You’ve probably heard some version of this by now: someone online set up an AI agent and it organized their whole life, booked dinner reservations, joined video calls, filed their taxes, and made them a sandwich. The hype is real and it’s everywhere.
The business owners we talk to aren’t asking whether AI is cool. They’re asking whether it can actually do the specific thing they need done. Can it read incoming documents and route them to the right place. Can it review a pile of unpaid invoices and tell them which ones are worth chasing. Can it log into a portal and submit a form.
The answers are surprisingly specific. AI agents are genuinely excellent at reading data, spotting what matters, drafting documents, and surfacing a daily list of what needs attention. That part works today and it works well. The part that doesn’t work yet is the autonomous action piece: logging into websites, clicking through portals, uploading files, filling out forms. That capability exists in early research preview, but it’s not reliable enough for real business use, and none of it is compliant for regulated industries.
The current reality is a 90/10 split. AI handles the hard 90%: the research, the analysis, the document prep, the pattern recognition across thousands of records that no human has time to do. A person handles the last 10%: clicking submit on a form, uploading a file, dropping something in the mail. That ratio will flip once the computer-use capabilities mature and the compliance features catch up, probably 6–12 months from now. But the 90% is where the real value lives anyway. Finding a buried collection opportunity is the hard part. Filing the paperwork takes a few minutes.
The tools available today
Custom agents built on the API
A developer connects an AI model to your specific data and workflows and builds tools that do specific jobs. What these can do today: pull and analyze structured data (claims, invoices, emails, spreadsheets), identify patterns, draft documents, triage work, and deliver daily summaries of what needs attention.
What they can’t do: log into websites, click buttons, fill out forms, or navigate portals. The analysis is the 90%. The last-mile clicking is still a human job.
For businesses in regulated industries, this is currently the only path that supports a signed Business Associate Agreement and full audit logging. The API supports HIPAA compliance. The consumer tools do not.
Ballpark cost: $3,000–$15,000 to build, then $200–$2,500/month in ongoing API usage depending on volume and model. We broke down the full token economics in a previous post.
Claude Cowork
Anthropic’s desktop agent, launched January 2026. Runs locally through the Claude Desktop app. Can read, edit, and create files in folders you give it access to. As of late March, it has an early, experimental computer-use feature that can interact with some apps and browsers, though it's buggy and limited in practice. Think of it as a hint of where things are headed, not a finished capability.
For personal productivity, Cowork is the real deal. Say you’re renovating your house and you have 200 emails from contractors, electricians, and the permit office scattered across your inbox. Cowork can dig through all of that and pull together a timeline, budget, and to-do list.
Not for regulated workloads. Anthropic’s own docs say this directly. Cowork activity doesn’t appear in audit logs, compliance APIs, or data exports. If you’re in healthcare or any regulated industry and you point Cowork at client data, there’s no audit trail and no BAA. That’s not a gray area.
Ballpark cost: included with Claude Pro ($20/month) or Max ($100–$200/month).
OpenClaw (formerly Clawdbot/Moltbot)
The one that went viral. Open-source AI agent that runs locally and connects to WhatsApp, Signal, or Telegram. You text it a task, it does it. Email, calendar, web browsing, scripts, and it can even write its own new capabilities.
It’s a power tool for hobbyists and tinkerers. It is not enterprise software. Cisco’s security team tested a third-party OpenClaw skill and found it was quietly exfiltrating data without the user knowing. One of OpenClaw’s own maintainers warned on Discord that it’s “far too dangerous” for non-technical users. Palo Alto Networks called its security profile a “lethal trifecta.” The creator, Peter Steinberger, left to join OpenAI in February and handed the project to a nonprofit.
For any business handling sensitive client or patient data: no BAA, no audit trail, no access controls, no compliance framework. Using OpenClaw with protected health information wouldn’t just be risky. It would be a HIPAA violation.
It’s fun, it’s impressive, and it’s the wrong tool for anything involving sensitive data.
Ballpark cost: the software is free. You pay for the AI model underneath, currently through API pricing at roughly $20–$200/day depending on usage. Anthropic recently blocked flat-rate subscription access for third-party agents, so the cheap workaround is gone.
OpenAI Operator / ChatGPT Agent Mode
Launched January 2025, now folded into ChatGPT as “agent mode.” Browses the web, interacts with websites, books reservations, fills out forms. Runs in a cloud-based virtual browser on OpenAI’s servers.
Consumer-focused right now. Booking flights, ordering groceries, making reservations. Enterprise and HIPAA-compliant tooling hasn’t shipped yet. Same story as Cowork: impressive technology, not ready for regulated industries.
Ballpark cost: included with ChatGPT Plus ($20/month) or Pro ($200/month).
What’s coming in 6–12 months
The computer-use capabilities in research preview today will mature. More importantly, the compliance features will catch up. Anthropic is building out enterprise plugins and a Managed Agents API. OpenAI is expanding agent mode to Team and Enterprise tiers.
Reasonable expectation: by late 2026 or early 2027, AI agents that navigate websites, fill out forms, and interact with portals in a way that’s audit-logged, access-controlled, and covered under a BAA. When that happens, agents built on the API today won’t need to be rebuilt. The analysis layer, the compliance infrastructure, and the workflow logic all carry forward. You plug in the new capabilities and the human who was clicking submit goes away.
How to prepare now
If your workflows involve manual research and document prep followed by someone clicking submit on a portal, build the analysis layer now. Automate the 90%: reading data, finding opportunities, drafting documents, surfacing what needs attention. Set it up with proper compliance from day one.
Hypothetical example: a small business with tens of thousands of dollars in unpaid invoices spread across multiple clients. An API-built agent can pull all of those receivables, flag which ones are past payment terms, identify which have enough documentation to escalate, draft the follow-up communications, and deliver a prioritized action list every morning. A staff member spends a few minutes actually sending the emails and filing the paperwork.
That last step goes away once computer-use capabilities are compliant. But the money on the table doesn’t have to wait. The hard part was never clicking send. The hard part was figuring out which receivables were worth pursuing and what to say.
One last thing on costs, because it comes up in every conversation. AI is not a one-time software purchase. It’s not like buying equipment. It’s closer to a utility bill or a labor cost. You’ll be paying for AI compute the same way you pay for electricity or payroll, and that’s just how this works going forward. The leverage is enormous, but it’s an ongoing line item, and the sooner you budget for it that way, the smoother the transition will be. We covered this in detail in The Real Cost of an AI Employee.
AI Agent Tools at a Glance (April 2026)
| Tool | What It Does | Who It’s For | HIPAA Ready? | Ballpark Cost |
|---|---|---|---|---|
| Custom API agents | Analyzes data, drafts docs, triages work for your specific workflows | Businesses in regulated industries | Yes (with signed BAA) | $3K–$15K to build, $200–$2,500/mo ongoing |
| Claude Cowork | Desktop agent: files, email, calendar, computer control | Individual productivity | No | $20–$200/mo subscription |
| OpenClaw (Clawdbot) | Autonomous agent via messaging apps, full computer access | Hobbyists and technical users | No (security risks) | Free software + $20–$200/day API |
| OpenAI Agent Mode | Web browsing, form filling, reservations via ChatGPT | Consumer tasks | No | $20–$200/mo subscription |
Frequently Asked Questions
Can AI agents log into websites and submit forms on their own?
Both Claude Cowork and OpenAI agent mode have early, experimental browser interaction features. They work in limited scenarios but are buggy, unreliable for production use, and explicitly not supported for regulated industries like healthcare or finance.
Is OpenClaw (Clawdbot) safe for a medical practice or law firm?
No. OpenClaw has no BAA, no audit trail, and no compliance framework. Security researchers have found data exfiltration vulnerabilities. Using it with patient or client data would violate HIPAA.
What’s the difference between Cowork and a custom API agent?
Cowork is a consumer desktop tool for personal productivity, included with a Claude subscription. A custom API agent is built by a developer for your specific workflows with a BAA, audit logging, and compliance controls. Cowork is not for regulated workloads.
How much does a custom AI agent cost to run?
Typically $3,000–$15,000 to build, with ongoing API costs of $200–$2,500/month. A light agent costs about $7/day in API fees. A heavy agent with advanced reasoning runs $70–$120/day.
When will AI agents be HIPAA-compliant for autonomous computer use?
Both Anthropic and OpenAI are building enterprise compliance features. Reasonable expectation is late 2026 or early 2027.
Arrow & Bell helps businesses figure out where AI fits into their operations. If you have questions about what’s realistic for your industry, get in touch at arrowandbell.com.