Every week brings a new AI tool aimed at accounting firms, and most firm owners respond the rational way: they tune it out. Tool shopping is the wrong frame anyway. AI is going to show up in exactly three places in your stack, and once you see the map, every pitch in your inbox sorts itself into one of them. People in the accounting-tech community have been making a version of this point for a while; Jason Staats, who runs the Realize community for firm leaders, has argued that firms get more from putting a capable assistant in each professional's hands than from chasing the tool of the week, a theme he expands on in this interview on getting real value out of AI. Here is the map.
Layer one: generalist assistants you talk to
This is Claude, ChatGPT, and their peers. You bring the task, the assistant brings broad capability: drafting client letters, summarizing a lease, explaining an unfamiliar rule, writing the spreadsheet formula. It is the most flexible layer and the cheapest to try, which is why it is where most firms should start. The risk is equally simple: the assistant only knows what your people paste into it. That makes data handling a training and policy problem. Client tax information is protected under IRC Section 7216, so nothing identifiable goes into any assistant the firm has not vetted, contracted on business terms, and approved in writing. We covered the concrete workflows in how firms are putting Claude to work.
Layer two: AI embedded in software you already own
Your tax software, practice management platform, and Microsoft 365 are all shipping AI features inside products you already pay for. The Woodard Report draws a useful distinction between broad tools and these point solutions embedded in the software firms run on. The embedded layer is narrower but lower friction: it works on data already inside a system you have contracted with, so there is no copy-paste decision for staff to get wrong. The risk shifts from behavior to configuration. Microsoft 365 Copilot, for example, only surfaces what a user already has permission to see, which Microsoft documents in detail in its Copilot privacy and security documentation. That is reassuring if your permissions are clean. If your SharePoint is a decade of oversharing, Copilot becomes a very efficient way for staff to find files they never should have seen.
Layer three: connectors that work across your apps
The newest layer lets a generalist assistant reach into your other systems and act: pull a client record, read a folder, draft an entry. Open standards like the Model Context Protocol are making these connections common, and this is where the real workflow automation lives. It is also the least mature layer, and the riskiest. A connected assistant inherits the access of the account it runs under, so a sloppy connection can move client data across systems in ways nobody reviews. Treat every connector like a new employee with system access: least privilege, a named owner, and a vendor you have actually vetted.
The order that makes sense for a typical firm
Adopt in the order of maturity. First, assistants, piloted on non-sensitive work under a written policy. Second, embedded features, turned on deliberately once your tenant is ready, not because a vendor flipped a default. Third, connectors, narrowly, for one workflow at a time, after the first two layers have taught your team what good output and bad output look like. Firms that invert this order connect powerful tools to messy systems and find out the hard way.
Why your tenant and identity decide how safe this is
Notice what layers two and three have in common: their safety is decided before any AI is involved. If permissions in Microsoft 365 are tight, embedded AI respects them. If every app sits behind single sign-on, you can grant and revoke a connector's access in one place, and shut it off in one move when someone leaves. If neither is true, no AI policy can save you, because the AI is simply traversing the access you already left open. Tenant hygiene and identity are the unglamorous foundation of every layer above them. This is also what the FTC Safeguards Rule and your WISP already expect of a firm handling taxpayer data, so the work pays twice.
Where to start
Map the tools you are considering against the three layers, start at layer one, and fix the foundation before you climb. If you want help, this is the shape of our AI work with firms: guidance and coaching first, so you know where AI actually helps and how to use it safely, then the workflow tooling, on a Microsoft 365 tenant we keep hardened and SSO-integrated as part of the platform. Our AI adoption guide covers the policy and rollout side in detail.
