AI in business: between buying, building, and the invisible risk of bad security practices

“Buy or build” AI solutions is no longer a theoretical question – it is a strategic decision that affects results, internal capabilities, and competitiveness. In 2024, around 69% of marketing professionals had already integrated AI into their strategies and, in Europe, one in five companies with more than ten employees was using at least one AI technology. In Portugal, about 70% of managers say they use generative AI several times a week, but only 8% of companies report using AI solutions at all (35% among large companies).

At the same time, more powerful AI agents are emerging, such as OpenClaw: an open‑source, autonomous AI assistant that runs on the user’s own devices and can be given access to files, email, the browser, and dozens of integrations. It is so powerful that China has already warned banks and public entities not to install OpenClaw on work machines, precisely because of security risks and potential data leaks.

This is where the problem of bad practices, often invisible, comes in. On a daily basis, it is increasingly common to hear people proudly share how they use AI to “shine” at work – pasting internal texts into public chats, entering credentials into external tools or connecting agents like OpenClaw to their inboxes, without thinking about security policies or where the data is stored. The higher that person’s level of access, the greater the risk: confidential information, personal data and intellectual property can be exposed and exploited for malicious purposes, without the company even noticing.

Before deciding whether to buy or build AI, perhaps the most urgent question is another: are we preparing leaders and teams to use AI and agents like OpenClaw with sound security practices, or are we quietly creating a serious risk inside the organization?

Sources: Neuron Expert (2026); Invoca/Agile Brand Guide (2024); Eurostat (2021–2025); AESE Business School & IST (2025); IT Insight (2025); Thenextbigidea (2024); British Chambers of Commerce (2025); reports on OpenClaw and AI agent security (Reuters, Bloomberg, Tom’s Hardware, Mastercard).