks Work So Well

A ClickFix attack works because it doesn’t feel like an attack. It feels like a normal “get me back to work” step. You’re blocked by a prompt, you want the page to load, and the instructions seem simple. That moment of friction is exactly what the tactic exploits.

ClickFix “relies on human intervention,” which is part of why it can be so effective. 

Instead of delivering malware in a way that looks obviously suspicious, it gets the user to do the risky part themselves. That changes how it’s perceived. People are often trained to avoid downloads and attachments, but they’re less suspicious of steps they’re actively performing.

The HHS sector alert also highlights how these campaigns mimic familiar steps, such as “prove you are human” prompts, making the interaction look routine while steering users toward malicious instructions.

And once someone is following instructions, they tend to keep going. The brain treats it like a checklist, not a security decision.

What Happens After You Press Enter

After you press Enter, a ClickFix attack stops being a “weird prompt” and becomes an execution chain. 

The pasted command typically launches built-in Windows tooling (often PowerShell or similar) to pull down the next stage from the internet and run it. 

The user ends up running commands that kick off malicious activity using legitimate system components, which can make the behavior blend in at first. 

From there, attackers aren’t just trying to prove the trick worked. They’re trying to establish control. 

Darktrace’s write-up explains that once the initial command is executed, activity can progress into command-and-control communications and follow-on actions that support broader compromise, including efforts that enable access expansion inside the environment. 

This isn’t limited to a single pop-up event. 

ClickFix campaigns can be delivered through compromised sites and phishing-driven lures, where users are manipulated into executing code that can install malware and open the door to further steps like credential theft and deeper access. 

What To Do If Someone Already Clicked

If someone already followed the steps in a ClickFix attack, the priority is speed and containment. Don’t waste time trying random “cleanup” fixes from the internet, and don’t assume it’s harmless because nothing obvious happened right away.

If someone may have followed the instructions from a suspicious prompt or verification page, contact your IT support provider immediately.

That early alert matters because the first minutes after an incident often determine how far it spreads.

If possible, isolate the device from the network to stop any further connections while you get help. You should immediately disconnect your device so the system can be assessed without ongoing exposure. 

Then focus on the basics that reduce follow-on damage: 

• Document what happened like what site it was, what steps were followed, etc.

• Scan the device using trusted security tools.

• Reset passwords for any accounts that may have been used on that machine, starting with email and core access.

Most importantly, treat it as a real incident, not an embarrassment. ClickFix attacks work because they look routine, and the right response is a calm, fast process that limits impact.

ClickFix Attacks are Preventable With Better Patterns

A ClickFix attack succeeds when it blends into routine behavior. It doesn’t need advanced tricks. It just needs someone to follow “helpful” instructions without pausing to question them.

The fix is simpler than most people expect: teach one or two clear patterns your team can recognize fast. 

Two practical habits make a real difference: learning to recognize suspicious prompts or verification pages, and having a clear response plan if someone follows the instructions before realizing something is wrong.

That kind of readiness rarely happens by accident. It comes from consistent awareness training, clear reporting paths, and systems designed to catch problems early. BrainStomp helps businesses put those pieces in place so employees know what to watch for and what to do if something slips through.

If you want help turning these practices into a consistent habit across your business, contact BrainStomp today.

Article FAQs

What is a ClickFix attack?

A ClickFix attack is a social-engineering scam that looks like a fake CAPTCHA or “verification” step and tricks you into running a command on your own device. Instead of downloading something obvious, it uses instructions to get the user to execute the malware.

Why would a ClickFix attack bypass normal security?

Because the user runs the command themselves using built-in tools like Windows Run or PowerShell. That “human step” can make the activity look more legitimate than a typical malicious download or attachment.

What should I do if I opened Run and pasted something?

Stop what you’re doing and contact IT support immediately. Disconnect from the internet if possible, document what happened, and change passwords for key accounts (especially email) as soon as you can.

Are ClickFix attacks only delivered by email?

No. They can also appear through compromised websites, malicious ads, fake software prompts, and other links that land you on a fake verification page.

Article summary: AI is embedded in everyday business tools in 2026. That makes inconsistent, unapproved use a real security and compliance risk. An AI policy in 2026 sets clear rules for which tools are allowed and what data can and cannot be used. It also requires human review because AI output can sound confident while still being wrong. Regulations and AI-enabled scams are pushing businesses to standardise how AI is used without slowing work down. Continuous monitoring supports the policy by making AI use visible and helping teams catch risky behaviour early.

AI is no longer a separate tool you “go use.” In 2026, it’s built into the apps your team already relies on. Email. Meetings. Search. File tools. Even the little add-ons promise to save time.

That convenience is exactly why an AI policy in 2026 matters.

When AI use spreads without clear rules, people make quick choices that create risk. They paste sensitive details into prompts. They trust an answer that sounds confident but isn’t verified. They turn on features that change where data is processed and stored.

Why AI Policy in 2026 Is Non-Negotiable

AI is accelerating faster than most businesses can evaluate

AI tools don’t stay still. Features roll out quietly inside the software your team already uses, and the capabilities keep climbing. That creates a practical problem: most businesses can’t realistically “re-evaluate” every new AI feature, plugin, or model update.

The International AI Safety Report 2026 makes the bigger point clearly: AI systems are becoming more capable quickly, while solid evidence about real-world risks is slower and harder to pin down. In other words, waiting for perfect certainty is a losing strategy. You still need a plan for how your team uses AI today.

AI policy uncertainty is increasing, not decreasing

The regulatory and policy landscape is moving in multiple directions at once. More jurisdictions are creating AI rules, and they don’t all look the same. 

Mind Foundry’s overview of AI regulations around the world frames this as a fast-growing, evolving patchwork. The direction is clear: more expectations around transparency, accountability, and risk management are coming. The details vary, but the pressure is real.

At the same time, AI policy debates are becoming more public and more urgent. Tech Policy Press’ roundup of expert predictions on what’s at stake in AI policy in 2026 highlights how issues like deepfakes, scams, and harmful uses of AI are driving lawmakers and regulators to act. 

The Risks You’re Actually Managing With an AI Policy in 2026

An AI policy in 2026 isn’t about hypothetical future problems. It’s about the risks already showing up in everyday work.

Data leakage and “shadow AI” use

The most common risk is simple: people paste or upload business information into AI tools without thinking through where that data goes next.

The challenge is that AI adoption is moving fast, and evidence about risk can lag behind capability. The International AI Safety Report 2026 is built around that reality: AI is advancing quickly, and organizations still need practical ways to manage risk while the broader landscape evolves.

More AI use often means more potential entry points and more valuable data in play. That’s the security side of “shadow AI,” and it’s why this topic matters now.

AI-powered scams and social engineering get more believable

AI makes phishing and impersonation easier to scale and harder to spot. 

Policy conversation in 2026 is increasingly tied to deepfakes, scams, and consumer harm. 

The Tech Policy Press 2026 expert predictions highlight how these issues are shaping what regulators and lawmakers are focused on. Your policy doesn’t have to be political, but it should be practical: verification steps for payment changes, banking details, urgent requests, and identity checks.

Tool sprawl, integrations, and unknown access

AI rarely stays “standalone.” 

The global push toward AI governance reflects this complexity. AI regulations around the world reinforce that expectations around accountability and control are increasing, even as the rules differ by region. 

An AI policy in 2026 gives you a consistent internal standard: what integrations are allowed, who approves them, and what gets logged and monitored.

What an AI Policy in 2026 Should Include

A practical AI policy in 2026 should be short, clear, and easy to follow.  At minimum, it should cover:

• Approved AI tools and features. Define what’s allowed, what’s not allowed yet, and how employees request approval for new tools.

• Data rules for AI use. Specify what can never be entered into AI tools and what’s acceptable in limited cases.

• Human review requirements. Require review for customer-facing content, technical instructions, decisions that affect people, and anything that could create legal or compliance exposure.

• Accuracy and sourcing expectations. Make it clear that AI output must be verified, and require sources or documentation where appropriate.

• Security controls for AI accounts. Require MFA, enforce strong access control, and limit or approve integrations/plugins that expand access.

• Monitoring and enforcement. Define what will be monitored so the policy can be applied consistently.

• Ownership and accountability. Assign who approves tools, who owns the policy, and what happens if the policy is ignored.

• Training and updates. Set a simple schedule for refreshing the policy as tools and regulations evolve.

Put Your 2026 AI Policy into Practice 

An AI policy in 2026 only helps if it changes day-to-day behavior. Clear rules for tools, data, and human review reduce mistakes and prevent “shadow AI” from becoming a security or compliance problem, especially as AI capabilities keep moving fast and policy expectations keep shifting.

If you want an AI policy your team will actually follow, reach out to BrainStomp. We’ll help you create a clear, practical policy, roll it out in a way that supports productivity, and put the right monitoring in place.

Article FAQs

What is an AI policy?

An AI policy is a set of clear rules for how employees can use AI tools at work. It typically covers approved tools, what data can and cannot be entered, when human review is required, and who is responsible for enforcement and updates.

Which companies need an AI policy in 2026?

Any company that handles customer, employee, financial, or confidential business data needs an AI policy by 2026. If your team uses AI features in email, documents, meetings, customer support, marketing, or analytics, you need a clear standard.

What will happen in 2026 with AI?

AI will be more embedded in everyday business software, more capable, and more widely adopted across teams. At the same time, expectations around responsible AI use will increase as regulations and public scrutiny continue to evolve.

Does an AI policy in 2026 mean banning AI?

No. A good AI policy in 2026 supports safe use by setting rules for tools, data, and review. The goal is to keep productivity gains while reducing security, compliance, and quality risks.

Article summary: Agentic AI in 2026 goes beyond chatbots. It can complete multi-step work using real business tools, not just answer questions. For small firms, this can reduce admin load and cut handoffs. It also keeps work moving through tasks like triage, drafting, scheduling, and system updates. The tradeoff is a new risk profile. Agents need access to email, files, calendars, and core apps, so visibility and security matter more. Safe adoption in 2026 depends on a clear scope, limited permissions, approval checkpoints, and enough oversight to catch mistakes early.

Agentic AI in 2026 is different. Instead of just answering chats, it can take on a goal and complete multi-step work using real tools. That might mean pulling details from a system, updating a record, drafting and sending a reply, and logging the outcome without you micromanaging each step.

For a small business, that’s a real opportunity. It can reduce admin load and speed up work that usually gets stuck in handoffs. It also raises the stakes, because agents often need access to email, files, calendars, and core business apps.

The point isn’t to rush in or to panic. It’s to be ready. If you treat agents like a new “digital team member” with access, rules, and oversight, you can get the benefits of agentic AI in 2026 without creating new blind spots.

What Changes From Chatbot to Agent?

A chatbot helps you create content. You ask a question, it returns an answer. You copy, paste, and decide what happens next. Agentic AI in 2026 goes further because it can take the next steps. 

Agents are designed to pursue a goal through a workflow, which usually means planning multiple actions and using tools to complete them. OpenAI describes agents as systems that can independently accomplish tasks on your behalf, and it draws a clear line between simple LLM apps and true agents that actually control workflow execution. 

That’s the key shift: the AI isn’t just producing text, it’s moving work forward inside your systems. 

Microsoft explains it in a way that’s easy to visualize: copilots are the interface that supports you, while agents are specialized “apps” built to handle processes. In practical terms, that means an agent can be assigned a specific job rather than just answering questions in a chat window. 

So the biggest change isn’t the quality of the writing. It’s the level of autonomy and access. 

With agentic AI in 2026, you’re no longer deciding every click. You’re deciding the rules, the permissions, and the checkpoints that determine what the agent is allowed to do.

Why Agentic AI Matters for Small Firms in 2026

That’s why agentic AI in 2026 matters. It isn’t just “a better chatbot.” It’s a shift in how work gets organized, because agents can handle multi-step processes that normally bounce between people, inboxes, and apps. 

Saratoga Software makes the point that agentic AI is a workflow change, not a simple product upgrade.

That means agents can reduce the handoffs that slow small teams down. They can triage inbound requests, draft responses, pull context from files or systems, update CRM records, schedule follow-ups, and keep tasks moving while your team stays focused on decisions and client relationships. 

The reason this becomes more urgent in 2026 is that the competitive advantage shifts from “who has access to AI” to “who can actually operationalize it.” 

IBM’s 2026 predictions highlight that the competition won’t just be on models, but on the systems that orchestrate models, tools, and workflows. 

For small firms, that’s good news. You don’t need a giant R&D team to benefit from agentic AI. 

The New Risk Profile

Agentic AI in 2026 changes the risk profile because the AI isn’t just generating output. It’s taking actions. 

That means the same “small” visibility gaps that were annoying with apps and extensions can become more serious when an agent is connected to email, files, calendars, and customer systems.

Shadow tools become “shadow actions”

If a team quietly adopts a tool, an add-on, or an automation, the biggest problem is usually visibility. 

We cover this in our Shadow IT audit post: when tools sit outside oversight, it gets hard to answer basic questions about access, data location, and ownership. 

With agents, that risk expands. It’s no longer just “Where did the data go?” It’s also “What did the agent do with it?”

More access = more entry points

Agents often need permissions to do useful work. They may read emails, write calendar events, access shared drives, update CRM records, or connect to third-party apps. Every connection increases the number of potential ways something can go wrong, whether that’s misuse, misconfiguration, or compromise. 

As AI adoption increases, the number of potential entry points for attackers increases, too.

Agents can fail fast

With a chatbot, a mistake usually stays in the chat window. With agentic AI, mistakes can travel. 

An agent can send a message to the wrong contact, attach the wrong file, update the wrong record, or change settings before anyone notices. 

That’s why the “preparation” part matters: narrow scope, limited permissions, and clear checkpoints before anything external or irreversible happens.

Make Agents Useful, Not Risky

Agentic AI in 2026 can be a real advantage for small firms, but only if it’s introduced with the same discipline you’d apply to any new system with access. 

If you’re considering adopting agentic AI in 2026, reach out to BrainStomp. We’ll help you pick smart first use cases, define the rules and approval points, and set up the visibility you need so agents reduce busywork without creating new risk.

Article FAQs

What is agentic AI?

Agentic AI is AI that can complete multi-step work on your behalf by planning steps and using tools, not just answering questions. It’s designed to move a task forward across real systems, with the ability to decide what to do next, take an action, and stop or escalate when it hits a limit.

What’s a safe first use case for a small firm?

A safe first use case is high-volume, low-risk work where a person approves the final step. Good starters include triaging inbound requests, drafting responses for review, creating internal summaries, updating CRM notes, or preparing task lists from meetings. Start with “recommend and draft,” then expand to “take action” after controls are proven.

What are the trends for agentic AI in 2026?

In 2026, expect more agents embedded inside mainstream business platforms, more specialized agents built for specific workflows, and more emphasis on orchestration, permissions, and monitoring. As agents take on more operational tasks, the businesses that benefit most will be the ones that define clear scopes, limit access, and make agent activity visible.