Ewa Wojnarska-Krajewska

Buying AI? How to Test It Before It Tests You

Most companies buy AI, not build it, but it still means taking operational and legal risks when something goes wrong. That makes testing a business problem, not a technical one. It matters most for tools that are critical to your operations, can cause serious damage or connect across several systems.

This article looks at testing from the buyer’s side, using a concrete example. Not a high‑stakes regulated system, but one that can still go wrong in the everyday operations of a typical company in ways that are hard to undo.

Table of contents

  1. Use case – understand what may go wrong
  2. PoC or MVP – and why it actually matters
  3. Ownership from day one
  4. What’s next? Incident‑driven monitoring with users as a defense line
  5. Key findings

Use case – understand what may go wrong

Let’s take a customer ticket support example: too many queries, agents stretched, vendor promises efficiency. The AI tool you plan to buy to solve that problems is not standalone, it is integrated with your main customer systems and connected across multiple data flows.

This is what can happen when things go wrong:

  • A reply includes details from another customer’s ticket
  • The tool invents a refund or a deadline and the agent approves it under time pressure
  • Internal, confidential information from connected systems or external, unverified content appears in a customer response
  • The system starts feeding downstream tools (e.g. CRM) with incorrect or hallucinated data

You may not notice until a customer complains, or an audit reveals that one customer’s problem has been exposed to another, or that the response has magnified the problem instead of fixing it.

Testing is the obvious answer to these risks. The real question is: what does proper testing look like?

PoC or MVP – and why it actually matters

The safer option is to start with PoC (Proof of Concept – a limited test to check whether a tool works in practice): typically run in a sandbox or semi-production environment, using prepared or controlled data and without direct interaction with real customers. But in practice, personal and company data can still flow through PoCs and the law doesn’t switch off just because something is labelled a “test.” More importantly: a PoC almost never shows you what happens under time pressure, with messy live data, in connected systems.

Article content

For many non-high-risk tools (like ticket support), the honest option is to go straight to a small MVP (Minimum Viable Product – a limited live version with real workflow, real users, narrow scope and clear safeguards). It gives you a true read on value and failure modes. It fits better with reality: few companies have capacity for “PoC → long monitoring → separate MVP.”

But if you go straight to an MVP, you need to be deliberate:

  • Define the scope – limited users, clearly bounded actions, gradual extension into integrations with other systems
  • Run a basic risk check – what data is involved, what can be mixed, what can be sent, can the system pull external data; limit risks upfront where you can (e.g. keep it in your environment)
  • Set at least minimal governance – who approves the tool, who owns the pilot, how issues are reported, how it’s reviewed
  • Keep humans in control – no auto-send, trained review before anything goes out, flagging incidents, vendor’s support.

Ownership from day one

MVPs start without clear ownership, something goes wrong and the problem gets labelled “technical” and pushed to IT – even when it is a compliance or business issue.

You need these roles, defined before go-live:

  • Business owner – accountable for how the tool is used
  • Risk/compliance co-owner – defines boundaries and red lines
  • IT owner – ensures logging, access control and the ability to stop the tool

If all three are not named at MVP stage, you will find out why they matter the first time something goes wrong.

A tight MVP scope with deliberate scaling up, at least a basic risk assessment, named owners, a simple incident loop, users who know what to watch for: none of this is complicated. But without it, you are not really testing the tool. You are just using it and hoping.

What’s next? Incident‑driven monitoring with users as a defense line

Article content

Once you move beyond testing conditions and gradually expand the tool, the keyword becomes “monitoring.” In reality, especially in non‑regulated environments, monitoring is mostly incident‑driven. Even where requirements are higher, it is often far from perfect. So instead of relying on fictional “continuous monitoring” in policies, design around how things actually work.

  • Define upfront what an AI incident looks like for this tool.
  • Decide how to prevent those incidents under your real‑world conditions and implement the controls.
  • When something does go wrong, make it safe for people to be honest, use the vendor’s support

Learn the lesson from incidents and turn it into improvement!

The users of the tool are often the first – and sometimes the only – ones who notice something is off. The users are the most underestimated control you have. Make them part of the system:

  • Skip generic AI training; give clear guidance on what to watch for in the tools they actually use
  • Give them an easy way to escalate issues
  • Make it explicit that flagging problems is expected – not something to hide by quietly fixing drafts

Key findings

  • You buy, not build, AI – but you stay responsible for what it does
  • Testing doesn’t need to be complex: a small, well‑governed MVP can give you the most honest feedback
  • Clear ownership, careful scaling, empowered users and even incident‑driven monitoring will always beat ambitious language in policies.

By Ewa Wojnarska-Krajewska