In the second installment of our mini-series with Matt Schwartz, he expands on practical, cautious ways agencies can adopt AI to gain real benefits while avoiding common pitfalls. Matt runs a WordPress agency in Atlanta (since 2011) and created CheckView, a QA product focused on forms and checkout. His focus is on pragmatic adoption: where AI helps most, where to be careful, and how to protect clients and businesses.
Give AI access to your agency’s brain
One low-friction win is connecting an AI chatbot to existing agency documentation — PM tools, wikis, CRMs. Instead of complex integrations, point the bot at your ClickUp, Asana, or internal wiki so it can confirm answers against up-to-date SOPs and project data. This reduces hallucinations and leverages the knowledge you already have. The approach is especially useful for internal support, recurring questions, and generating annotated outputs (answers with citations to source docs).
Model Context Protocol (MCP) and internal guardrails
MCP — Model Context Protocol — is an emerging, agent-focused way to bridge AI tools to external systems. Rather than giving every employee API keys for every system, agencies can build or adopt an internal MCP that acts as a secure proxy to all tools. This centralizes access, applies guardrails (for example: prevent deletion of sites), and simplifies usage. SaaS vendors are already offering hosted MCP-like solutions, but be mindful of who holds your credentials and the security model.
Vibe-coded internal tools: when they make sense
Agencies are creating lightweight, internal “vibe-coded” tools—small, purpose-built apps for reporting, profitability dashboards, and internal workflows. These are lower risk if kept internal, well-guarded, and used for non-public tasks. They’re a great place to get value from AI: combine QuickBooks, time-tracking, and ecommerce data for insights you previously couldn’t get easily.
Be cautious about replacing mature public-facing SaaS
Matt cautions against replacing robust, external SaaS like ManageWP or established website management tools with fragile, internally built alternatives just to save a small fee. Public-facing or mission-critical systems require thorough code review, error handling, testing, and ongoing maintenance — costs that often outweigh perceived savings.
Disposable one-off apps
There’s a trend toward single-use or short-lived apps built quickly by AI (for a migration, a seasonal campaign, or a one-off client need). These can be fine when risk and maintenance needs are low, but persistent tools (like QA systems or management dashboards) should be built with longevity, validation, and monitoring in mind.
QA, checklists, and automation
AI shines at automating repetitive checklist tasks and expanding test coverage. Tools like Claude Skills let you teach a process and then run it in context: onboarding, site launches, and routine QA checks. The sweet spot is binary or low-risk checks (is noindex on? are redirects configured?) that multiply into big time savings. High-risk items should stay human-verified. Use AI to augment testing, not replace human judgment.
Impact on the WordPress plugin ecosystem
AI lowers the barrier to creating small, single-purpose plugins or one-off code fixes. That has already started affecting sales for many small plugin authors and could erode the diversity of contributors in the ecosystem. Larger plugin shops are consolidating around core product moats, while many smaller plugins struggle. Matt and Nathan worry about the community implications: fewer small contributors can mean less vibrancy and fewer entry points for new developers.
Experimenting beyond WordPress
AI also makes it easier to explore unfamiliar stacks and platforms. Some agencies are experimenting with static or headless approaches for brochure sites or trying new frameworks because AI helps bridge knowledge gaps quickly. That experimentation can be beneficial, but agencies should pick technology based on project fit, not novelty alone.
Risks and cautions
Matt highlights key risks agencies must consider:
– Data security and leakage: many AI tools retain conversation data and might treat inputs as training material or public. Treat any sensitive client data with caution and prefer secure, private options.
– Vendor dependence and cost volatility: commoditized AI features may be free today and costly tomorrow. Design processes so you can reduce AI reliance if pricing or capabilities change.
– Lack of error handling and testing: quickly generated tools may miss edge cases, lack validation, or produce fragile code. Build logs, monitoring, and robust error handling.
– Overconfidence and frictionless interaction: low friction can lull teams into assuming infallibility. Maintain a human-in-the-loop for key decisions and critical systems.
Likely outcomes for agencies
Matt expects hiring practices to shift: some execution work will be automated, reducing demand for junior execution-only roles while raising demand for strategy, automation design, and oversight skills. Agencies that productize processes (vertical-specialized packages for plumbers, dentists, etc.) can deliver more consistent outcomes by combining domain knowledge with AI automation. The human role will increasingly be manager-of-AI: designing, validating, monitoring, and iterating on automated workflows. This will also create demand for better QA and monitoring tools.
Final advice
Dabble, document, and be deliberate. Start with low-risk automations, connect AI to the knowledge you already own, and avoid baking critical systems that cannot function without a specific AI vendor. Build guardrails, logs, and processes to handle errors. Above all, protect client data and the community values that make WordPress strong.
For more detail and links, see the show notes at wptavern.com/podcast. Matt’s work and tools (CheckView, Inspry) are available if you want to explore these ideas further.