KrambergAI
E-Book · Practical Guide

Integrating AI Employees Securely into Business Processes

How mid-sized companies can deploy AI assistants and AI agents productively – with defined tasks, limited permissions and clear human responsibility.

A structured path from the first use case to controlled productive operation – with process selection, a role and permission model, security and data-protection requirements and a proven 90-day pilot approach.

KrambergAI GmbH
krambergai.com
As of 2026
GDPR-compliant data protection · Made in Germany
KrambergAI
Contents

Overview

Table of Contents

From the business rationale through architecture, roles and permissions to security, operation and worked examples. Each part can be used on its own as a working basis.

IWhy AI Employees Become a Management Topic
  • ·Management summary and seven layers of control
  • ·From AI experiment to operational use
  • ·What is an AI employee? Terms and levels of autonomy
IIThe Business Process Determines the Architecture
  • ·Automate the task, not the employee
  • ·Which processes are suitable? Use-case scorecard
  • ·The technical integration architecture
IIIDesigning Role, Knowledge and Permissions
  • ·Describing an AI employee like an operational role
  • ·Company knowledge as a controlled working basis
  • ·A dedicated identity and minimal permissions
  • ·Setting meaningful human control points
IVSecurity, Data Protection and Regulation
  • ·New security risks from AI agents
  • ·Quality must become measurable
  • ·Data protection, the AI Act and employee participation
  • ·Data sovereignty and processing location
VResponsibilities and Operation
  • ·A workable operating model for mid-sized companies
  • ·The 90-day pilot
VIWorked Examples
  • ·Technical customer service, plumbing and HVAC
  • ·Quotation preparation in construction and project business
  • ·Traffic safety and operational deployment planning
VIITypical Wrong Decisions
  • ·Ten reasons why AI employees fail in practice
VIIIChecklists and Decision Aids
  • ·Go-live checklist
  • ·Maturity self-assessment
  • ·Management decision and next step
  • ·Sources and disclaimer
KrambergAI
Part I · Context

Management Summary

Value comes from integration, not from the model

AI employees promise relief in customer inquiries, quotations, documentation, dispatching and recurring administrative tasks. In practice, however, the value does not come from the language model alone, but from how the AI employee is embedded into the specific business process.

What a productively usable AI employee needs

1A clear mandate

A defined mandate rather than a universal remit.

2Reliable sources

Approved, up-to-date information sources as a working basis.

3A dedicated identity

Its own technical identity for full traceability.

4Limited permissions

System rights restricted to what the task requires.

5Control points

Human approval and escalation points in the right places.

6Measurable quality

Testable quality criteria, logging and monitoring.

In addition, there must be a defined way of handling errors and security incidents. This is what fundamentally distinguishes an operational AI employee from a freely used chatbot: it works within a process chain, reading a customer inquiry, for example, matching it against the CRM, requesting missing details, preparing a case and handing it over to a responsible member of staff.

The closer an AI system comes to decisions, customer commitments, payment flows or personal data, the more important permission management, approvals and traceability become.

Core recommendation

Do not automate decisions first. Automate preparation, structuring and handover first.

A safe entry point therefore usually begins in an assisting role. Only after reliable practical experience should the AI employee carry out limited actions on its own.

KrambergAI
Part I · Context

Management Summary

The seven layers of control for an operational AI employee

A manageable AI deployment can be structured into seven layers that build on one another. They also form the structure of this e-book: from the business objective through architecture and permissions to quality assurance and ongoing operation.

1
Business purpose and measurable goalA concrete, economically relevant problem and a verifiable target metric.
2
A defined process sectionA clearly delimited part of a workflow rather than an entire field of tasks.
3
Approved data and knowledge sourcesOwned, versioned and up-to-date content as a working basis.
4
Technical identity and permissionsA dedicated identity with minimal, technically enforced rights.
5
Human approval and escalation pointsControl where an error would have relevant consequences.
6
Quality measurement and loggingTest cases, acceptance criteria and complete traceability.
7
Operation, monitoring and continuous improvementNamed responsibility, error analysis and controlled changes.
Result

The result is not an uncontrolled digital jack-of-all-trades, but a specialised software role within a manageable business process. This is precisely the difference between an impressive demonstrator and a dependable operational tool.

How to read this guide: Parts I–IV establish the technical and regulatory basis, Part V covers operation and piloting, Part VI presents three practical cases, and Parts VII–VIII provide failure patterns, checklists and decision aids.

KrambergAI
Part I · Why AI Becomes a Management Topic

Market development

From AI experiment to operational use

The use of artificial intelligence in German companies is rising markedly. According to the Federal Statistical Office, around 26 percent of companies with at least ten employees used AI technologies in 2025. Adoption depends strongly on company size.

AI adoption in 2025 by employee size class (Federal Statistical Office)
Company sizeShare using AI
10 to 49 employees23 %
50 to 249 employees36 %
250 or more employees57 %
Total (10 or more employees)26 %

The KfW SME Panel arrives at an AI adoption rate of 20 percent for the more broadly defined German Mittelstand. Larger, internationally active and research-intensive mid-sized companies use AI particularly often.

The differing figures are not a contradiction. They are based on different company definitions, samples and questions. Together, however, the surveys point to a clear trend: AI is moving from an individual aid used by single employees to structured, company-wide use.

Context

The figures mark a transition. The decisive question is no longer whether AI is present in the company – in many places it already enters through individual employees – but whether this use is structured, accountable and verifiable.

KrambergAI
Part I · Why AI Becomes a Management Topic

Market development

The next stage: from use to action

The next stage of development is already visible. In an international corporate survey by McKinsey, 62 percent of respondents said their organisation was already experimenting with AI agents. 23 percent reported scaling agentic systems in at least one business area. At the same time, almost two thirds of companies had not yet scaled AI across the enterprise.

This is exactly where an implementation gap opens up between technical possibility and operational manageability:

  • The models are becoming more capable.
  • The number of available AI tools is growing.
  • Early adopters achieve personal productivity gains.
  • Business processes, responsibilities and control mechanisms evolve more slowly.

What the benefit is worth – and what it depends on

The OECD summarises experimental studies according to which generative AI can enable average productivity gains of roughly 5 to more than 25 percent for suitable tasks such as customer service, software development, research and text processing. The effect depends heavily on the task, skills, process design and quality assurance.

In an OECD survey of more than 5,000 small and mid-sized enterprises from seven countries, 65.1 percent of generative-AI users reported improved work performance. At the same time, the study emphasises the importance of skills, responsible use and organisational embedding. The productivity gain is therefore not automatic, but the result of sound process work.

The decisive management question

Not: “Which AI model should we use?” – but: “Which defined process step can an AI system take on, and under what conditions?”

KrambergAI
Part I · Fundamentals

Terminology

What is an AI employee?

The term „AI employee“ does not describe an employment relationship or an independent, accountable person. It refers to a software-based role that carries out operational tasks within defined limits. An AI employee typically combines a language or multimodal model, company-specific instructions, access to approved company knowledge, interfaces to business applications, rules for decisions and escalations, as well as logging and quality controls.

Three terms clearly distinguished

AI assistant
responds to requests and produces text, summaries or suggestions, but does not carry out independent actions in business systems.
AI agent
plans several steps on its own and calls tools or system functions to achieve a defined goal (an „agentic system“).
AI employee
in this guide, refers to the operational role with a clear mandate and defined limits – whether it is more assisting or more agentic in nature.

From chatbot to AI employee

StageHow it worksExample
Information assistantanswers questions based on approved sourceslooks up a maintenance instruction
Work assistantcreates drafts and structures informationprepares a quotation
Process assistanthandles several connected process stepscaptures an inquiry and creates a CRM case
Action agentcarries out approved actions in systemssends confirmed appointment options
Semi-autonomous systemdecides on its own within defined limitsprioritises standardised cases

For most mid-sized companies, the first three stages are the most sensible entry point. They can already deliver considerable value without granting the AI system far-reaching decision-making power.

KrambergAI
Part I · Fundamentals

Autonomy

Four levels of autonomy for practice

For the concrete design, a finer classification has proven useful. It describes how much an AI employee may do on its own – and at what point a human becomes involved.

0Suggestion only

The AI employee produces a draft. A member of staff reviews it and adopts it manually.
Example: drafting a reply to a complaint.

1Preparation with approval

The AI employee reads data and prepares a case. The action is only carried out after human approval.
Example: creating a service order after approval by dispatch.

2Limited execution

The AI employee carries out low-risk actions on its own within fixed rules.
Example: sending an acknowledgement of receipt or requesting missing mandatory details.

3Controlled partial autonomy

The AI employee handles a standardised process largely on its own. Exceptions and relevant decisions are escalated.
Example: certain maintenance-appointment requests from existing customers under a maintenance contract.

Basic rule

The level of autonomy is not determined by the technical capabilities of the model. It is determined by the potential harm of an incorrect action.

This rule runs through the entire guide: it is not what a model can do that sets the degrees of freedom, but what would happen in the event of an error – and how well that error can be detected and reversed.

KrambergAI
Part II · The Process Determines the Architecture

Scoping

Automate the task, not the employee

Many AI projects begin with an impressive product demonstration. The system answers questions, writes convincing text and appears highly capable. This quickly leads to the wish to introduce as universal an AI employee as possible. In operation, this approach often fails: a universal mandate such as „support our sales team“ contains too many different tasks, information sources, decisions and risks.

A robust AI use case therefore does not begin with a department, but with a defined process event.

Example: „automate customer service“

This phrasing is too broad. The actual process consists of individual steps with very different levels of risk:

  1. A customer inquiry arrives by e-mail, phone form or web form.
  2. The customer, asset and contract status are identified.
  3. The request is assigned to a case type.
  4. Missing details are identified.
  5. Urgency and responsibility are checked.
  6. A service case is created.
  7. The next processing step is prepared.
  8. The customer receives a response.
  9. A member of staff takes over exceptions.

Not every one of these steps carries the same risk. The AI employee can usually send an acknowledgement of receipt on its own. Committing to a binding appointment, accepting a warranty claim or classifying a security incident, by contrast, require different controls. Whoever automates the entire block automates the highest risk along with it.

KrambergAI
Part II · The Process Determines the Architecture

Scoping

Breaking a process down correctly

For each individual process step, five questions are answered. Only their answers turn an idea into an implementable and verifiable use case.

1
What triggers the step?An e-mail, a form, a phone note, a system event or a manual order.
2
What information is needed?Customer data, contract status, product information, policies or project documents.
3
Which action should be carried out?Classify, summarise, compare, record, send or escalate.
4
What error could occur?Incorrect assignment, data leakage, an inadmissible commitment, a scheduling error or inaccurate information.
5
Who holds the operational responsibility?Sales, customer service, dispatch, project management, HR or management.

The process profile

The answers are recorded in a compact profile. It is the shared operational basis for architecture, the data-protection assessment, permissions and acceptance tests.

Frame: process name · department · process owner · triggering event

Content: inputs and data sources · desired outcome · permitted actions · excluded actions

Control: approval points · escalation rules · quality criteria

Evidence: documentation requirements · logging

KrambergAI
Part II · The Process Determines the Architecture

Process selection

Which processes are suitable?

Not every process is a good entry point. The most suitable are frequent, recurring and rule-based tasks with results that are easy to verify. Tasks involving a high degree of discretion, far-reaching consequences or results that are hard to verify do not belong at the start.

Especially suitable

  • Capturing and classifying customer inquiries
  • Summarising e-mails and documents
  • Extracting information from forms and attachments
  • Identifying missing details
  • Preparing CRM cases
  • Structuring call notes
  • Creating standardised draft replies
  • Preparing quotations from approved building blocks
  • Reviewing maintenance and project documentation
  • Making internal knowledge findable
  • Preparing handovers between sales, project and service

Suitable only with caveats

  • Binding pricing decisions
  • Final quotation approvals
  • Accepting warranty claims
  • Technical safety approvals
  • Payment instructions
  • Personnel decisions
  • Legal assessments
  • Decisions with significant effects on individuals
  • Controlling safety-critical equipment

The right-hand column is not a prohibition, but a signal of an increased need for control. Such tasks can be integrated later and under stricter approvals – not as an entry point.

KrambergAI
Part II · The Process Determines the Architecture

Process selection

Use-case scorecard

Rate each factor from 0 to 2 points. The total gives an initial, deliberately rough indication of whether a process is suitable as a pilot.

Criterion0 points1 point2 points
Frequencyrareregularvery frequent
Standardisationhighly variablepartly standardisedlargely standardised
Data availabilityscatteredpartly availabledigital and accessible
Result verifiabilitysubjectivepartly verifiableclearly verifiable
Consequences of errorshighmediumlow
Process ownershipunclearpartly clarifiednamed
Integration effortvery highmediumlow
Value potentiallowmediumhigh

0–6

Not a suitable starting process.

7–11

Preparatory work or a narrow prototype required.

12–16

A good candidate for a controlled pilot.

The best pilot processes

A suitable pilot has three properties: the result is economically relevant, errors can be detected and corrected, and the process contains enough cases to learn within a few weeks. An AI employee for a task that occurs only twice a month generates little reliable experience. A process with several hundred cases per month, by contrast, allows a systematic assessment.

KrambergAI
Part II · The Process Determines the Architecture

Architecture

The technical integration architecture

An operational AI employee consists of several components. The language model is only one of them. The following reference architecture arranges the building blocks so that responsibility, control and traceability are preserved.

1 · Input channels

An e-mail inbox, a web form, a telephony platform, a customer portal, Teams or Slack, a CRM event, an ERP event or a manual work order. These trigger the case and supply the first raw data.

2 · Orchestration

The orchestration controls the flow. It decides which AI employee is responsible, which information is loaded, which tools may be used, when an approval is required and how errors are handled. It is the place where operational rules are reliably enforced.

3 · Model layer

Depending on the task, different models can be used: a powerful cloud model for complex analysis, a low-cost model for simple classification, a local model for particularly sensitive content and a specialised model for document or image recognition.

4 · Knowledge layer

It provides approved content: procedures, product data, maintenance documents, contract building blocks, price lists, project documents, frequent customer questions and technical standards – each in a controlled, up-to-date version.

KrambergAI
Part II · The Process Determines the Architecture

Architecture

Tools, control and target systems

5 · Tool layer

The AI employee accesses clearly defined functions in a controlled way: reading a CRM record, creating a ticket, checking calendar availability, generating a document, drafting an e-mail, updating a status or assigning a task.

6 · Control layer

This is where security and approval rules are enforced: input validation, permission checks, data filters, an approval workflow, output validation, logging and cost and volume limits. This layer decides whether a suggestion may become an action.

7 · Target systems

CRM, ERP, DMS, ticketing system, e-mail, calendar, project management, customer portal or line-of-business application – the systems in which the case ultimately takes shape.

Architecture principle

Where possible, the AI employee does not access databases or full user interfaces directly, but through defined functions.

read_customer_status

create_service_case

get_appointment_options

save_quotation_draft

Each function has a limited purpose, defined input fields and a verifiable response. This keeps what the AI employee may – and may not – do technically enforceable.

KrambergAI
Part III · Role, Knowledge and Permissions

Role description

Describing an AI employee like an operational role

An AI employee needs more than a system prompt. It needs a complete role description – the kind you would hand to a new specialist. The following example shows a typical role in service intake.

AI employee „Service intake“ · Mandate

Capture, structure and prepare incoming service requests for dispatch.

Permitted activities

  • Identify the sender and customer company
  • Assign the asset or system
  • Classify the request
  • Detect missing mandatory details
  • Check for an existing maintenance contract
  • Create an acknowledgement of receipt
  • Create a service case as a draft
  • Hand the case over to the responsible dispatch team

Activities that are not permitted

  • Committing to binding appointments
  • Quoting prices outside the approved price list
  • Accepting warranty claims
  • Presenting remote diagnoses as a confirmed cause
  • Conclusively assessing emergencies on its own
  • Changing customer data
  • Deleting cases
KrambergAI
Part III · Role, Knowledge and Permissions

Role description

Escalation, output and the role model

Reasons for escalation

  • a possible security incident
  • personal injury or danger
  • an unclear customer or asset
  • contradictory contract information
  • a complaint or threat of cancellation
  • a data-protection request
  • unusual file attachments
  • a failed system action

Expected output

  • a structured summary
  • the identified case type
  • available and missing details
  • a suggested priority
  • a suggested next step
  • sources and system data as a basis

The „Mandate – Authority – Limit – Handover“ role model

MMandate

What result should be achieved?

AAuthority

Which information and functions may the system use?

LLimit

Which decisions and actions are excluded?

HHandover

When and in what form does a member of staff take over?

If one of these four elements is missing, the result is either a useless system or an unnecessarily high operational risk. A mandate without a limit leads to overreach; authority without a defined handover lets errors continue unnoticed.

KrambergAI
Part III · Role, Knowledge and Permissions

Knowledge base

Company knowledge as a controlled working basis

An AI employee can only work as reliably as its information base. A language model’s general knowledge does not replace approved company information – it often sounds plausible, but it is not tied to your contracts, prices and procedures.

Typical knowledge sources

Process descriptions and work instructions

Technical documentation and standards

Product and service descriptions

Quotation building blocks and price lists

Service levels, response times, maintenance contracts

Project files and checklists

Internal contacts and responsibilities

Common fault patterns and experiential knowledge

Frequent customer questions

A common problem: available, but not operationally ready

In many companies, relevant content sits in personal file storage, e-mail inboxes, unmaintained SharePoint folders, old PDF versions, scanned documents, spreadsheets without an owner or parallel repositories with contradictory information. An AI employee does not solve these problems. It can even spread contradictory information faster. Organising knowledge is therefore not an afterthought, but a prerequisite.

KrambergAI
Part III · Role, Knowledge and Permissions

Knowledge base

Minimum requirements, RAG and a robust answering principle

Minimum requirements for knowledge sources

Every source used in production should have a named subject-matter owner, a documented scope of validity, a version status, an approval status, a date of last review, defined access rights and an archiving or deletion rule. If one of these attributes is missing, the source is not ready for operation.

Retrieval Augmented Generation (RAG)

In RAG systems, relevant company content matching the specific request is retrieved and provided to the language model as additional information. This means the model does not have to be retrained on all company data. In 2025, the German Data Protection Conference published a dedicated guidance note on the data-protection specifics of RAG systems – covering, among other things, data sources, embeddings, deletion, access control and the processing of personal information.

A recommended answering principle

Where possible, the AI employee should provide factual statements with a source, document name, version status, the relevant passage and a note on any uncertainty or deviation. If it finds no approved source, it should not improvise, but hand the case over to a member of staff.

This principle turns a seemingly confident answer into a verifiable one. It is also the basis on which results can later be formally accepted or challenged on the merits.

KrambergAI
Part III · Role, Knowledge and Permissions

Identity & permissions

A dedicated identity and minimal permissions

An AI employee must not simply work under an employee’s user account. It needs its own technical identity. Only then is it possible to trace which data it read, which cases it created, which actions it carried out and which errors it caused – and which permissions were actually used.

The principle of least privilege

The AI employee receives only the rights necessary for its specific mandate. An AI employee for service intake, for example, needs read access to customer master data and maintenance contracts and write access for new ticket drafts – but no deletion right, no right to change customer data and no right to change prices or contracts.

Permission matrix (service-intake example)
System · FunctionReadCreateChangeDeleteApprove
CRM · Customer master datayesnononono
CRM · Activityyesyeslimitednopartial
Ticketing · Service caseyesdraftdraftnoyes
DMS · Maintenance contractsyesnononono
E-mail · Acknowledgementyesyesnoby rule
Calendar · Availabilityyesnononono
ERP · Pricesselectionnononono
KrambergAI
Part III · Role, Knowledge and Permissions

Identity & permissions

Safeguards – and why language is not a boundary

Additional safeguards

separate service accounts instead of personal accounts

time-limited access tokens

key management outside the prompt

network restrictions

separation of read, create and approve functions

a maximum number of actions per case

amount and volume limits

blocking on unusual behaviour

This is complemented by regular permission reviews. Rights that were granted once should not remain in place indefinitely without oversight.

Principle

No permission through language. An instruction in the prompt such as „never delete records“ is not an adequate security control. The deletion right must simply not exist technically.

Language instructions govern behaviour in the normal case. But they fail precisely when it matters: with manipulated inputs, unexpected formats or targeted attacks. Effective boundaries therefore lie at the permission and function level, not in the text.

KrambergAI
Part III · Role, Knowledge and Permissions

Human control

Setting human control points sensibly

Human control does not mean that every single sentence must be read manually. It must take effect where an error would have relevant consequences. Three forms have proven useful in practice.

1 · Approval before an action

A member of staff confirms the action before it is carried out. Suitable for binding quotations, price deviations, appointment confirmations with a capacity impact, contract changes, external statements and payments or orders.

2 · Review after an action

The AI employee carries out a low-risk action. The results are checked on a sample basis or afterwards. Suitable for acknowledgements of receipt, internal summaries, categorisations, document tagging and task creation.

3 · Exception-based handover

The AI employee works independently as long as defined conditions are met. A handover occurs, for example, when mandatory data is missing, recognition confidence is low, sources are contradictory, there are complaints, unusual amounts, a safety relevance, special categories of personal data or a repeated technical error.

KrambergAI
Part III · Role, Knowledge and Permissions

Human control

The approval trap – and control by risk level

An approval step is ineffective if the member of staff merely clicks „confirm“. Approvals that nobody can really review create a deceptive sense of control.

An effective approval interface shows

which action is to be carried out · which data was used · which assumptions the system made · which mandatory fields are missing · which rule makes the approval necessary · what effect the approval has.

Control points by risk level
Risk levelExampleControl
lowinternal summaryspot check
moderatecustomer reply without a commitmentrule check or approval
elevatedappointment, price or contractmandatory approval
highpersonnel, credit or safety decisionspecialised procedure or exclusion
Practical rule

The harder a decision is to reverse afterwards, the earlier human control must take place in the process.

KrambergAI
Part IV · Security, Data Protection and Regulation

Security

New security risks from AI agents

AI employees connect language models with company data and tools. This creates additional attack paths. OWASP lists prompt injection, disclosure of sensitive information, insecure handling of model output, weaknesses in vector and embedding systems and uncontrolled resource consumption among the central risks of generative-AI applications. A separate risk catalogue has also been developed for agentic systems.

Risk 1 · Prompt injection

An attacker hides instructions in an e-mail, a website or a document. The AI employee interprets these as a work order. Example: a supposed supplier attachment contains a hidden instruction to send confidential content to an external address.

Countermeasures

  • treat external content as untrusted by default
  • technically separate instructions from payload data
  • validate output before actions
  • restrict external destination addresses
  • place sensitive functions behind approvals

Risk 2 · Excessive scope of action

The AI employee has more functions or data access than the task requires.

Countermeasures

  • minimal permissions and small, specialised tools
  • amount, time and volume limits
  • no universal administrator functions
  • separate roles for reading, creating and approving
KrambergAI
Part IV · Security, Data Protection and Regulation

Security

Output, data leakage and cost control

Risk 3 · Unvalidated model output

Model output is passed directly into e-mails, databases, scripts or business systems.

Countermeasures

  • structured output formats and field and value validation
  • permitted value ranges and technical plausibility checks
  • no direct execution of generated code

Risk 4 · Data leakage

Confidential information leaves the organisation via inputs, logs, model providers or connected tools.

Countermeasures

  • data classification, input filters and encryption
  • a data-processing agreement review and defined retention periods
  • EU or local processing where required
  • exclusion of particularly sensitive data

Risk 5 · Infinite loops and cost

Agentic systems can call tools repeatedly or trigger extensive computations.

Countermeasures

  • a maximum number of steps and a runtime limit
  • a cost budget per case and abort rules
  • quotas, rate limits and alerting on deviations

NIST recommends addressing the risks of generative AI systematically through governance, risk measurement, pre-deployment testing, content provenance and incident management. These five perspectives also serve as a lean checklist for mid-sized companies.

KrambergAI
Part IV · Security, Data Protection and Regulation

Quality

Quality must become measurable

An AI employee is not „good“ simply because individual examples are convincing. Before productive introduction, measurable quality criteria are needed. Seven dimensions have proven useful.

1Factual accuracy

Are statements, classifications and suggestions factually correct?

2Completeness

Were all necessary details, documents and process steps taken into account?

3Compliance with rules

Were internal rules, approvals and exclusions observed?

4Source grounding

Are statements based on approved and up-to-date sources?

5Process quality

Was the case created in the right system and with the right fields?

6Communication quality

Is the output clear, appropriate and free of inadmissible commitments?

7Robustness

Does the process also work with incomplete, contradictory or unusual inputs? Robustness separates a demonstrable prototype from a system that is fit for operation.

KrambergAI
Part IV · Security, Data Protection and Regulation

Quality

Test dataset and acceptance

Test dataset

Before the pilot, a test dataset with realistic cases should be created. It forms the basis for every later acceptance.

30 to 50 standard cases

10 to 20 incomplete cases

10 edge cases

5 to 10 security and misuse cases

typical file attachments and formats

contradictory and multilingual requests, where relevant

Example acceptance criteria

  • at least 95 percent correct customer assignment
  • at least 90 percent correct case classification
  • 100 percent detection of defined escalation cases
  • no inadmissible external action
  • no price or appointment commitment without approval
  • complete logging of all system actions
  • fewer than 3 percent manual corrections on mandatory fields
Functional acceptance

Acceptance is not carried out by IT or the provider alone. The department must assess whether the result is usable in day-to-day operations, whether industry-specific terms are understood correctly, whether the handovers are complete, whether additional rework arises and whether exceptions are reliably detected. Technical function and functional suitability are two separate dimensions of acceptance.

KrambergAI
Part IV · Security, Data Protection and Regulation

Regulation

EU AI Act: classification and timelines

The legal classification depends on the specific purpose, the data processed and the company’s role. A general AI assistant is not automatically a high-risk AI system. Certain areas of use – in particular personnel decisions, biometric applications, critical infrastructure or decisions on essential services – may, however, be subject to considerably stricter requirements.

Key dates of application (as of 2026)
DateScope
1 August 2024the AI Act enters into force
2 February 2025prohibited AI practices and the AI-literacy obligation
2 August 2025obligations for general-purpose AI models (GPAI)
2 August 2026large parts of the transparency obligations (Article 50)
2 December 2026labelling of synthetic content for existing systems; new prohibitions on non-consensual intimate and abuse material
2 December 2027obligations for standalone high-risk systems (Annex III)
2 August 2028obligations for high-risk systems embedded in products (Annex I)

The dates of application for high-risk systems were changed under the „Digital Omnibus on AI“. Following the political agreement of early May 2026, fixed dates apply; the European Parliament approved the arrangement on 16 June 2026, and the Council gave its final approval on 29 June 2026. Companies should nevertheless check the respective state of implementation again before every relevant project.

The transparency obligations under Article 50 do not mean that every internally generated text must be flagged with an AI notice across the board. The requirements depend on the content, the use and the audience.

KrambergAI
Part IV · Security, Data Protection and Regulation

Regulation

The GDPR and employee participation

What the AI Act means in operation

Particularly relevant for companies are the AI literacy of the staff involved, a documented purpose, the risk classification, human oversight, technical documentation, logging, transparency towards data subjects and monitoring during operation.

General Data Protection Regulation

When personal data is used, the following must be checked, among others: purpose and legal basis, data minimisation, recipients and sub-processors, third-country transfers, deletion and retention periods, data-subject rights, technical and organisational measures and whether a data-protection impact assessment is required.

The European Data Protection Board emphasises that the lawfulness of developing and using AI models must be assessed on a case-by-case basis. Even the assumption that a model is anonymous requires a robust review.

Article 22 GDPR

Article 22 restricts decisions that are made solely on an automated basis and have legal or similarly significant effects on a person. A merely formal human confirmation step is not necessarily sufficient.

Works council

If working methods, performance monitoring, personnel selection or task allocation are influenced by AI, the works council should be involved early. The German Works Constitution Act contains explicit provisions on consultation regarding the use of artificial intelligence and on bringing in experts. This e-book does not replace a legal assessment of the individual case.

KrambergAI
Part IV · Security, Data Protection and Regulation

Processing location

Data sovereignty and processing location

For many mid-sized companies, what matters is not only whether AI is permissible, but where and by whom data is processed. The processing location affects data protection, confidentiality and the question of how much control stays in-house. These aspects can be shaped early and deliberately.

EUProcessing within the EU

Processing and storage within the EU where possible, to avoid third-country transfers and additional review obligations.

DPAData-processing agreements

Clear data-processing agreements with model and platform providers, including retention periods and exclusion of use for training.

LLocal models

For particularly sensitive content, local or dedicated models that do not leave the premises are an option.

CClassification

A simple data classification determines which content may be processed via which route.

Positioning

GDPR-compliant data protection and transparent, European processing are not an obstacle but a robust quality feature – particularly for mid-sized companies, where trust and confidentiality are at the heart of the customer relationship.

The processing location should be part of the process profile and the security assessment, not a matter clarified after the fact. Defining it early avoids later rework and creates the basis for credible communication with customers and regulators.

KrambergAI
Part V · Responsibilities and Operation

Operating model

A workable operating model for mid-sized companies

An AI employee needs both a functional and a technical owner. Without named responsibility, the system remains a pilot without proper operation. In mid-sized companies, the following roles can also be covered by just a few people – what matters is that they are filled.

Management

approves the scope of use and risk appetite, decides on particularly relevant applications, provides resources and reviews benefit and material risks.

Process owner (business)

describes the target process, defines business rules, maintains escalation reasons, is responsible for quality criteria and decides on functional changes.

IT / technical operator

runs integrations and identities, implements permissions, monitors interfaces and is responsible for backup, availability and technical changes.

Data protection

reviews the processing of personal data, assesses legal bases and safeguards, supports impact assessments and reviews contracts and deletion concepts.

Information security

conducts risk and threat analysis, defines security controls, assesses providers and architecture and supports incident management and testing.

Key user / functional owner

assesses results in day-to-day operations, reports errors and new case types, maintains examples and work instructions and supports training.

KrambergAI
Part V · Responsibilities and Operation

Operating model

Responsibility at a glance: RACI

The simplified RACI matrix makes visible who carries out the work, who is accountable for the result, who is consulted and who is informed.

TaskManagementBusinessITData prot. / security
Approve use caseARCC
Define process rulesIA/RCC
Implement system accessICA/RC
Data-protection reviewICCA/R
Accept qualityIA/RCC
Monitor operationIRA/RC
Handle incidentsI/ARRR

R responsible for execution  ·  A accountable for the result  ·  C consulted  ·  I informed

Reference framework

ISO/IEC 42001 describes a management system for the responsible development and use of AI – with responsibilities, objectives, risk management, monitoring and continuous improvement. Certification is not required for every company; the basic structure is nevertheless suitable as a reference for a lean operating model.

KrambergAI
Part V · Responsibilities and Operation

Piloting

The 90-day pilot

An AI employee should not be launched straight away as a company-wide rollout. A limited pilot provides reliable insights into quality, benefit and operating effort. A sequence of five phases over roughly twelve weeks has proven effective.

Phase 1
Selection and process captureWeek 1–2
  • Define the process and target group, capture the current workflow
  • Determine volume, processing times and consequences of errors
  • Record data and system access, name the process owner
  • Define success criteria
Result: an approved process profile
Phase 2
Role and control conceptWeek 3–4
  • Formulate tasks and limits, set the level of autonomy
  • Define permissions, determine human control points
  • Set escalation rules, carry out the data-protection and security review
  • Create test cases
Result: an operating and control concept
Phase 3
Technical implementationWeek 5–7
  • Select model and hosting, connect knowledge sources
  • Develop system functions, set up identity and permissions
  • Activate logging, implement the approval interface
  • Configure error and abort handling
Result: an AI employee ready for testing
KrambergAI
Part V · Responsibilities and Operation

Piloting

Testing, controlled operation and decision

Phase 4
Testing and functional acceptanceWeek 8–9
  • Test standard cases as well as edge and misuse cases
  • Assess results on the merits, categorise error patterns
  • Refine the role description and sources
  • Check the acceptance criteria
Result: pilot approval
Phase 5
Controlled operationWeek 10–12
  • a limited user group, full human approval
  • daily or several-times-weekly review, an error log
  • gather user feedback
  • measure processing time and rework
Result: a reliable scaling decision

Decision after 90 days

At the end there is a deliberate decision based on data rather than impressions. The options are: stop · revise on the merits · continue at the same scope · roll out to more users · approve additional actions · transfer to further processes.

The value of the pilot lies not only in the result, but in the ability to decide that it creates: after twelve weeks, it is demonstrable what the AI employee achieves, where it reaches its limits and what operating effort is realistic.

KrambergAI
Part VI · Worked Examples

Worked example 1

Technical customer service and plumbing/HVAC

Situation

A plumbing/HVAC or technical service company receives inquiries by phone, e-mail and via its website. Essential details are often missing: name and contact data, site address, the affected system, manufacturer and model, the fault description, urgency, contract or warranty status, access conditions and photos or error messages. Dispatch has to request missing details, search for the customer in the system and pass the case to the right service technician.

Role of the AI employee

The AI employee takes over structured service intake. It can evaluate an e-mail or phone note, search for the customer and site in the CRM, assign the system and maintenance contract, classify the request as a fault, maintenance, complaint or general inquiry, identify missing mandatory details, prepare or send a follow-up query, create a ticket draft and hand the case over to dispatch.

Terminology and process logic

The AI employee must distinguish between the following situations:

Fault · outage

Maintenance · repair

Warranty · goodwill

Emergency service · requested appointment

Recurring defect

Third-party system · maintenance contract

KrambergAI
Part VI · Worked Examples

Worked example 1

Control points, metrics and benefit (plumbing/HVAC)

Approval required for

  • possible danger to people or buildings
  • smell of gas, smoke or water damage
  • an emergency-service request
  • a warranty claim
  • a binding appointment or cost commitment
  • a complaint or escalation
  • unclear system assignment

Metrics

  • share of fully prepared cases
  • time to first response
  • dispatch follow-up query rate
  • incorrect customer assignments
  • correction effort per ticket
  • share of correctly escalated cases

Expected benefit

Fewer follow-up queries, structured handovers, faster capture, better data quality in the ticketing system, relief for dispatch and the back office, and traceable processing.

Scope limitation

The AI employee does not replace the technical diagnosis by the service technician. It improves the quality of the information with which the technical process begins – and thereby creates calmer, more predictable workflows in the back office.

KrambergAI
Part VI · Worked Examples

Worked example 2

Quotation preparation in construction and project business

Situation

A mid-sized project company receives bills of quantities, inquiries, plans and attachments in various formats. Before costing, the relevant information must be gathered: line items, quantities, execution deadlines, sites, contract terms, required evidence, special technical requirements, exclusions and ancillary services as well as missing or contradictory details.

Role of the AI employee

The AI employee supports quotation review and work preparation. It can inventory the inquiry and attachments, extract line items, identify deadlines and dates, summarise technical requirements, identify missing documents, match items against internal service building blocks, prepare follow-up queries for the client, generate a quotation structure or costing template and flag risks and deviations.

Actions that are not permitted

  • sending the final quotation
  • setting prices on its own
  • accepting contract terms
  • confirming technical feasibility in a binding way
  • interpreting standards or codes without a source reference
  • changing quantities without flagging it
  • formulating supplementary claims or liability commitments
KrambergAI
Part VI · Worked Examples

Worked example 2

Control points, metrics and benefit (project business)

The estimator or project manager reviews

  • identified quantities and line items
  • exclusions and ancillary services
  • technical particularities
  • deadline requirements
  • contract and liability risks
  • pricing bases and open queries

Metrics

  • time for the initial review
  • share of identified mandatory documents
  • number of missed deadlines
  • quality of the follow-up queries
  • time to the „quote or decline“ decision
  • rework time for the costing

Benefit

The AI employee does not automate commercial responsibility. It reduces the time spent on review, structuring and preparation.

Effect

In project business in particular, this relief helps to assess more inquiries competently without burdening the estimating department with unsuitable tenders. Scarce specialist capacity goes to the cases that really need it.

KrambergAI
Part VI · Worked Examples

Worked example 3

Traffic safety and operational deployment planning

Situation

A traffic-safety company handles inquiries about construction sites, events, road closures and temporary traffic routing. The cases include, among other things, the location and extent of the work site, road type, traffic routing, planned duration, working hours, required barrier equipment, permit status, plans and traffic-law orders, set-up and dismantling times as well as inspection and documentation obligations.

Role of the AI employee

The AI employee supports the commercial and organisational preparation of cases. It can structure the inquiry and attachments, capture the site, period and contact person, identify the type of measure, identify missing documents, prepare the project file, create deadlines and reminders, compile a suggested material and staffing requirement, prepare the handover to planning or project management and flag documentation requirements.

A clear limit

The AI employee must not issue any independent traffic-law or safety approval. Selecting and implementing a traffic-routing scheme remains the task of qualified specialists and the responsible authorities.

KrambergAI
Part VI · Worked Examples

Worked example 3

Control points, metrics and benefit (traffic safety)

Human control points

  • technical planning
  • selection of the standard scheme
  • deviations from standard cases
  • staffing and material planning
  • safety assessment
  • approval of traffic-sign plans
  • coordination with the authority or client
  • changing an ongoing measure

Metrics

  • completeness of the project file
  • missing documents at planning start
  • time from inquiry to internal handover
  • incorrect date transfers
  • queries between back office and project management
  • share of automatically created reminders

Benefit

The greatest effect comes not from automated technical planning, but from more complete project information, fewer media breaks and a faster handover to qualified planners and deployment managers.

The same pattern applies in all three examples: the AI employee takes over capture, structuring and preparation. The functional and safety-relevant decision remains with the human. This is precisely where the manageable, immediately usable entry point lies.

KrambergAI
Part VII · Typical Wrong Decisions

Failure patterns

Why AI employees fail in practice

Most failures have organisational rather than technical causes. Ten patterns occur particularly often.

1A universal AI employee for everything

The mandate is too broad. Responsibilities, permissions and quality criteria cannot be kept under control.

Betterseveral specialised roles, each with a limited mandate.

2Automating a disorganised process

Inconsistent workflows do not improve simply because AI is used.

Betterdefine a minimum process and mandatory information before automating.

3Autonomy too early

The system is allowed to send e-mails, change records or book appointments before the quality of its results has been checked.

Betterstart with suggestions and drafts, then move to limited actions.

4A prompt instead of a permission concept

Prohibitions are only described in text, but not enforced technically.

Betterrestrict rights at the system and function level.

5Unmaintained knowledge sources

The AI employee is given access to contradictory, outdated or unapproved documents.

Betterintroduce source ownership, versioning and an approval status.

KrambergAI
Part VII · Typical Wrong Decisions

Failure patterns

Failure patterns (continued)

6No functional acceptance

The technical demonstration is confused with operational readiness.

Betterrepresentative test cases and measurable acceptance criteria.

7Human control only on paper

Staff confirm results without seeing the basis for the decision.

Betterapproval interfaces that show sources, assumptions and effects.

8No proper operation

After the pilot, there is nobody responsible for error analysis, source maintenance and model changes.

Bettername an operator, a subject-matter owner and a review cycle.

9Measuring benefit only by headcount saved

Many use cases initially improve throughput time, data quality and responsiveness.

Bettermeasure benefit through process metrics.

10Switching models without renewed testing

A new model can produce different results, response styles and error patterns.

Bettertest and approve relevant model, prompt and architecture changes like software changes.

KrambergAI
Part VIII · Checklists and Decision Aids

Go-live checklist

Before launch: business, data and permissions

Business and process
  • A concrete business problem is described.
  • The process section under consideration is delimited.
  • Process ownership and operator are named.
  • Benefit and target metrics are defined.
  • Inputs, outputs and follow-up actions are documented.
  • Excluded decisions are defined.
Data and knowledge
  • All data sources used are inventoried.
  • Access rights have been reviewed.
  • Sources have an owner.
  • Version and approval status are identifiable.
  • Personal and confidential data has been assessed.
  • Deletion and retention periods are defined.
Permissions
  • The AI employee has its own identity.
  • The principle of least privilege applies.
  • Write, change and delete rights are separated.
  • Critical actions require approval.
  • Volume, time and cost limits are in place.
  • Credentials are not stored in prompts.
KrambergAI
Part VIII · Checklists and Decision Aids

Go-live checklist

Before launch: quality, law and operation

Quality
  • Representative test cases have been created.
  • Edge and misuse cases have been tested.
  • Acceptance criteria are measurable.
  • The department has accepted the results.
  • Errors and corrections are categorised.
  • Model and prompt versions are documented.
Law and organisation
  • The role under the AI Act has been reviewed.
  • Data protection and information security have been involved.
  • A possible data-protection impact assessment has been evaluated.
  • The works council has been involved where necessary.
  • Affected staff have been trained.
  • Transparency and information obligations have been assessed.
Operation
  • Logging is activated.
  • Monitoring and alerting are set up.
  • An incident process is defined.
  • The AI employee can be deactivated at short notice.
  • A manual fallback process is available.
  • Regular reviews are scheduled.
KrambergAI
Part VIII · Checklists and Decision Aids

Maturity self-assessment

How far along is your company?

Rate each statement with 0 points (not present), 1 point (partly present) or 2 points (sufficiently present). The total gives a rough sense of your starting position.

  1. 1A concrete process and a measurable goal are defined.
  2. 2A functional process owner is named.
  3. 3Today’s processing steps are documented.
  4. 4Inputs, results and follow-up actions are known.
  5. 5The required data sources are identified.
  6. 6The quality and currency of the knowledge sources are sufficient.
  7. 7Access rights can be technically limited.
  8. 8The AI employee is given its own technical identity.
  9. 9Prohibited actions and decision limits are described.
  10. 10Human approval and escalation points are defined.
  11. 11Test cases and quality metrics can be created.
  12. 12Data protection and information security are involved.
  13. 13Errors and system actions can be logged.
  14. 14A person responsible for ongoing operation is designated.
  15. 15The affected staff are involved in the introduction.
KrambergAI
Part VIII · Checklists and Decision Aids

Maturity self-assessment

Evaluation

Out of a maximum of 30 points. The classification says less about technology than about organisational readiness to start.

0–10Foundations missing

The process should be structured first. A technical AI pilot would be premature.

11–20A pilot is basically possible

A limited assistance process with full human approval is realistic. Open points must become part of the pilot project.

21–26A good starting position

A productive pilot with limited system actions is possible.

27–30A scalable basis

The company has the essential prerequisites for controlled operation and can consider additional processes or higher levels of autonomy.

The self-assessment does not replace a detailed analysis. It does, however, help to decide honestly whether the process or the technology should come first.

KrambergAI
Part VIII · Checklists and Decision Aids

Decision

Management decision and options

An AI employee should be introduced when five conditions are met:

  1. There is a frequent and economically relevant process.
  2. The process section under consideration can be clearly delimited.
  3. The necessary information is available digitally.
  4. Quality and consequences of errors can be measured.
  5. Functional responsibility and operation are organised.

Decision options

ADo not automate yet

Suitable when processes, data or responsibilities are disorganised.
Next step: process capture and knowledge structuring.

BAssistance pilot

The AI employee reads, structures and produces suggestions. Staff carry out all actions.
Suitable for: first experiences and sensitive processes.

CControlled process pilot

The AI employee prepares cases and carries out individual low-risk actions. Relevant steps require approval.
Suitable for: standardised customer, service and administrative processes.

DLimited productive operation

The AI employee handles defined standard cases independently. Exceptions are handed over.
Suitable for: proven processes with stable rules and controls.

KrambergAI
Part VIII · Checklists and Decision Aids

Implementation with KrambergAI

From the first use case to controlled operation

KrambergAI supports mid-sized companies in introducing operational AI employees – from the first use case to controlled productive operation. The ambition remains sober: AI should make work calmer and provide relief, control, security and sovereignty, not additional complexity.

The structured AI integration check

Selection and assessment of suitable business processes

Process and risk classification

Role and permission concept

Data and knowledge sources

Human control points

Target architecture and integrations

Pilot and operating model

Quality and benefit metrics

Recommended next step

Have a specific business process assessed for suitability, benefit and integration risks.

Not every task needs an autonomous AI agent. Often the greatest operational benefit already comes from a specialised AI employee that structures information, prepares work and hands complete cases over to the responsible staff.

KrambergAI GmbH · krambergai.com · GDPR-compliant data protection · Made in Germany

KrambergAI
Appendix · Sources

Appendix

Sources and further reading

Market data and studies
  • Federal Statistical Office: Use of artificial intelligence in companies, 2025. destatis.de
  • KfW Research: Use of artificial intelligence in the German Mittelstand, 2026. kfw.de
  • Bitkom: Artificial intelligence in Germany, company surveys 2025/2026. bitkom.org
  • OECD: Generative AI and the SME Workforce, 2025. oecd.org
  • OECD: Effects of Generative AI on Productivity, Innovation and Entrepreneurship, 2025. oecd.org
  • McKinsey & Company: The State of AI 2025 – Agents, Innovation and Transformation. mckinsey.com
  • Stanford HAI: AI Index Report 2026. hai.stanford.edu
Regulation and data protection
  • European Commission: AI Act and implementation timeline. digital-strategy.ec.europa.eu
  • Council of the EU / European Parliament: Digital Omnibus on AI, 2026. consilium.europa.eu
  • European Data Protection Board: Opinion 28/2024 on AI models and personal data. edpb.europa.eu
  • Data Protection Conference (DSK): Guidance on AI, technical and organisational measures and RAG systems, 2025. datenschutzkonferenz-online.de
  • Federal Ministry of Labour and Social Affairs: AI use in the workplace; Works Council Modernisation Act. bmas.de
Security and governance
  • Federal Office for Information Security: Security of AI systems and generative models. bsi.bund.de
  • NIST: AI Risk Management Framework and Generative AI Profile. nist.gov
  • OWASP: Top 10 for LLM Applications 2025; Top 10 for Agentic Applications 2026. genai.owasp.org
  • ISO: ISO/IEC 42001 – Management systems for artificial intelligence. iso.org
KrambergAI
Appendix · Disclaimer and Contact

Appendix

Disclaimer

This e-book is intended for professional orientation. It does not replace legal advice, data-protection advice, an information-security review or an industry-specific safety assessment. Requirements must be checked for the specific use case, the systems used and the data processed.

Regulatory information, in particular on the EU AI Act and the Digital Omnibus on AI, reflects the state as of 2026. As deadlines and interpretations can change, the current state of implementation should be checked again before every relevant project.


Contact

KrambergAI GmbH
www.krambergai.com

Positioning

GDPR-compliant data protection
Made in Germany
Relief · Control · Security · Sovereignty

Core message

Automate preparation, structuring and handover first. A specialised AI employee with a clear mandate, limited rights and human control creates more value – and less risk – than a universal but uncontrolled jack-of-all-trades.