When AI gets the keys, it needs a gatekeeper

It is getting harder to say that AI is just a chat box. When an assistant can show up in Teams, look at Excel, pull context from SharePoint and use a password manager without the password itself ending up in the prompt, the question changes. It is no longer: "Can it write a reply?" The question is: who holds the keys?

This spring, Perplexity has described Computer as an AI agent for work inside existing company environments. In May, Perplexity said Computer can be used in Microsoft Teams, connect with Outlook, OneDrive, SharePoint, Excel and Azure DevOps, and appear as a beta side panel in Excel. The company also describes Computer Workflows, where the prompt, context and desired output format are packaged into a reusable starting point that can be shared, scheduled and run in the background.

Source: Computer in Teams is here

At the end of April, 1Password described the same shift from another angle. When AI moves from answering to acting, it needs access to apps, sessions, tokens and accounts. 1Password and Perplexity say the goal is for an agent to act on behalf of a user without exposing the underlying credentials to the model or pasting them into a chat. The actions should be authorized, governed and auditable afterwards.

Source: 1Password and Perplexity expand partnership to secure access for Perplexity Computer

That sounds big and enterprise. The pattern still matters for a small Swedish business, association or school. Not because everyone should buy Perplexity Computer tomorrow. Because the same design question will show up in the tools you already use: Teams, Slack, Google Drive, Excel, accounting exports, CRM systems, learning platforms, booking tools and shared folders.

An AI agent is an AI routine that can interpret a task, fetch context, choose a next step and sometimes take an action in another system. It becomes useful when it works close to real workflows. It becomes risky when it gets too much access before anyone has set the boundaries.

Today's AI signal: the agent is moving into the work itself

The interesting part of Perplexity's Teams and Excel direction is not the brand name. It is the placement. The AI is not sitting outside the work, waiting for someone to copy and paste text into a separate app. It sits where the question already starts. In a Teams thread. Next to a budget model. Close to the documents the team actually uses.

That is more practical than saying "everyone needs to learn a new AI app". A restaurant owner does not want to open five systems to understand this week's bookings. A school administrator does not want to chase three colleagues to finish a parent update. A consultant with five clients does not want to rewrite the same research prompt every Monday. They want the next sensible step without losing control.

Perplexity also writes about workflows: packaged tasks where the prompt, context and output format are ready to reuse. That is probably the first part small teams should copy. A workflow does not need to be advanced. It can be an instruction that always does the same thing with the same kind of source material:

• weekly customer questions become a short priority list
• a quote request becomes missing questions, risks and a draft reply
• a student or course note becomes a follow-up suggestion
• a supplier invoice gets compared with an agreement and previous costs
• meeting notes become decisions, open questions and owners

The good thing about a packaged workflow is that quality no longer depends on who happens to be most tired that day. You can improve the instruction over time. You can also decide exactly when a human needs to read, approve or stop the result.

The small gatekeeper matters more than the big vision

It is easy to be impressed by agents that can work in the background. I keep coming back to access. What may the agent read? What may it write? Which apps may it open? When must it ask first?

1Password uses the phrase secure access: the right human or AI agent should reach the right app or credential at the right moment, without exposing secrets and without forcing work to stop for manual logins. That definition is worth borrowing, even if you do not use 1Password.

Source: 1Password and Perplexity expand partnership to secure access for Perplexity Computer

For small teams, this does not mean building a heavy security department. It means putting a simple gatekeeper around AI workflows:

• use a password manager or secret manager instead of pasted passwords in prompts
• give AI read access first, write and send access later
• use scoped API keys that only work for one job
• let the agent suggest changes, but require approval before anything reaches a customer, parent, student record or accounting system
• log what the agent read, suggested and did
• redact personal identity numbers, health details, student cases and other sensitive details before they enter general AI tools

This is not "be scared of AI". It is the opposite. If the keys are handled properly, AI can do more real work. Safer integration is the way out of copy-paste and into useful workflows.

A 50-minute exercise: build your first agent gatekeeper

Choose one workflow where someone already spends time every week. Not the most sensitive one. Not the most political one. Pick something ordinary but annoying: incoming quote requests, support emails, weekly summaries, absence questions, stock checks, meeting follow-ups or invoice review.

Then do this in 50 minutes.

First 10 minutes: choose the job

Write one sentence: "When X happens, we want AI to help us with Y." Example: "When a new quote request arrives, we want AI to summarize the need, list missing information and draft a first reply."

Next 10 minutes: draw the access boundary

Write which sources the AI may read. This might be an inbox, a Teams channel, a folder with standard copy, a price list or a spreadsheet. Also write what it may not read yet. That line matters.

Next 10 minutes: decide what AI may do

Split the actions into three levels:

• it may read and summarize immediately
• it may create drafts and suggestions
• it may only send, change or create records after human approval

Next 10 minutes: define the log

Decide where you will keep the trace. It can be a spreadsheet, a Notion page, a CRM note or a simple log in your project tool. Save at least: date, source, what AI suggested, who approved it and what was actually sent.

Last 10 minutes: run one test

Use an old example. Ask AI to do the work using the instruction. Let one person review it. Write down what went wrong, what was missing and whether anything should be forbidden. Adjust the instruction before testing again.

Copy this prompt: make an access map for an AI agent

Paste this into ChatGPT, Claude, Gemini, Perplexity or your normal AI tool. Replace the brackets.

You are my practical AI implementation partner. Help me make a simple access map for an AI workflow in a small team.

The workflow we want to improve:
[Describe the task, for example incoming quote requests, support emails, weekly reports or invoice review.]

Tools and sources we use today:
[List inbox, Teams/Slack, Google Drive/SharePoint, Excel/Sheets, CRM, accounting system, learning platform or anything else.]

Do this:
1. Rewrite the workflow as a clear trigger: "When X happens, AI should help us with Y."
2. List which sources the AI needs to read and why.
3. Split permissions into read, suggest, draft and execute.
4. Suggest which steps should always require human approval.
5. Suggest how we can handle access safely: password manager or secret manager, scoped API keys, least privilege, redaction of sensitive details and a simple activity log.
6. Write a first version of the agent instruction in plain English. Keep it short enough that someone on the team will actually read it.
7. End with three test cases: one easy, one messy and one the agent should escalate to a human.

The point is not to make the prompt perfect. The point is that you have to say out loud what AI is allowed to do. That quickly shows whether the workflow is ready for automation or whether you first need to clean up sources, permissions and responsibility.

Three small workflows beat one giant AI project

The quote guard

AI reads a new request, compares it with a price list and previous examples, lists missing questions and writes a reply draft. A human always approves before the email reaches the customer.

The weekly summarizer

AI reviews a Teams or Slack channel every Friday and produces a list of decisions, blockers and tasks. The log shows which channel was read and who approved the summary.

The spreadsheet guard

AI looks at a spreadsheet for bookings, stock or budget, flags anomalies and suggests the next check. It does not change numbers by itself. The first version is only a review layer above Excel or Sheets.

This is the kind of work Hammer Automation often helps with in Tool Forge and Skill Forge: small controlled routines that people can actually use, not demos that impress for ten minutes and then disappear. Mindset Forge fits when a team first needs to agree where AI may help and where human responsibility must stay explicit.

What to do today

Pick one recurring workflow and write its gatekeeper rule on one page. Who may AI help? Which sources may it read? Which keys must it never see? What requires approval? Where does the log live?

If you can answer those questions, you are much closer to practical AI than if you only try another chat tool. And when tools such as Perplexity Computer, Copilot, Gemini, Slack AI or Make start offering more agent features inside your everyday apps, you will already have what many teams lack: a simple idea of how AI is allowed through the door.