The trust gap, measured
In February 2024, Klarna announced its AI assistant was handling 2.3 million conversations a month — two-thirds of its support volume, the work of 700 agents, resolution time down from eleven minutes to two. It was the most-cited slide in every automation deck for a year. By May 2025, Klarna was publicly rehiring humans: the cost-first push had produced "lower quality," and the CEO conceded customers should always be able to reach a person.
Both halves of that story are true, and together they are the whole subject. The AI really can take two-thirds of a support queue. And a support organization that automates for cost instead of trust will give the savings back — in churn, in regulator attention, in rehiring. Gartner's numbers frame it bluntly: 64% of customers would prefer companies didn't use AI in service at all, and 53% would consider switching if they learned one did. Your customers are not excited about this project. It has to be built as if they're waiting for a reason to leave — because statistically, they are.
This memo is the build: what to automate first, which platforms and tools to shortlist, why a memory layer is a trust feature and not an engineering luxury, and the hard gates that keep one hallucinated refund policy from becoming case law with your logo on it.
Trust is an architecture, not a tone of voice
Three design decisions carry nearly all of the trust outcome, and none of them is about how friendly the bot sounds.
Disclose, and pair disclosure with competence. 75% of consumers want to know when they're talking to an AI. From August 2, 2026, in the EU it stops being a preference: Article 50 of the AI Act requires disclosure at first interaction — in the conversation itself, not the terms and conditions — with fines up to €15M or 3% of global turnover. California and Utah have their own versions. The research nuance worth knowing: disclosure costs a little trust up front, but when a disclosed bot fails, customers blame the bot — when an undisclosed one fails, they blame the brand. Disclosure is cheap insurance against your own worst day.
Build the escape hatch as a feature, not a failure. 81% of consumers expect a bot to hand them to a human when needed; only 38% say it actually happens. The CFPB has a name for the gap — the "doom loop" — and treats trapping customers away from a human as a supervisory issue for banks. The leaders design escalation as a first-class outcome: Fin literally bills a "procedure handoff" as a success, and the human receives a full conversation summary, not a cold start. That last part matters more than the handoff itself: 81% of customers want the human to pick up exactly where the bot left off.
Route the emotional cases early. Tolerance for AI is task-shaped: customers accept it for order status and password resets, and 70–80% want a human for fraud, disputes, and anything emotionally charged. A 2026 randomized field experiment at Taobao found human intervention after technical escalations preserved service quality — but after emotional escalations it was far less effective, because the recovery came too late. The routing decision has to happen at intent detection, not after the bot has failed twice.
Disclosure costs you a point of trust up front and buys the brand back when the bot fails. The doom loop costs you the customer — and increasingly, a fine.
What actually gets resolved
Every vendor deck says 67–90%. Independent field data across deployments puts genuine tier-1 automation at ~41% on average, with the top quartile near 59%. The gap is mostly definitional: deflection counts every conversation that never reached a human, including the customer who gave up and churned; verified resolution counts solved issues. The same deployment reads 20–40 points better on deflection. Contract on verified resolution — the serious vendors now accept it, and some (Zendesk, Fin) run verification before billing the outcome.
Realistic first-year ranges by queue type: account access and password flows, 70%+; order status, billing questions, standard product Q&A, 50–70%; KYC status, bonus terms, withdrawal status in iGaming — similar, with hard carve-outs. Disputes, fraud, hardship, complaints: keep them human-led and let the AI do the assembly work behind the human. That two-thirds/one-third split is not a limitation to apologize for. It's the design.
The platform shortlist
| Fin | Decagon | Sierra | Parloa | Build your own | |
|---|---|---|---|---|---|
| Pricing | $0.99 per outcome50/mo minimum · being acquired by Salesforce ($3.6B) | ~$95–590k ACVper-conversation or per-resolution | ~$200–350k+ year oneoutcome-based, escalations free | >$350k ACVper resolved conversation | Inference + engineersLangGraph 1.0, Rasa CALM — MIT / free tiers |
| Resolution, honest read | 42–76%case studies 42–50, vendor avg 76 | >80% deflectionvendor-reported | Not published — contract on it | Not published — contract on it | Whatever you earn |
| Escalation design | Handoff is a billed outcomesummary passed to human | Per-topic rules, summary handoff | Supervisory agents steer livesecond model watches every conversation | Escalated calls not fully charged | Yours to design — and to test |
| Hard guardrails | Compliance eval guide for FS | AOPs — validations run in coderefunds, identity: not model discretion | Deterministic rules + PCI payments in-chat | Simulation harnessthousands of test conversations pre-launch | Rasa CALM: steps execute in code |
| Regulated fit | Mid-market; roadmap under M&A | Strongbanks, airlines; Chime, Affirm | Strongest referencesCigna, Nubank, Rocket Mortgage | Strong in EUISO 27001, PCI, GDPR, DORA | Total controlon-prem, pairs with self-hosted models |
The pattern across the credible platforms is the same one we install when we build: natural language for conversation, code for consequences. Decagon's Agent Operating Procedures put refund validation and identity checks in executable code rather than prompt instructions; Sierra runs a second, supervisory model over every live conversation; Parloa won't let an agent ship without surviving thousands of simulated conversations. If a vendor's answer to "what stops the bot from inventing a refund policy?" is "the system prompt," the demo is over.
For banks and PSPs with data that can't leave the building, the build route stops being exotic: Rasa CALM and LangGraph both deploy fully on-prem and pair naturally with the self-hosted models we mapped in the sovereign stack. You give up the vendor's tooling and buy total control — the trade is worth it at exactly the point where the data classification says it is.
The memory layer: where trust compounds
The single most repeated customer complaint about automated support is not wrong answers — it's amnesia. 74% of consumers are frustrated by repeating information; 81% expect whoever picks up (bot or human) to know the story so far. Memory is not personalization garnish. It is the difference between "state your order number again" and a system that behaves like an institution that knows its customers.
This is a distinct layer from the helpdesk (the ticket system stays the source of truth) and from RAG over help-center articles. It's the layer that remembers this customer across sessions and channels — and in 2026 it has real tooling:
| Graphiti / Zep | Mem0 | Letta | Cognee | Cloud-managed | |
|---|---|---|---|---|---|
| What it is | Bi-temporal knowledge graphevery fact carries valid-from / valid-until | Memory API over vector storeauto-extracts and updates user facts | Stateful agent runtimeMemGPT lineage — agent edits its own memory | Graph + vector pipelinePostgres-first, GraphRAG-style | AWS AgentCore · Vertex Memory Bankmanaged extraction + consolidation |
| License / self-host | Apache 2.0 · yesBYO graph DB; works with local models | Apache 2.0 · yesDocker + Qdrant/pgvector | Apache 2.0 · yesDocker + Postgres | Apache 2.0 · yessingle Postgres + pgvector | Proprietary · no |
| Managed pricing | Zep: free → $1,250/yr FlexBYOC in your VPC on Enterprise | Free → $19–249/moon-prem on Enterprise | Free → $20/mo Pro | Cloud beta$2.50 / 1M tokens | Usage-based AWS / GCP |
| Why pick it | Temporal audit trailcontradictions close old facts, never delete — regulator-friendly | Fastest start, biggest ecosystem60k★, AWS's default memory partner | Memory and agent in one runtime | Everything in the Postgres you already run | Zero ops if you live on that cloud |
| Honest weakness | LLM extraction on every episodecost scales with volume; small company behind SaaS | Flat facts — weak temporal reasoning | Pivoting toward coding agents | Younger; thinner support ecosystem | Lock-in; no on-prem story |
Two practical rules from our deployments. First: start with Mem0 if you need memory working this month — it is the fastest integration with the largest ecosystem, and its weakness (flat facts, weak time-awareness) won't bite until later. Second: move to Graphiti — or start there if you're regulated — the moment "when did this customer's status change, and what did we know at the time" becomes a question a regulator or a dispute team asks. A bi-temporal graph answers it natively: facts carry validity windows, and a contradiction closes the old fact instead of deleting it. That's not a database nicety; that's an audit trail for what your AI believed when it acted.
One warning either way: the memory layer will hold customer histories, which makes it personal data with everything that implies. 53% of consumers already name misuse of personal data as their top AI concern. Self-host it or contract BYOC, set retention windows, and make deletion requests actually reach the graph.
The hard gates
The liability backdrop is settled: when Air Canada's chatbot invented a bereavement-refund policy, the tribunal rejected the argument that the bot was "a separate legal entity" and made the airline pay. Cursor's support bot hallucinated a device policy in 2025 and cancelled subscriptions did the rest. The company owns everything its bot says. Design accordingly:
- Tiered autonomy for actions. Reading account state and drafting replies: autonomous. Refunds and credits: capped amounts with verified identity and order state, everything above the cap queued for a human. Money movement, account closure, identity changes: human-approved, always, with the AI doing the preparation.
- Consequences run in code. Validation steps for anything irreversible are executable logic, not natural-language instructions a model might creatively reinterpret — the Decagon AOP / Rasa CALM pattern.
- Grounded answers or no answer. Policy questions answer only from versioned policy sources, with the source attached. "I don't know, let me get someone" is a feature; a fluent invention is a lawsuit with good UX.
- Hard-escalation triggers, non-negotiable. Vulnerability signals, fraud claims, repeated contact on the same issue, and — for operators — responsible-gambling markers, which regulators expect to reach a trained human regardless of automation. These bypass the bot's judgment entirely: trigger word, human, logged.
- A weekly QA sample and the scorecard. Verified resolution, repeat-contact within 72 hours, override rate, escalation integrity — the same nine-number discipline as the AI scorecard. Deflection is the one number you should refuse to celebrate.
The verdict: what to deploy, by situation
| Deploy | Because | |
|---|---|---|
| High-volume B2C, standard helpdeske-commerce, subscriptions, apps | Fin$0.99 per outcome | Cheapest credible start; handoff is a billed success, not a dead end |
| Regulated enterprise with money movementPSPs, fintech, banks on cloud | Decagon or Sierra$95k–350k+ | Code-executed validations (AOPs) or live supervisory agents — consequences don't ride on prompts |
| EU contact center, voice-heavyinsurance, telecom, travel | ParloaDORA, PCI, GDPR stack | Simulation-tested agents and EU compliance posture out of the box |
| Data can't leave the buildingbanks, iGaming under strict regimes | Rasa CALM or LangGraph + self-hosted modelson-prem end to end | Pairs with the sovereign stack; steps execute in code; nothing crosses the perimeter |
| Memory layer, fast start | Mem0Apache 2.0 | Working memory in days; AWS-blessed; migrate later if temporal questions arrive |
| Memory layer, regulated or audit-heavy | Graphitiself-hosted · Zep BYOC | Bi-temporal graph = an audit trail of what the AI knew and when |
The uncomfortable close: Gartner expects agentic AI to resolve 80% of common service issues by 2029 — and predicts half the companies that cut support staff for AI will be rehiring by 2027. Both will be right. The difference between the two groups is not the model or even the platform. It's whether the escape hatch, the memory, and the gates were built before the volume arrived — and whether anyone was watching a number the customer would recognize as their own experience.
Frequently asked questions
What share of support tickets can AI actually resolve?
Vendors claim 67–90%; independent field data puts genuine tier-1 automation at ~41% on average, with top-quartile deployments near 59%. By queue type: account access 70%+, billing and order status 50–70%, disputes and fraud effectively zero — keep those human-led. Contract on verified resolution, not deflection: the same deployment reads 20–40 points better on deflection because it counts customers who simply gave up.
Do you have to tell customers they're talking to an AI?
In the EU, yes — Article 50 of the AI Act applies from August 2, 2026 and requires disclosure in the interaction itself, with fines up to €15M or 3% of global turnover. California and Utah have their own disclosure laws. Beyond compliance, 75% of consumers want it, and research shows a disclosed bot's failures get blamed on the bot while an undisclosed bot's failures get blamed on the brand.
What is Graphiti and why does a support AI need a memory layer?
Graphiti is Zep's open-source (Apache 2.0) temporal knowledge graph: it extracts facts from conversations and stores them with validity windows, so a contradiction closes the old fact instead of deleting it — an auditable history of what the system knew and when. A memory layer fixes the top customer complaint about automated support (74% hate repeating information) and gives human agents full context on handoff. Alternatives: Mem0 (fastest start), Letta, Cognee, or cloud-managed options from AWS and Google.
Which actions should an AI support agent never take autonomously?
Money movement, refunds above a small verified cap, account closure, identity or credential changes, and anything touching fraud, disputes, hardship, or responsible-gambling signals. The pattern that works: the AI reads and drafts autonomously, executes low-risk actions with code-enforced validation, and prepares — but never fires — the irreversible ones. Every leading platform now supports this tiered-autonomy design; if one doesn't, keep looking.