OpenAI makes file-based retrieval easy to stand up. The real production work is governance: cleaning documents, structuring vector stores, designing metadata, tuning chunking, setting expiry rules, and keeping storage costs under control.
A website AI assistant tied to lead capture or support is part of your operating workflow, not a front-end experiment. Current OpenAI and OWASP guidance makes prompt-injection controls, least-privilege tooling, structured handoffs, and user-level safety tracking part of a credible launch plan.
With ChatGPT apps and full MCP access rolling into workspace plans, the issue shifts from connectivity to governance: permissions, write actions, OAuth, review, and rollout.