AI automation for SMBs: the 20% to never automate first, then the 80% that's safe.

They ask which workflow to automate first instead of which workflow to keep human. The asymmetry is brutal: a workflow you successfully automated saves you a few hours a week, a workflow you incorrectly automated produces a public failure that costs you a customer or a fine. The right starting question is 'which 20% of my support, intake, or outbound is emotionally loaded, legally exposed, or impossible to recover from?' Mark that as off-limits to an autonomous agent. Everything outside that ring becomes the candidate set, and the candidate set is where the standard tool sort applies. Doing this in the other order is how shops end up with a Reddit post titled 'how this AI agent refunded $40K in fraudulent returns overnight.'

Most SMBs over-buy on tooling and under-buy on scoping. A $99 a month no-code tool with a junior owning it usually outperforms a $1,200 a month enterprise platform with nobody owning it. The right time to bring in a consultant is at the scoping stage, before the tool selection: someone who can sort your workflows into the tiers that actually decide tool fit (does this workflow have an API on both ends, is there a desktop app in the middle, is the pixel a UI tree). After that, the build is often a smaller scope than the original sales pitch implied. The c0nsl shape is a $75 consult that ends with three named automations, an hours-saved estimate per workflow, and a fixed-scope quote inside 48 hours. That is short of a course program and short of a six-figure agency retainer on purpose.

The honest brackets, posted on c0nsl.com, are $75 for a 30 to 60 minute consult, $500 to $2,000 for a single small integration shipped to production, $2,000 to $10,000+ for a custom system that mixes flows with audit logging and a recovery path, and $1,000 to $5,000 per month if you want ongoing maintenance. A typical first engagement for a 5 person Shopify or property-management shop lands in the $2,000 to $5,000 one-time band plus an optional retainer. Anyone quoting you $30K to $100K up-front is selling a strategy deck or a course, not an integration. Anyone quoting you under $500 is shipping you a Zapier template you could have bought yourself. Both ends of that spread exist in the market right now and both are worth walking away from.

On April 19 to 20 2026 a Context.ai employee account that had been issued an 'Allow All' OAuth scope into Vercel's Google Workspace was compromised. The attacker pivoted into Vercel's environment variables and ShinyHunters listed the data for sale at $2 million. The general lesson, applied to SMB AI stacks: every AI tool you integrated last year asked for OAuth scopes you skimmed on the consent screen. Most asked for read-write access to your inbox, your drive, your calendar, or your CRM, when the actual workflow needed read-only on a single mailbox or a single folder. Audit the scopes, downgrade them, rotate every secret a vendor has ever held. SVC-007 on the c0nsl catalog is a fixed-fee version of this audit; you can also do it yourself in an afternoon by walking the OAuth consent pages of every connected app.

Yes for a meaningful slice of the workflows, no for the rest. Open-weight models in the Llama 3.1 70B and Mistral Large 2 family are competitive with GPT-4-class models on the bounded tasks SMBs actually need: classifying tickets, extracting fields from forms, summarizing call transcripts, drafting first-pass replies. A single workstation with two consumer GPUs can serve a 5 to 15 person team comfortably. The honest tradeoffs are: frontier reasoning tasks (multi-step planning, hard math, niche-language translation) still favor the closed frontier models, the maintenance burden of running your own stack is real, and the cost equation only works against frontier APIs after the first 12 to 18 months. For clinics, law firms, and bookkeeping-adjacent shops where the data genuinely cannot leave, the math is straightforward. For everyone else, the right pattern in 2026 is hybrid: local inference for sensitive workflows, frontier APIs with prompt caching for the rest.

Two questions on a single notebook page. First: which repetitive task did somebody on my team complain about in the last seven days? That is your candidate. Second: if the AI got the answer 100% wrong on this task, what is the worst thing that could happen? If the worst case is a typo in an internal Slack message, you can ship a v1 in a week with a junior. If the worst case is a refund issued against policy, a tenant locked out of an apartment, a patient missing a callback, you are in the 20% that needs a human in the loop and the project is bigger than 'first workflow.' Iterate from the small end. Most SMBs have at least three workflows in the safe ring (inbound triage, weekly reporting, internal-document Q&A) that can ship before the team has touched the riskier workflows.

Hiding the rate filters out cost-conscious buyers who would have closed and pulls in buyers who only call after they have decided to spend whatever it takes. The first group is most of the 5 to 15 person SMB market, the second group is enterprise procurement. I am not built for enterprise procurement. The other reason is that the published rate is a short-circuit on the buyer's research loop: instead of three discovery calls trying to figure out if I am affordable, the buyer reads one page on the website and books a $75 consult or does not. The opportunity cost of running a misqualified call is higher than the opportunity cost of losing a budget-mismatched lead.

Three differences that matter. First, the engineer doing the work is the engineer on the call; agencies typically sell against a senior name and ship with juniors. Second, the unit of pricing is a scope, not a month; you pay for what shipped, not for the calendar. Third, the deliverable is documented for your in-house team to extend, not built as a black box that requires the agency to maintain in perpetuity. Retainers exist on the c0nsl tier sheet too, in the $1,000 to $5,000 per month band, but they are sized for ongoing maintenance and adjacent build work, not for the original implementation. The healthy customer relationship looks like: one small fixed-scope project, then either no follow-on or a thin retainer. The unhealthy one is the agency model where the customer never owns enough of the stack to leave.