Using AI in Business: Where to Start
A practical 90-day guide to using AI in business, from finding valuable use cases to choosing secure tools, setting guard rails and scaling safely.
The question business leaders are asking has changed. It was once, ‘How do we move to the cloud?’ or ‘How do we improve our cyber security?’ Today, it is increasingly, ‘How do we use AI?’.
For many organisations, the answer still feels unclear. Some employees are experimenting on their own. Others have approved tools but no shared direction. A smaller group has begun embedding AI into business processes. Wherever you sit, the best place to start is not with a long list of products, but with a real business problem.
“AI succeeds when IT enables it, and the business owns it.
Daniel Bayfield
Chief Executive Officer, Veracity
AI is already part of everyday work
AI is already helping people across sales, marketing, finance, HR, customer service and leadership. Common uses include drafting proposals and follow-up emails, generating campaign ideas, explaining reports, summarising service tickets, preparing policies, and acting as a sounding board for strategy.
These are useful entry points because they help people learn what AI can and can’t do. But the bigger shift is from asking an AI assistant for help with an isolated task to giving it the right context to support a business process or workflow.
From a general assistant to an AI that understands your business
A general AI tool knows what you tell it in a prompt. A connected business AI can, with appropriate permissions, draw on systems such as Microsoft 365, SharePoint, a CRM, finance platforms, databases, project documents and internal policies. Standards such as Model Context Protocol, or MCP, are making these connections easier to manage.
This opens the door to practical use cases such as an Internal Knowledge Assistant AI Agent. Instead of searching across several systems, an employee could ask the Agent:
- What is our parental leave policy?
- How do I onboard a new customer?
- Which products are included in our premium support tier?
- Show me the opportunities worth more than $50,000 that are expected to close this month.
The response can be grounded in approved company information and, importantly, point back to the source. Instead of employees moving between multiple systems to find answers, AI can become a gateway to the information they are already authorised to use.
Start with problems, not products
The most productive question is not, ‘What can this AI tool do?’ It is, ‘What problem are we trying to solve?’ Give AI the problem, the context and the constraints, then ask it to suggest options.
For example:
- Our new employee onboarding process takes too long. Where could we simplify or automate it?
- Our account managers spend too much time writing proposals. How could we reduce that effort without lowering quality?
- Customers frequently ask us the same questions. How could we improve access to consistent answers?
- We are struggling with staff knowledge sharing. What practical approaches should we consider?
Asked this way, AI can surface automation opportunities, workflow improvements, software you may not have considered, or ideas for a small agent. The business team remains best placed to judge which ideas are genuinely valuable.
Use AI securely from the beginning
Useful experimentation still needs guard rails. If people do not have an approved way to use AI, they will often find their own. That creates shadow AI and increases the chance that sensitive business or customer information is pasted into tools that have not been reviewed.
Five principles provide a sound starting point:
- Use approved, business-grade platforms. Confirm the tool’s privacy, security, data handling and contractual settings before using it for business information.
- Keep confidential data out of consumer tools. Do not paste sensitive company, customer or personal information into public or personal AI services unless your organisation has explicitly approved that use.
- Create an AI usage policy early. Set clear expectations about approved tools, acceptable information, human review and accountability before habits become difficult to unwind.
- Start with read-only access. For connected AI and agents, allow access only to the information needed. Test read-only use cases before permitting AI to create, change or send anything.
- Treat AI like a new employee. Apply least privilege, provide supervision, check its work and do not trust outputs blindly.
A practical 90-day AI roadmap
You don’t need a perfect enterprise AI strategy before you begin. A focused 90-day approach can build capability while keeping risk under control.
Days 1-30 – Experiment and assess
- Ask leaders to use AI regularly
- Identify five use cases
- Look for repetitive work, bottlenecks and knowledge gaps
- Assess readiness, security and permissions
Days 31-60 – Pilot practical solutions
- Choose two contained pilots
- Include one personal productivity use case
- Include one team or process use case
- Define the outcome and how you will measure it
Days 61-90 – Govern and scale
- Create an AI policy
- Confirm approved tools
- Apply security controls
- Introduce simple agents where appropriate
- Build a network of internal champions
Common mistakes to avoid
Organisations tend to lose momentum when they wait for a perfect strategy, buy tools before identifying a use case, allow uncontrolled experimentation, treat AI as an IT-only project or overlook change management.
The technology matters, but successful adoption depends just as heavily on people, process and leadership. IT should enable the environment and manage risk. Business leaders and teams should define the problems, shape the use cases and own the outcomes.
Three things to do next week
- Use an approved AI tool every day so you understand its strengths and limitations.
- Ask AI to help solve a real problem, not only complete a task.
- Choose one safe, contained experiment with a clear owner and outcome.
Ready to move from experimentation to a practical AI plan?
We can help you assess AI readiness, identify valuable use cases, establish the right governance and security guard rails, and develop a practical roadmap for adoption.