Digital sovereignty, the ability for an organization to maintain clear control over how its data is stored, accessed, and governed, has moved from a technical concern to a board-level priority. As organizations expand their digital footprints and accelerate cloud adoption, rising regulatory scrutiny and growing customer expectations are forcing businesses to rethink how they manage data.

Sovereignty means different things to different people, the panelists noted, but the common thread is the need to take control over customer data, which has become essential to maintaining trust. The pressure to demonstrate that control is now shaping transformation plans, vendor choices and long-term customer experience strategies.

Control of Critical Data Is Becoming a Strategic Must

The energy crisis following the invasion of Ukraine exposed the geopolitical dimension of critical infrastructure, reinforcing the need for systems that can operate independently in extreme circumstances.

“Digital sovereignty is about stability and resilience,” said Julia Weberberger, Head of Corporate Strategy at Energie AG Oberösterreich, describing it as a source of power. “[W]e have to make sure that we operate our critical data on our own. We operate our own data center, with emergency power supply, and rely on a multi-provider strategy to create redundancies… It’s also very important that we build expertise in digital sovereignty in Europe, but also within our company.”

Europe is developing a new mindset built on innovation and security, Weberberger said, shaping companies, knowledge, opinions and even social narratives. In this environment, European data sovereignty is becoming a key strategic concern that requires balance.

As Martina Saller, Public Sector Sales Lead at Microsoft Austria said:

“It’s not a black and white discussion. It’s not about choosing the path of sovereignty or choosing the path of innovation. It’s about balancing and orchestrating… a risk-based approach.”

That layered approach should separate highly sensitive workloads from those suited for cloud-based innovation.

Public administrators highlighted that sovereignty is multidimensional: technical, legal, economic and emotional. What customers want above all is visibility and choice. As one leader emphasized, beyond control over data processing and storage, true sovereignty also means being able to choose the parts of a technology package they need rather than being required to buy licenses for bundles, which drives up costs.

Procurement rules, however, are still playing catch-up. With different requirements scattered across the EU, organisations often end up doing the same work multiple times. A more unified approach that allows for shared certifications and tech that plays nicely across borders would make it easier for businesses and public bodies to build modern, sovereign digital systems. And to make sure those sovereignty rules help innovation instead of getting in the way, organizations say they need clear guidance and strong partnerships with their tech providers.

What Customers Need from Cloud Partners

A recurring message throughout the discussion was that sovereignty cannot be achieved in isolation. Customers expect their cloud partners to help them meet changing regulatory, security and operational demands.

As Norbert Parzer, Certified Public Accountant, Tax Advisor and Partner at EOS put it, “first find the companion before you start the journey.”

To address concerns around extraterritorial data access, Jeff Bullwinkel, VP and Deputy General Counsel, Corporate External and Legal Affairs at Microsoft EMEA, detailed the steps the vendor has taken to provide assurance and legal protection.

The tech giant has built the EU Data Boundary for the Microsoft Cloud to “mitigate the risk, or reduce the surface area of risk by just reducing situations in which data is transferring from one continent to another.”

Just as crucial is Microsoft’s assurance that it will resist demands from governments to divulge customer data, Bullwinkel said:

“When Microsoft gets a request or a demand in order for data from any government around the world, we have a contractual obligation to litigate against that order whenever there’s a lawful basis for doing so. And we have quite a history of doing that…with a view toward guarding against that kind of risk and so we will continue in the future as well.”

Microsoft has also expanded its sovereign controls and confidential computing to ensure that customers hold the keys to their data.

The vendor recently announced expanded capabilities for its Sovereign Public Cloud and Sovereign Private Cloud. By the end of this year, customers in four countries—Australia, the United Kingdom, India and Japan—will have the option to have their Microsoft 365 Copilot interactions processed in-country. This will be expanded to 11 more countries in 2026: Canada, Germany, Italy, Malaysia, Poland, South Africa, Spain, Sweden, Switzerland, the United Arab Emirates, and the U.S.

These capabilities directly address customer expectations for operational autonomy and regulatory compliance.

Partnerships help empower organizations to keep control over their processes and architecture, so that digital transformations are secure and interoperable. Organizations across sectors are embracing AI, but they need to be sure that the models they use preserve transparency and control.

“There are many areas we see it’s important to have a good collaboration. And for that, trust is… obligatory. It’s the absolutely necessary thing. And it cannot just be a marketing promise,” Weberberger said.

The use of large language models (LLMs) raises critical questions when it comes to maintaining control over customer data, Weberberger noted, highlighting the need for transparency around who trains the data, who defines which information AI models are allowed to use, how ethical principles are implemented and who has the control and influence over the models.

“We need answers in the future when it comes to… how these LLM models are trained. Many providers tell us ‘we don’t use the customer data to train our LLM.’ But for us, still, the question remains, but how do the providers develop their LLMs when they don’t use the customer data to train them? Here we need clear agreements that we all know how it works, and openness to trust.”

For critical sectors like energy, innovation must align with stringent risk-management requirements without compromising safety or resilience.

Data Sovereignty as a Shared European Project

Panelists underscored the need for different regulators in Europe to get on the same page when it comes to digital rules, to create a clearer, more unified set of standards that works in practice and gives organizations the confidence to keep innovating.

“Policy makers and industry representatives should work together on defining clear, understandable and practical frameworks, which has not always happened in the past,” Parzer said.

“It’s about establishing certainty for market participants at the end… They should understand that innovation is not a luxury. It is just an enabler for our economic growth and insurance for our future. So it is all about defining rules that are going to balance innovation with compliance.”

And when those standards line up, it doesn’t just cut down on compliance headaches — it makes it easier for governments and regulated industries to embrace AI and cloud tools, giving them the guardrails they need to move ahead with confidence.

The conversation made one point clear: sovereignty is no longer a static concept. It is a shared responsibility shaped by policy, technology, and partnership. Customers expect cloud providers not only to deliver secure platforms, but also to collaborate, openly and continuously, on the frameworks, tools, and governance models that will define Europe’s digital future.

As the panel demonstrated when customers, policymakers, and technology providers align around transparency, control and trust, Europe can innovate at the pace required to remain resilient and competitive.

“I think we cannot expect this topic is going to go away,” Bullwinkel said. “These things are front of mind, absolutely, for our customers, for our partners, for government leaders… Things we’ve been talking about… around data privacy, around data security, around resilience, around data residency, these are all things that will continue to inform the conversation.”

As governments and enterprises deepen their reliance on cloud and AI technologies, control over where data is stored and how it is processed has become central to maintaining operational resilience and regulatory compliance, and most importantly, customer trust.

More than 80 percent of business leaders cite data sovereignty as a strategic business priority, according to research by German analyst firm BARC.

“We have to get a lot better at understanding that data is money, and we need to put the security that we’ve had in place around money for 1,000 years around data,” online privacy expert Ron Zayas, CEO of Ironwall by Incogni, told CX Today in an interview.

Companies are feeding their data to AI engines to train their models, but regulations like the EU Data Act, which creates rules for data sharing and access—not to mention growing cybersecurity threats—require them to tread carefully. As Zayas put it:

“We need to understand that the same way you wouldn’t let your employees interact with networks without a firewall, you can’t let companies interact with AI without having some type of firewall in between and understanding what data you can share.”

Recent moves by European and global technology leaders indicate that they are responding to accelerating demand for a sovereignty-driven approach to innovation.

The Rise of Europe-Built Cloud and CX Solutions

Odigo, a European CCaaS and CXaaS provider, recently acquired Akio, a French software vendor specialising in AI-powered CCaaS solutions for SMEs and mid-market firms. The merger brings together Odigo’s enterprise-scale CX offering with Akio’s capabilities in AI, voice of the customer analytics, and reputation management.

But beyond expanding product portfolios, the acquisition represents a strategic move to consolidate European technological capabilities and reduce dependence on non-European cloud providers. (Aside from data sovereignty that push is becoming more significant given recent cloud service outages.)

As Odigo stated in announcing the deal:

“[T]he merger of two complementary French vendors with a strong presence across Europe reinforces Odigo’s ambition to create a competitive European alternative to the American firms in the sector. This approach comes at a time when European companies are placing greater focus on data sovereignty and control over their technological environments.

Patrick Giudicelli, Founder and President of Akio, added: “Joining Odigo means joining a French company that shares our values of customer proximity and sovereignty.”

The newly combined company offers a customer engagement ecosystem designed and hosted within Europe, where data control and regulatory compliance are built into the architecture.

Global Platforms Are Localizing Data and AI Operations

The big tech players are also evolving their approaches to sovereignty. Last week, enterprise AI platform Workday announced the rollout of its Workday EU Sovereign Cloud in 2026, keeping its European customers’ data local and secure.

All operations, including AI processing, data center access, support, and maintenance, ensure customer data is managed by EU-based personnel and never leaves the region.

“Workday understands how quickly evolving data sovereignty requirements can make it difficult for organizations to keep pace,” Gerrit Kazmaier, President, Product and Technology at Workday, said in the announcement. “Workday EU Sovereign Cloud gives our customers the freedom to innovate and grow confidently—helping them harness the power of AI while knowing their data remains protected and compliant.”

EU Sovereign Cloud is built on AWS infrastructure and spans multiple, geographically separated data centers to provide redundancy for key systems. Hardware protections prevent unauthorized access, and end-to-end encryption safeguards data whether it is in use, in transit, or in storage. An EU advisory board provides oversight to strengthen transparency and adherence to European sovereignty and security standards, Workday said.

The vendor plans to extend the offering to other regions down the line, but there’s no surprise that it’s starting with Europe first, given the region’s strict data rules.

Tech giant Microsoft has added a new set of capabilities to its Sovereign Public Cloud and Sovereign Private Cloud offerings that build on its digital sovereignty controls to deliver AI and cloud services strengthened by its ecosystem of specialized in-country partners.

The update includes end-to-end AI data processing within the European Union’s Data Boundary, the general availability of Microsoft 365 Local, and localized versions of its Copilot AI assistant in four countries by the end of the year, with 11 more to follow in 2026. That ensures Copilot interactions are typically processed in data centers located within a nation’s borders, to give customers greater control over where their data goes.

Microsoft has also extended its Sovereign Landing Zones for Azure and introduced new infrastructure capabilities, such as support for external SAN storage and the latest NVIDIA GPUs, to help enhance the performance of local deployments. The company is expanding its ecosystem of regional experts through a Digital Sovereignty specialization.

Microsoft acknowledged that organizations in Europe and other jurisdictions face a complex slate of regulatory mandates, as well as heightened expectations for resilience. As Douglas Phillips, President and Chief Technology Officer, Microsoft Specialized Clouds, stated in the update:

“Sovereignty has become a core requirement for governments, public institutions, and enterprises seeking to harness the full power of the cloud while retaining control over their data and operations.”

The conversation around data sovereignty has also been amplified by Zoho, which raised the issue in releasing its latest Zoho One upgrade.

The vendor highlighted the value of controlling the full technology stack and emphasized that operating its own infrastructure through to applications allows it to offer deployment models that give customers the control they need to meet regulations and provide transparency to their end users.

“We are doing these on-premise deployments in some countries where your data center has to be set up in that country, because we own… the entire stack … we are able to do it particularly when dealing with governments,” Raju Vegesna, Chief Evangelist at Zoho, said during a media briefing.

This approach allows organizations to maintain national or regional control over critical communication systems, an increasingly common requirement for enterprises that need to guarantee uninterrupted access to essential services.

These initiatives reflect a broader market realignment and a recognition that sovereignty does not need to be a constraint on innovation but can be a selling point for vendors. European enterprises increasingly expect cloud and AI providers to deliver verifiable assurances of data control and jurisdictional compliance.

As regulatory demands tighten and put more pressure on enterprises, from the EU Data Act to AI rules and sector-specific cybersecurity requirements, cloud providers that can offer data sovereignty by design are likely to gain a competitive edge.

The IRS will use Agentforce across the Office of Chief Counsel, Taxpayer Advocate Services and the Office of Appeals, Paul Tatum, Executive Vice President of Global Public Sector Solutions at Salesforce, told Axios.

The move follows major staffing cuts at the agency implemented by the Department of Government Efficiency (DOGE), which has since been quietly disbanded according to reports, as well as furloughs during the recent government shutdown. The IRS lost around 25 percent of its staff between January and May, shrinking from roughly 103,000 employees to about 77,000, according to a report from the Treasury Inspector General for Tax Administration (TIGTA).

The US Congress has reduced the IRS’s funding under the Inflation Reduction Act (IRA) from $80BN over a 10-year period to $37.6BN. And proposed budgets for the 2026 financial year would reduce the agency’s annual funding by around 20 percent.

“Completing IT modernization projects, providing quality service to taxpayers, and enforcing tax laws with a reduced workforce and budget will be challenging for the IRS,” the TIGTA said.

That’s where Salesforce comes in. The vendor received FedRAMP High Authorization back in June for Agentforce alongside its Data Cloud, Marketing Cloud, and Tableau Next offerings. It launched its Agentforce for Public Sector edition in August, which provides government agencies and local authorities with tailored, pre-built and AI agents.

Salesforce has already been working with the IRS to modernize some basic technology in those departments and will now add AI agents to handle tasks like generating case summaries and searching data to reduce the time it takes to handle customer interactions.

The aim is to help employees process cases so that taxpayers get the information they need faster, rather than to replace them, Tatum said.

The TIGTA pointed out that the agency still needs human staff to manage its complex remit:

“Despite numerous ongoing automation projects, the IRS still needs skilled and experienced employees to interpret tax law changes, investigate criminal activity, prevent fraudulent refunds, and implement complex coding changes for its information systems.”

That puts pressure on employees to deliver all this while providing a satisfactory service to taxpayers.

According to a separate TIGTA report in October, the Inspector General received nearly 250 complaints from taxpayers during the 2024 filing season, from January through May 2024, about interactions they had with IRS representatives.

The TIGTA found that IRS contact center representatives were typically courteous and professional in their interactions with taxpayers. But it identified “some instances where improvements are needed”. In 11 percent of call recordings, taxpayers received poor customer service, such as unprofessional behavior from IRS representatives, long wait times on hold or disruptive background noise. Another 15 percent of calls were either dropped or disconnected.

Why Automated Platforms Are Emerging as a Fix for Government Contact Center Shortages

AI platforms like Agentforce could provide a solution for government organizations like tax agencies that are facing a challenge in staffing contact centers to provide service to millions of taxpayers, especially during peak seasons.

Efforts to boost contact center productivity eventually hit a natural limit, because employers face a challenge in maintaining full staffing. “There’s a ceiling. You can’t make people give 110%. We work with governmental organizations who are losing employees and haven’t got the power or the money to fire into that space,” James Mackay, Regional Sales Manager at conversational AI firm Rasa, told CX Today in a recent interview.

Faced with thinning ranks from retirements, budget cuts or hiring freezes, these agencies are turning to AI to help frontline employees manage the workload. Mackay laid out the scope of the challenge ahead:

“Not reimagining how it works is an existential threat. It’s not like they need to just pay more for people; they can’t get the people. So now they have to figure out how they rationalize that ability to serve these customers. You’ve got a government who can’t afford the contact center, who legally have to provide that service, how are they going to do it?”

For government organizations, changes in service approaches such as scaling back contact center operations are not simply a business decision.

In the UK, HMRC was forced to backtrack almost immediately last year on plans to reduce its customer helplines in an attempt to funnel taxpayers towards its digital services such as chatbots and online forms. The agency stated that was “halting its plans in response to the feedback” from the public, business groups and politicians.

The Canada Revenue Agency (CRA) has also come under scrutiny in recent months following layoffs earlier this year, given ongoing taxpayer complaints around long wait times, unanswered calls, and contact center agents providing inaccurate tax information. The CRA has hired back some staff, as the issue has been escalated to Parliament and the Auditor General. An assistant commissioner at the CRA, Melanie Serjak, told MPs in a standing committee in October that the agency is looking at AI, among other technology tools, to assist agents in providing accurate responses.

While AI is often touted as a solution that “makes everything better,” supporting staff in government agency contact centers is one area where there is true potential, Mackay added.

“Is AI the answer to that? It might not be. There might be other ways… like outsourcing has been a favorite way of dealing with that. But AI has a real chance, if used well, to help augment and get rid of—to some degree—some of the requirements for bums on seats.”

For an agency that fields millions of questions, complaints and appeals each year, even small improvements in case handling can translate into noticeable gains in service experience for the public.

Summarizing long case files, retrieving policies instantly, drafting communications, and pulling up relevant data are the kinds of small efficiencies that add up to noticeable real-time savings in understaffed environments.

However, the challenge will be using AI solutions appropriately and avoiding the risk of hallucinations related to tax filing or collection, which could have serious consequences for taxpayers.

Organizations will need to establish clear guardrails around how automated systems handle sensitive financial information, making sure that every recommendation or calculation they make is grounded in verified data. Human oversight will remain critical, particularly if AI is tasked with interpreting complex regulations or communicating with taxpayers.

Salesforce, for its part, recommends deploying AI agents for non-critical tasks and where human experts can easily intervene.

“Salesforce doesn’t advocate for a blind AI processing tax returns without a human being involved in reviewing and supplementing it,” Tatum told Axios. “When the agents are built, there’s a lot of guardrails put in … [they’re not] allowed to make final decisions, they’re not allowed to disperse funds.”

For other government organizations, the IRS’s move offers a case study into how AI might fit into their own service delivery approaches, aimed squarely at relieving pressure on overworked teams.

The tech giant is using one of its largest annual events to highlight how AI agents are becoming an operational reality.

Across sales, service, content creation, and employee enablement, Microsoft’s updates signal a shift from “copilots that assist” to agents that act.

Here are the five biggest CX takeaways from this year’s announcements:

1. The Sales Development Agent Brings Autonomous Selling into the Mainstream

Microsoft’s new Sales Development Agent is easily the headline act for CX, sales, and revenue teams.

Now in the Frontier preview, it’s designed to “research, qualify and engage leads during and after business hours,” according to Microsoft, with the aim of ensuring “no lead is left behind.”

For CX and sales leaders, this changes the rhythm of pipeline generation. Rather than relying solely on human outreach or rule-based automation, organizations can now experiment with an autonomous agent that can drive early-stage conversations and escalate only when human intervention adds value.

Security and governance controls are built in through Agent 365, which Microsoft says comes “ready to use with the security, governance and productivity tools in Agent 365 right out of the box.”

This will be one of the most closely watched previews of 2025, especially for teams seeking to modernize their lead engagement strategy without rebuilding their tech stack.

2. Sora 2 Arrives in Microsoft 365 Copilot – A New Era for Customer-Facing Content

In the age of AI, customers are expecting more and more from their service interactions.

With Sora 2 integrated into Microsoft 365 Copilot, marketing and CX teams can meet these enhanced expectations by generating short videos directly within the Create experience.

Microsoft confirms that users will be able to “generate short AI-generated video clips from natural language prompts” and even replace stock footage with AI-generated alternatives.

For CX leaders, this opens a fresh lane of possibility:

• Personalized explainer videos
• Onboarding clips
• Campaign assets
• Product walk-throughs

All without waiting weeks for production resources.

Brand kits, voiceovers, and music tools are included, helping teams create content that feels consistent and polished.

While still part of the Frontier program, it’s a sign of where Microsoft believes customer-facing content creation is heading.

3. Power Apps Gains Agent-Powered Automation – A Boost for CX Operations

Low-code builders have become essential to CX operations, especially when bridging gaps between CRM, support platforms, and custom business processes.

At Ignite, Microsoft announced a new agent-powered maker workspace in Power Apps.

The company says the new workspace “combine[s] what a maker needs — planning, data modeling and app building — into one intelligent, AI-powered canvas,” with the ability to generate apps simply by chatting with Copilot.

For CX leaders, the implications are practical:

• Quicker development of service workflows
• Easier creation of custom tools for agents
• More agility without waiting on development teams

Power Apps also introduces its own Model Context Protocol (MCP) Server, allowing AI agents to call an app’s capabilities. Microsoft notes that “agents will be able to call capabilities built into apps,” including retrieving records or submitting approvals.

This is a significant step toward agent-driven customer operations.

4. Agents in Microsoft Teams Become Cross-App Orchestrators

Another update includes the ability for Agents inside Microsoft Teams channels to now integrate with third-party systems such as Jira, Asana, and GitHub.

Microsoft explains that agents can pull risk information directly from these tools, surface blockers and even “schedule a meeting with the team to discuss a mitigation plan.”

While this may sound like more of a UC function on the surface, for CX organizations, particularly those running cross-functional operations (product, engineering, marketing, service), this has real value:

• Fewer context switches
• Less manual follow-up
• More coordinated communication around customer issues

Rather than agents acting as isolated helpers, they become part of team-wide workflows.

5. Microsoft 365 Copilot Expands Its Content and Collaboration Capabilities

Ignite 2025 delivered a wave of enhancements across the Microsoft 365 ecosystem that CX teams will appreciate.

Most notably, Microsoft 365 Copilot Chat can now create Pages, allowing teams to turn ideas into interactive documents.

Microsoft says the tool can “write code directly onto a page,” helping users create “interactive reports” or even turn them into PowerPoint presentations.

It’s a practical way to speed up:

• Knowledge base creation
• Internal playbooks
• Campaign plans
• Customer-facing documentation

SharePoint creation via Copilot Chat also arrives in preview, enabling users to generate structured pages and lists with prompts like “@SharePoint page agent create a page for our Q4 marketing campaign.”

For organizations where content fuels the customer experience, these additions could provide real productivity gains.

Final Thoughts

Microsoft Ignite 2025 showed a company doubling down on agentic AI; not as an abstract vision, but as a practical operating model.

While some features remain in preview, each one points toward a future where AI agents handle more of the repetitive, early-stage and cross-system work that slows down CX, sales, and service teams.

For CX leaders, this year’s Ignite offers a toolkit that stretches from autonomous sales engagement to rapid content creation and operational automation.

It’s a significant step in the evolution of Microsoft’s AI ecosystem, and one that customer-focused organizations should watch closely in the months ahead.

You can find out more about all of the major UC announcements from Ignite 2025 by checking out our sister site UC Today.

Across the customer service and experience space, the technology is being used to answer questions, guide purchases, and increasingly handle conversations once reserved for human agents.

Yet a familiar problem keeps surfacing: these systems still behave unpredictably.

They can be fluent and insightful one moment, then miss something basic the next. And when that happens, the customer experience suffers.

Salesforce’s latest releases take direct aim at this reliability gap.

Across service, commerce, and AI research, the company is seemingly placing accuracy, consistency, and predictable behavior at the center of its AI system design.

And the CRM powerhouse isn’t tiptoeing around the issue.

This is evident with the launch of eVerse – the vendor’s new simulation environment built by its AI Research department to uncover failures before they ever reach a live customer.

In discussing the motivation behind eVerse, Salesforce pointed to what it refers to as “Jagged Intelligence”, instances where AI excels at complex tasks but struggles with simple ones.

The vendor believes that this phenomenon “creates unacceptable business risk” and that eVerse “directly addresses” the issue.

A Reliability Problem Hiding in Plain Sight

Through its Agentforce platform, vendors like Salesforce have been at the forefront of expanding the capabilities and usage of AI agents in the customer service and experience space.

These tools are moving beyond basic interactions to acting autonomously in key moments of the customer journey – highlighting just how prevalent AI now is within the sector.

As Kishan Chetan, EVP and GM of Salesforce Service Cloud, puts it:

“AI agents go beyond predictions and automation; they can understand context, take action, make decisions, and adapt in real time.”

Indeed, Salesforce’s 2025 State of Service report claims that 30% of service cases are currently handled by AI, with this percentage expected to rise to 50% by 2027.

Given the sometimes volatile nature of AI, this shift has the potential to drastically increase instances of unpredictability.

In an environment where one incorrect decision or confused response can alienate a customer and damage a brand’s reputation, there is plenty of risk accompanying the reward of further automation.

Salesforce appears to be attempting to combat the unreliability of AI so that the technology can become safer while its popularity continues to soar.

Breaking AI Before Customers Do

In a nutshell, eVerse is designed to break AI before customers do.

The training environment is unforgiving. It throws noise, accents, unpredictable behavior, and messy real-world scenarios at AI models to see how they cope.

Salesforce AI COO Madhav Thattai explained how Agentforce Voice was one of the eVerse guineapigs:

“With eVerse, we were able to explore many nuances of human conversation before Agentforce Voice reached production.”

“This type of rigor is what turns breakthrough research into scalable products and dependable customer experiences.

“It’s how we’re expanding that same level of responsiveness and consistency across the full observability stack to solve our customers’ most complex needs.”

UCSF Health is one of the companies currently involved in the pilot phase of eVerse.

Collaborating with clinical experts, the Salesforce team is training AI agents to handle healthcare billing, where precision is essential.

Early tests showed agents reaching up to 88% coverage across routine and complex tasks, with reinforcement learning and clinical oversight shaping the results.

Sara Murray, MD, MAS, VP & Chief Health AI Officer at UCSF Health, summarized the goal:

“When used responsibly, we believe AI can help our teams simplify one of the most complex parts of healthcare.”

Salesforce believes that the continuous trial-and-error training loop “transforms agents from generic language models into enterprise-specialized systems ready for production deployment.”

Retail Has the Same Problem – With a Commercial Twist

Salesforce’s reliability push stretches into commerce too, where a new set of challenges is emerging.

Traffic from consumer AI channels, including upcoming integrations with ChatGPT, is rising sharply. Salesforce forecasts that during Cyber Week, intelligent agents will influence 22% of global orders.

This represents another potential risk if the AI representing your brand gives inconsistent answers.

To combat this, Salesforce has announced fresh capabilities for Agentforce Commerce.

The new features allow retailers to syndicate product data into AI channels with tight control over accuracy, pricing, and brand voice.

Self-described as the “first platform designed to give retailers full control over the entire agentic shopping journey,” Agentforce Commerce lets brands push product catalogues into AI platforms like ChatGPT while delivering personalised, agent-led journeys on their own sites to drive loyalty and higher lifetime value.

One organization currently using the tool is Pandora. The company’s Chief Digital & Technology Officer, David Walmsley, discussed the importance of being able to deliver dependable AI, stating:

“This is more than just commerce; it’s about using trusted AI and unified data to guide every customer, making them feel understood, supported, and valued.”

It is clear from Walmsley’s comments that when AI is steering purchasing decisions, that trust has the potential to become a direct revenue lever.

Fixing the Problem Long Before It Shows Up

Viewed together, Salesforce’s recent updates follow a clear logic: push reliability upstream.

The vendor is building it into the training data, the simulation environment, the risk checks, the decision-making logic, and the human oversight loops.

The logic appears to be: if reliability becomes an afterthought, AI remains a gamble; if it becomes structural, the technology scales far faster.

Salesforce’s State of Service report hints at the same dynamic. AI is already reshaping frontline roles. But adoption still hinges on trust. Service teams want tools they can rely on, not systems that feel experimental.

Security leaders echo this. While 51% report delayed rollouts due to risk concerns, Salesforce’s State of IT: Security report finds unanimous agreement that AI agents can strengthen security posture – once reliability and safety controls are in place.

In other words, the enthusiasm is there, but the confidence is catching up.

Maybe reliability will prove to be the missing piece.

A Line in the Sand for AI in CX

As AI agents step further into direct customer interactions, the industry is hitting a turning point.

These systems are no longer side tools; they’re the first point of contact in many journeys. That places reliability above convenience, above cost savings, and above speed.

Silvio Savarese, Chief AI Scientist at Salesforce, linked the research to real-world outcomes:

“Our partnership with UCSF Health demonstrates how applied science translates directly to customer value, proving that when you train agents in environments that mirror real-world complexity, they perform reliably when it matters most.”

That’s the crux of Salesforce’s message. In the agentic era, reliability must be foundational; not an afterthought.

Teams that recognize this early – and harden their AI accordingly – will be the ones who are best placed to fully maximize the potential of the technology.

Announced at the vendor’s flagship Refresh event, the updated platform includes the following three fresh capabilities:

• Vertical AI Agents
• Freshdesk Command Center
• Freddy AI Insights

Together, the three tools are designed to enable CX teams to lower response times, boost resolution rates, and gain real-time visibility into the issues slowing growth and efficiency.

The updated solutions are partly in response to Freshworks’ Cost of Complexity Report, which outlined ‘uncustomizable workflows’ and ‘too many tools to toggle between’ as two of the biggest software-related challenges currently impacting customer service agents.

These findings speak to the wider issues of over-complication and solution fatigue that have been prominent in recent times, and can prevent agents from truly maximizing the benefits of AI.

This point was raised by Srini Raghavan, Chief Product Officer of Freshworks, when discussing his company’s latest releases.

“CX leaders want to scale instant, empathetic service without sacrificing quality or time. Yet fragmented systems, outdated tools, and redundant processes waste hours of their teams’ time,” he said.

“Freshworks is breaking that cycle of complexity by uniting how teams work and helping them reclaim hours of lost productivity, enabling teams to meet customer needs with greater speed, and giving leaders an easy way to uncover growth drivers and detractors proactively.”

So, let’s take a closer look at whether the revamped capabilities can deliver on Raghavan’s promise.

Vertical AI Agents

Freshworks has introduced new Vertical AI Agents for eCommerce, fintech, travel, and logistics within the Freddy AI Agent Studio, a workspace for building, testing, and monitoring AI agents.

The agents come with more than 50 prebuilt workflows, reducing the setup effort typically required when deploying industry-specific automation.

Designed to handle tasks as well as respond to inquiries, they integrate with systems such as FedEx, Shopify, and Stripe.

Users can also create custom agentic workflows, enabling the agents to deliver end-to-end resolutions aligned with sector-specific processes.

The latest move from Freshworks is another example of a major customer service and experience vendor choosing to move into the industry-specific agent arena.

Indeed, at the beginning of the year, Salesforce released Agentforce for Retail, a skills library for industry-specific AI agents. This was followed by the launch of Agentforce for Public Sector and Agentforce for Manufacturing back in August.

Talkdesk is another vendor that has targeted specific verticals in the past, havign released AI agents for Healthcare and Finance earlier this year.

In doing so, all of these vendors are looking to differentiate themselves in a crowded space and leverage AI to make their tools more effective.

Freshdesk Command Center

The enhanced Freshdesk Command Center consolidates multiple customer service channels – email, chat, WhatsApp, and social media – into a single workspace, reducing the need for agents to switch between applications.

It combines AI assistance with process automation to streamline operations, helping teams retrieve relevant customer data and respond more efficiently.

AI capabilities within the platform also provide real-time insights, including conversation sentiment, SLA deadlines, and access to customer information such as purchase history, subscription details, FedEx tracking updates, Stripe payments, and Shopify product data.

In addition, agents are able to access Freddy AI Copilot, the platform’s AI assistant, from directly within the command center.

They can use the copilot to summarize email threads, suggest responses, and recommend actions.

Single-click operations can trigger end-to-end processes, including refunds, replacement orders, and activity logging, enabling faster resolution of customer requests without leaving the command center.

Freddy AI Insights

Freddy AI Insights offers real-time visibility into support operations, helping leaders monitor performance trends and detect anomalies before they affect the customer experience.

The platform provides alerts for spikes in support volume, SLA breaches, and workflow bottlenecks, alongside built-in root cause analysis that highlights why changes occur.

Visual dashboards present performance shifts clearly, enabling teams to identify critical patterns, assess which groups are impacted, and take timely action.

Designed as a continuous analytics tool, Freddy AI Insights also translates operational data into actionable intelligence to support proactive decision-making.

Breaking the Cycle of Complexity

While each of the three capabilities addresses different aspects of the customer service and experience tech sector, the overall trend is clearly to make these tools more user friendly.

With the incredible advances that AI has brought to the customer service and experience sector in recent times, some vendors can sometimes be guilty of being blinded by their own shiny new toys.

It doesn’t matter how impressive a vendor’s new feature is; if it isn’t easily accessible and navigable, agents will offer resistance.

As more and more frontline agents struggle with tool fatigue, vendors must prioritize usability.

That explains why 58 percent of organizations that suffered ransomware attacks in the past year paid the ransom to get their data back, according to Sophos’ State of Ransomware in Retail report. That was the second highest payment rate in five years. The median ransom demand doubled to $2 million from 2024, while the average payment increased by 5 percent to $1 million.

Retailers especially have had a tough year, as several large brands have suffered high-profile cybersecurity attacks. The threats are growing as attackers are constantly looking to exploit vulnerabilities. As demands for ransom payments reach new highs, enterprises in all sectors need to put in place comprehensive security strategies. Sophos’ research showed 46 percent of attacks began with an unknown security gap.

The nature of ransomware threats is changing, as malicious actors hone in on phishing attacks as a way to gain entry into enterprise systems rather than attacking servers.

“We’re very focused on server security and network security. But in reality, what’s happening is that… over the last two years, 70 percent of ransomware attacks originated with an individual, rather than the server,” online privacy expert Ron Zayas, Founder CEO of Ironwall by Incogni, told CX Today in an interview. “That’s coming from using data to create better phishing attacks that are so good that you’re clicking on them”

These attacks have a direct impact on a company’s reputation and sales. Major casinos and large retailers have seen their performance plunge in the aftermath of breaches, Zayas noted.

“This isn’t theoretical. You’re losing a lot of money when customers perceive that A, you’re asking for too much information. And B, when something happens to you because you’re careless, they’re going to go somewhere else because they understand the threat to them.”

The challenge is escalating as hackers are using AI to create and automate more convincing phishing attacks, Chester Wisniewski, Director, Global Field CISO at security firm Sophos, told CX Today.

“The two most concerning aspects of AI are the higher quality of phishing attacks and the speed with which attacks can be conducted. AI doesn’t necessarily create new threats as much as it allows the existing techniques to be automated and executed more quickly,” Wisniewski said.

“One of the most important factors in defending networks isn’t just prevention, but also how quickly you can detect and breach and respond, ideally, before any data is stolen or encrypted.”

“If AI makes each malicious step easier, defenders will need to monitor 24/7 for breaches and be prepared to react in minutes, not hours, to prevent harm to unprotected data,” Wisniewski said.

Prevention Starts with Preparation

The key to avoiding ransomware attacks is preparedness. “Properly protecting your information and backups insulates you from all types of data theft and ransom attacks,” Wisniewski said.

But this is where many companies are falling down. According to Sophos, 62 percent of retailers that experienced attacks restored their data using backups. That was the lowest rate in four years, indicating that some companies are not generating regular backups that they can restore data from if the worst happens.

“The figures for retail in this year’s survey are very concerning,” Wisniewski said. “The lack of backups makes organisations even more reliant on paying criminals and hoping for the best to regain access to business-critical information.”

Identifying where security weaknesses are and performing reliable backups indicates an organization is taking a proactive approach to data security. “As we all know, an ounce of prevention is worth a pound of cure and this lack of preparedness results in higher incident costs and more loss of sensitive information harming an organizations’ reputation,” Wisniewski said.

As ransomware attacks evolve to target individuals, enterprises need to understand how employee data can be leveraged to launch highly targeted attacks.

“That’s where it’s changed, and companies don’t fully understand even that the vector has changed, or how to protect themselves,” Zayas said.

“It’s the data on your employees that’s killing you, so the way to protect yourself is to remove the amount of data that is available on your employees.”

Enterprises are starting to realize that dark web monitoring tools can act as an early warning system against ransomware and data breaches. When attackers compromise a device, such as an employee’s phone, they often advertise that access on the dark web for anyone willing to pay.

In some cases, leaked credentials or access to infected devices can surface online weeks before a ransomware attack, and monitoring tools can send out alerts that give teams time to prepare.

“It’s a great way for you to jump in front of that, because once it’s in circulation, you’re toast; it’s too late,” Zayas said.

Organizations also need to reconsider the level of detail in the data they hold on customers.

For instance, recent security breaches through the Salesforce platform have succeeded because companies keep extensive customer records in the system, Zayas noted.

“One of the best practices for any company is to decide how much information you really need. Just because you can get more information and enrich it doesn’t mean it makes sense.”

Any interaction with a third party opens up a potential vulnerability. That’s why organizations need to think beyond protecting their servers.

Managing Vendor Risk to Prevent Data Breaches

“Everybody wants to jump on the AI bandwagon, and AI isn’t something that a standard company can do on their own. You have to work with a third party… because of the complexities,” Zayas said. “That becomes a huge attack vector for people going after ransomware.”

Several high-profile security breaches this year, such as Stellantis, Jaguar Land Rover, Harrods and Discord, have involved attacks on their third-party customer data platforms, not the company’s own servers.

Zayas warned:

“If you are a private company and you are sharing information, if you are putting your information to a third party, it’s like the old saying, whoever you sleep with, you’re sleeping with everybody that they ever slept with.”

“When you partner with somebody and you’re transferring data, you have to be much more aware of how you’re identifying that data, because now you’re vulnerable to whatever attack happens to them.”

As enterprises adopt AI tools to streamline data management and enhance decision-making, they often overlook the critical risk created by the fact that AI systems rely on large volumes of data. They are opening up their data and feeding extensive amounts of sensitive information into AI platforms. While these systems are managed by major providers, no organization is immune to breaches, potentially exposing customer data, Zayas said.

“Let’s go back in time a little bit to when there was a lot of cash… People didn’t come to rob your pizza place. They robbed the bank, because that’s where everybody was putting their money.”

Users need to understand that “data is the currency” that is now circulated, and this makes large AI providers and marketers more attractive to attackers than targeting a number of smaller companies, Zayas said. “You’re going to see the breaches being more and more related to the amount of information that’s coming out with AI, the amount of information that’s being enriched, and companies are going to suffer from this.”

Although enterprise teams want to collect as much information as possible to get richer AI outputs, “you need to be a lot smarter about what information you share to be able to get what you need,” Zayas said.

Removing personal information so that individuals are not identifiable will help to protect customers.

“The smart play is learn how to sanitize your data. You don’t have to share 100 pieces of information on one of your customers with an outside company. It’s stupid. Why are you sharing all that customer information when it becomes available?”

“It’ll still give you the same result you have without the customer information being there.” Zayas added.

When signing contracts with third-party providers, buyers should look for vendors based on their data sensitivity and make sure that they include clear privacy clauses and audit rights.

“Third-party risk management is the frontline defence for customer data,” Aben Pagar, Director at legal services firm Konexo, told CX Today. “Due diligence cannot stop at onboarding—continuous monitoring and assurance are vital. Embedding these controls creates a culture of accountability that protects data and strengthens trust.”

In the UK public sector, a proposed ban on organizations making ransom payments will require them to ensure their systems are resilient.

“The ban on ransom payments changes the calculus for procurement,” Pagar said. “Vetting suppliers for robust security and privacy practices is now non-negotiable.”

Keeping Customers Informed When Ransomware Strikes

When enterprises do fall victim to ransomware attacks, communicating with customers as much as possible is essential to provide reassurance that leaders are actively working to recover and safeguard their data.

“Customer communications are key during incidents to inspire confidence that you have capable experts handling the situation. Silence is very dangerous, as people’s imaginations are far worse than what your incident actually looks like,” Wisniewski said.

Although there are certain details that companies may not be able to provide because of legal constraints and law enforcement requests, “being open and sharing what you can goes a long way toward demonstrating your commitment to your customers and their privacy and security,” Wisniewski said.

Ransomware Recovery is a Team Sport

Given the proliferation of attacks, companies need to be prepared to bounce back quickly if a ransomware hit does happen. Testing backups regularly and knowing exactly how to restore systems if things go down are key. Staying on top of vulnerabilities, tightening access controls, and keeping a close eye on who has high-level permissions can make all the difference.

“Regular staff training reduces human error, and a robust incident response plan ensures clarity when seconds count,” Richard Chudzynski, Partner at Konexo, told CX Today.

Response plans must involve all teams. Ransomware and other cyberattacks are no longer just IT problems. Relying solely on IT managers to respond puts enterprises at greater risk because attacks now touch every aspect of the business.

“Resilience is a team sport,” Chudzynski said.

“HR safeguards employee data, procurement manages supplier risk, and business units handle customer information, while IT and cyber teams enforce technical controls. Legal and privacy teams set the regulatory framework, and internal audit validates compliance.”

When each team owns its role, organizations can communicate transparently during a crisis, helping to minimize disruption to the customer experience and reinforce trust, Chudzynski added.

Christian Draeger, who runs passenger experience there, talks about it in a way that’s surprisingly down-to-earth. “We’re not just starting at the airport door,” he says. “We’re already looking at customers, how they can get prepared for their travel, even days ahead of the actual travel plans.”

That’s a different way of thinking about travel, one where the airport is part of the journey, not a pause in it. Draeger’s rule is simple: “Put the passenger in the center.”

That idea is becoming more important. Around two-thirds of travelers now use AI tools to plan their trips, and most say they want services that adjust to them, not the other way around. Berlin’s answer is to mix technology with empathy, using automation to remove hassle, not humanity, and turn the everyday airport routine into something that actually works for people.

Understanding & Designing for the Modern Traveler

Christian Draeger has spent a lifetime around airports. More than thirty years in aviation have given him a deep sense of how people move, wait, and connect. During his time with Star Alliance, he helped shape what millions of passengers now recognize as the modern travel experience. When he joined Berlin Brandenburg Airport, he came in ready to rethink that experience from the ground up.

Berlin handles around 25 million passengers a year, so it’s big enough to be busy, but small enough to still care. “We also operate our premium services: two business-class lounges and an ultra-premium lounge where you get à la carte dining and a chauffeur service to the aircraft,” Draeger said.

That same care for detail extends to the parts of the journey most people barely notice. The airport also took control of its own security operations, because, as Draeger puts it, “We felt that the mandate of the federal police didn’t provide enough attention towards the passenger experience.”

Now there are 32 security lanes, 24 fitted with advanced CT scanners, so passengers can keep laptops in their bags and carry small amounts of liquid without delay. “It’s about having a consistent experience across the whole area of the airport,” he says.

Every choice is made with the passenger in mind. “It starts really by knowing our customers,” Draeger says. “If we have a family that’s traveling once a year on holiday, their prerogatives are different from a business-class customer focused on getting through as efficiently as possible.”

That balance, efficiency for some, discovery for others, is at the heart of personalization in travel, and it’s essential. A recent study found that 93 percent of travelers now expect some form of tailored service. Berlin’s approach proves those numbers translate into real-world design decisions: better security flow, less queuing, and even duty-free areas reimagined as “specialized marketplaces.”

Dual-Terminal Strategy: Two Philosophies, One Vision

A walk through Berlin Brandenburg Airport reveals something a bit different. Its two terminals don’t just separate airlines; they reflect two completely distinct types of travelers. One is designed for comfort, the other for speed. Together, they show how personalization in travel can be built into the physical space, not only into digital systems.

“The level of automation that you will find with low-cost carriers is more in focus than with a legacy carrier,” says Draeger. Terminal 2 is the efficient, minimalist one: smaller, sharper, and geared toward travelers who value simplicity and price over perks. “Terminal 2 is geared to simplicity and generating additional revenues through add-on services,” he explains.

Think self-service kiosks, intuitive wayfinding, and a layout that helps people move quickly from curb to gate. “The utilization of busses is less, you have more walk boardings,” he adds.

Terminal 1, meanwhile, is a different rhythm altogether. “It’s about efficiency and comfort, both guided by digital tools.” Business and frequent flyers pass through airport automation that’s designed to make the process seamless. Over a hundred self-service kiosks are spread across the terminal, complemented by digital signage and premium lounges.

It’s the physical version of a digital truth: no two passengers want the same thing. Some want to breeze through with a coffee and a boarding pass on their phone. Others want time, space, and a glass of something cold before they fly. Both deserve an experience that feels intentional.

That’s what Berlin is building, a new kind of airport customer experience where infrastructure itself becomes a form of personalization. Different terminals, different tools, same philosophy: know who’s traveling, and design accordingly.

AI and Automation Enhancing Personalization in Travel

Like most airports, Berlin once relied on a traditional call center. It worked, but just barely. “We were looking at our call center and we weren’t completely happy,” says Draeger. “It was limited, inconsistent, and expensive.”

That frustration turned into an opportunity. Berlin decided to replace its call center entirely with a generative AI-powered system. The result was “Berry”, Berlin’s always-on virtual assistant.

“Customers can call the AI hotline and have a conversation just like we’re having right now,” Draeger says. It took just six weeks to build and launch, and within a few months, the results were striking: satisfaction above 85 percent, costs down 65 percent, and service available 24/7.

The human element didn’t vanish; it just found a new home. Instead of waiting in phone queues, travelers get answers right away. Lost something? Need flight details? Berry, the airport’s AI agent, takes care of it and loops in a person if the question needs a human touch. It’s simple to use too: one phone number on Berlin Airport’s website connects straight to Berry.

Building the AI Layer with Berry

Behind the scenes, Berry learns fast. “After six to eight weeks we reached an acceptable level… then you could see week-to-week improvements as GenAI learned,” Draeger explains. His team fed the system with real passenger questions and prioritized the most urgent topics first, like the classic “I left my laptop on the aircraft.” “We prioritized major customer concerns to ensure correct routing from day one,” he says.

Now the airport is preparing for the next step, chat. “We want to also offer the ability to get in touch with our AI agent through chat functionality,” says Draeger. QR codes will soon appear throughout the terminals, linking passengers directly to Berry via chat, integrated into the website and app. “If you’re standing in the arrivals hall, we’ll know based on the QR code where you are, and tailor the information accordingly.”

The idea is to build truly contextual assistance: a passenger in departures might ask about gate directions or restaurants, while someone at baggage reclaim could get help locating transport or lost luggage. “Customers can switch between voice and chat depending on environment or age. My children would prefer to talk; someone in a crowded terminal might prefer to chat,” Draeger says.

Operational AI and the Quest for Seamlessness

A lot of what makes Berlin Brandenburg Airport work isn’t something you can see. It happens on the tarmac between the terminal and the runway, where planes turn around for their next flight, and timing is everything.

“We also have others more on the ramp side,” says Draeger, referring to a system the airport now uses to track ground operations in real time. Cameras watch every stage of the turnaround, feeding data to an AI that predicts how long the process will take and where it might go wrong. “They can predict turnaround durations and steer additional resources if required,” he explains. “If a baggage belt is missing upon arrival, they can autonomously act on that and resolve bottlenecks.”

This is the kind of work that truly shapes the airport customer experience. When flights leave as scheduled, lines move faster, and connections fall into place without drama. Most travelers never think about the coordination behind it all. Yet every new piece of technology adds a layer that must fit perfectly with the rest.

But every new layer of technology brings its own challenge. “We always want to have this seamless experience for our customers,” Draeger says. “As we introduce more technology, we’ll have the challenge of combining it with legacy systems.”

Airports, after all, are built to last, and that means old baggage systems, decades-old software, and miles of wiring that can’t just be swapped overnight. “Traffic is increasing significantly, and we have limited infrastructure,” he adds. “We need simpler processes and better technology to absorb growth.”

Behind the polished front end of any airport automation project lies a balancing act: new tools talking to old systems, innovation working around concrete and cables.

The Future for Personalization In Travel: Digital Handholding

When asked what he thinks the future of travel looks like, Christian Draeger doesn’t mention drones or driverless terminals. He talks about something far simpler: help that is steady, thoughtful, and personal. “We always like to call it digital handholding,” he says. “A digital entity that’s completely informed, taking the customer by the hand and guiding them through the journey.”

Many agree that this is exactly where AI in the travel industry is heading. Gartner predicts that more than 80% of all customer interactions will be AI-assisted by 2029. The difference now is how personal that assistance can become.

“In the future, we see customers having their own personalized digital agents,” Draeger says, “on mobile, VR glasses, or other interfaces.” Those agents will be able to do a lot. “They’ll be able to rebook flights, change hotels, handle issues,” he explains. “We’ll need to provide them with the knowledge base and interconnectivity so they can act.”

He describes a world where these personal assistants talk to each other. “We’ll see a marketplace developing for agent-to-agent interaction,” he says, a network where your digital travel companion can speak directly to an airline, a hotel, or even the airport itself to smooth out the details before you notice them.

Some of that is already visible in small ways. Berlin is already imagining using augmented reality to help people find their way through the terminal. “If you come to Berlin Airport, sometimes you’ll find too many information boards,” Draeger admits. “Imagine augmented reality guiding you through the airport.”

It’s easy to see where this leads: toward an airport customer experience that blends technology with intuition. The idea isn’t to overwhelm passengers with data, but to take away the stress of travel entirely.

Personalization in Travel and Airports as Experience Ecosystems

Christian Draeger talks about air travel the way some people talk about music, not as noise and movement, but as rhythm. Airports, he says, are meant to keep that rhythm steady. When they do, everything else feels effortless.

“It’s all about making travel easier,” he says. “Like when you take a train, you just arrive and go, that’s the overarching ambition.”

Mostly, Berlin Brandenburg Airport is just pushing for a calmer travel experience. From the moment a traveler checks in to the moment they leave the gate, the goal is to take away the small frictions that make airports stressful. Berry, the AI voice agent, is part of that. So are the self-service kiosks, the CT-scan security lanes, and the quiet bits of software that keep aircraft turning on time.

“It’s not about one technology: Gen AI, robotics, biometrics, or AR,” Draeger says. “It’s about combining them to make travel much simpler.”

That line sums up Berlin’s whole approach to personalization in travel. It isn’t about showing off what technology can do; it’s about how little the traveler has to notice it.

That’s the real future of airport customer experience: an ecosystem that looks complicated underneath but feels beautifully ordinary on the surface, the kind of simplicity only achieved when someone’s been obsessing over every detail on your behalf.

Dubbed ‘Whisper Leak’, the flaw could allow bad actors to discern what someone is discussing with an AI chatbot, such as ChatGPT.

‘But what about the encryption?’, I hear you cry! Worryingly, this weakness bypasses encryption entirely; or rather, it makes the encryption redundant.

According to Microsoft Defender Security Research Team, the Whisper Leak vulnerability allows an attacker who can observe network traffic to infer the topic of an encrypted AI chatbot conversation – even though the content remains unreadable.

That means that while the words remain behind TLS encryption, the patterns of data packets – including their size and timing – reflect the rhythm of the chat and can reveal sensitive subjects.

By analyzing this information and comparing many conversations about specific topics, such as “money laundering,” against unrelated ones, attackers were able to train a classifier to spot the unique patterns associated with each subject.

This resulted in Microsoft’s system being able to achieve more than 98 percent accuracy in distinguishing sensitive topics purely from the shape and rhythm of the encrypted traffic.

While no content is ever directly exposed, experts say the pattern data alone could, in theory, reveal what a user is discussing

According to official guidance, this makes the threat “practical” in environments where a well-resourced adversary could monitor encrypted traffic.

But what exactly does this mean for contact centers?

What Contact Centers Need to Know

Given the ubiquitous nature of AI-powered chatbots in contact centers in recent times, this could prove to be hugely problematic.

Indeed, WifiTalents’ 2025 Contact Center Statistics report revealed that 54% of contact centers have reported increased use of chatbots.

A report from Emerge Haus released earlier this year stated that 52% of contact centers have invested in ‘conversational AI’ and an additional 44% intend to.

Elsewhere, Calabrio’s State of the Contact Center report found that 98% of contact centers report using AI in some form.

This rapid adoption reflects the drive for efficiency, lower costs, and better agent support. Yet the pace of roll-out may also have outpaced full scrutiny of privacy implications.

This could prove to be particularly problematic for contact centers that deploy AI assistants in regulated industries. The research underscores that encrypted communications are not as infallible as many believe.

Imagine a scenario where a customer chats with a virtual assistant about a refund, a health-claims issue, or a financial investigation.

The actual text may be protected, but if a bad actor can observe the session’s packet pattern, they could infer the subject is “medical claim”, “fraudulent payment”, or “political complaint”.

In a contact center environment where AI assistants handle high-volume, routine queries, or where agents augment responses with AI, this opens up a range of exposure points and areas of concern:

Exposure Points

• Vulnerable networks (public Wi-Fi, shared agent terminals)
• Multi-tenant cloud services where packet flows might be observed
• Metadata linking of customer behavior over time, even if individual queries are anonymized

Areas of Concern

• Agent-assist vs. direct-bot interactions: Whether the AI chat is with a customer or behind the scenes supporting an agent, both use streaming models and are therefore susceptible to side-channel inference.
• Metadata risk amplification: Even if you’re complying with GDPR or CCPA around content encryption, regulators are increasingly concerned about metadata (who, when, how often, what topic). In some jurisdictions metadata itself may constitute personal data.
• Network exposure and vendor risk: Many contact-centres rely on hybrid or multi-cloud AI deployments, or agents working remotely on unsecured Wi-Fi. Each of these expands the “surface” where a packet-observer could exist.

What Major AI Providers are Already Doing

While the possibility of anonymous bad actors having access to customer communications is certainly a concern, the good news is that Microsoft has already worked with several major providers, including OpenAI, to help combat the Whisper Leak vulnerability.

Typical measures include:

• Adding random padding or ‘noise’ to responses so packet sizes vary unpredictably
• Batching tokens so streaming chunk boundaries are less consistent
• Offering non-streaming modes of interaction (where applicable)

These changes reduce the effectiveness of the attack to what Microsoft considers “no longer a practical risk” under their test conditions.

However, immediate mitigation doesn’t mean universal safety. Organizations should still take their own practical steps to limit the likelihood of communications being inferred.

These include:

• Audit your AI vendors: Confirm that your chatbot or assistant providers have safeguards against side-channel attacks like Whisper Leak.
• Tighten network security: Keep sensitive customer interactions off untrusted networks and enforce VPN or secure tunnel use for remote agents.
• Review data classification: Reevaluate what counts as “non-sensitive” — if a topic can be inferred from traffic patterns, treat it as sensitive.

The CX Differentiator

Given the slew of high-profile hacks and data breaches in recent months, the importance of security has never been more front of mind.

In the AI contact center era, organizations that can ensure that customer data security is prioritized can differentiate themselves and enhance customer loyalty and trust.

Those organizations that fail to commit the necessary time and resources to this increasingly crucial tenet of CX risk alienating their customers and damaging their overall brand image.

The move highlights how unified communications and contact center capabilities are fast becoming inseparable.

The new package combines the calling and collaboration tools of RingEX with customer engagement features such as advanced queue management and a shared SMS inbox, creating what RingCentral calls a “lightweight contact center” experience.

“Over a million users rely on RingCentral RingEX as a lightweight contact center, enabling employees to respond to customers alongside everyday work,” said Kira Makagon, President and COO of RingCentral.

“The future is customer-centric — uniting AI, unified communications, and contact center capabilities.

“With the Customer Engagement Bundle, we’re empowering every organization to deliver experiences that build loyalty, boost efficiency, and drive growth.”

The move positions RingCentral squarely in the emerging space where UCaaS, CCaaS, and even CPaaS intersect.

As Denise Lund, Research Director at IDC, noted, “RingCentral’s CE Bundle exemplifies the integrated UC-CE convergence that IDC identifies as one of the fastest-growing segments in business communications.”

That convergence, Lund added, “addresses a critical gap for organizations that need robust customer engagement capabilities without full contact center complexity.”

UCaaS and CCaaS: From Integration to Convergence

For years, vendors have promoted integrations between UC and contact center systems. But now, as RingCentral’s announcement underscores, the focus is shifting toward true convergence: a single platform for both employee and customer communications.

Microsoft made a similar move earlier this year when it confirmed the general availability of Teams Phone extensibility for the Microsoft Dynamics 365 Contact Center.

The feature allows both platforms to share the same voice infrastructure, simplifying deployments and streamlining billing.

By consolidating systems, companies like Sweden’s Sveriges Lärare – anearly adopter of Teams Phone extensibility for the Microsoft Dynamics 365 Contact Center – have reduced operational complexity and empowered agents to collaborate directly with subject matter experts.

Christopher Ehlo, Sveriges Lärare’s Tech Lead, claimed that “by consolidating our telephony on one platform with Teams Phone and Dynamics 365 Contact Center, we’re reducing complexity and improving operational efficiency.”

Microsoft itself has described such moves as “essential for modern service delivery”, arguing that the lines between CCaaS and UCaaS are “vanishing fast”.

These developments mark a shift in how businesses think about communications infrastructure.

What was once a clear division between “front office” customer service and “back office” collaboration is rapidly dissolving.

The Enterprise Perspective

William Rubio, Chief Revenue Officer at CallTower, believes this convergence of UCaaS and CCaaS is being driven as much by employee expectations as by customer demand.

Indeed, speaking in an exclusive interview with CX Today from earlier this year, he said:

“There was always a big real focus on the customer side of the house. And I think ever since the pandemic, it’s changed, and now it’s really about what can we do to solve the business outcomes of our customers.

“What are the tools that we’re able to go ahead and give to our employees… to make it a win-win solution for both?”

Rubio added that the integration between UCaaS and CCaaS is “very critical” because contact center agents are increasingly pulling in colleagues from outside the contact center.

This concept, often referred to as swarming, has been a key selling point for Microsoft’s Dynamics-Teams integration and now finds a counterpart in RingCentral’s bundled approach.

Both vendors are responding to the same enterprise need: a seamless way for employees to collaborate across roles and deliver consistent customer outcomes, regardless of channel.

A Convergence Milestone

The RingCentral CE Bundle may not represent a full contact center overhaul, and in many ways, that’s precisely the point.

Many businesses don’t need the complexity of enterprise-grade CCaaS, but they do need to ensure customer conversations aren’t missed.

In that sense, RingCentral’s latest release serves a growing middle ground: organizations looking for customer engagement capabilities embedded directly within their everyday communications environment.

When taken alongside Microsoft’s moves and the broader market sentiment echoed by CallTower’s Rubio, it appears that the long-discussed convergence of UCaaS and CCaaS is no longer just a theory; it’s happening, and it’s reshaping how enterprises design their customer and employee experience strategies.