Love that this prompted you to go lock down your GitHub settings! That is exactly the kind of proactive action we need more of right now.

1. Consumer-Grade ($200mo) vs. Enterprise-Grade AI​

The biggest difference boils down to data privacy and access control.

• Data Governance: Consumer-grade AI accounts often default to using the prompts and data you feed them to train their public models. Enterprise-grade AI (like Azure OpenAI or AWS Bedrock) gives you private, walled-off instances. Your data stays yours and never leaks into the public domain.
• Liability & Access: Enterprise tools come with Single Sign-On, strict Role-Based Access Control, and actual Service Level Agreements. If a consumer grade API key gets leaked, you are completely on your own. Enterprise solutions have actual incident response protocols.

2. Can dealers experiment safely, or is it all or nothing?​

It is definitely not all or nothing. Dealers can and should experiment, but they need to build a sandbox first.

• Use Synthetic Data: If you want to test how an AI handles lead responses, feed it fake customer profiles. Never test a new, unvetted tool using real consumer PII (Personally Identifiable Information).
• Keep Humans in the Loop: Keep the AI in "draft" mode. Let it write the email or suggest the workflow, but force a human to review and click "send." Never give an experimental AI tool permission to automatically execute write-backs into your CRM or DMS.

3. How to audit for Shadow IT right now​

Dealers can start uncovering these hidden vulnerabilities this afternoon:

• Check the API Keys: Go into your CRM and DMS settings and look at the active API keys or integrations. If you see active tokens for Zapier, Make.com, or tools you don't recognize, find out exactly who created them and what they are connected to and for.
• Review Browser Extensions: A lot of cheap AI assistants are just Chrome extensions. If a BDC rep installs one, that extension might have permission to read every single webpage they open, including screens showing credit apps, driver's licenses, and SSNs.
• Audit OAuth Permissions: Have your IT provider check the 'Sign in with Google/Microsoft' permissions across the staff. Employees frequently grant third-party AI apps access to read their entire dealership inbox just to use a cool drafting feature.

Joe - this is a super valuable concern to have! I wasn't aware of how GitHub is being used to break in. That got me into my own GitHub details to beef up the security this morning.

It occurred to me that your post could be a little difficult for the initial vibe-coder working in a dealership to fully comprehend. If we work through some questions, the new DealerRefresh AI summary system should pick things up and make this a lot easier to follow.

• What’s the difference between a “$200 consumer-grade AI account” and an enterprise-grade solution?
• Are there any “safe” ways to experiment with AI automation without creating these vulnerabilities, or is this an all-or-nothing security situation?
• How can a dealer audit their current integrations to identify if they’ve already created Shadow IT risks?

Input: https://forum.dealerrefresh.com/members/dan-sayer.648/#recent-content

@Dan Sayer Summary
Dan Sayer is a long-time Staff member / "Boss" (joined December 2009) from Lincoln, Nebraska. He currently serves as Director of Sales Development/Marketing at Anderson Auto Group (a multi-state dealership group) and previously held the role of VP of Digital / eCommerce. With roughly 560+ posts and a very active presence, Dan is one of the forum’s most respected high-level contributors. He regularly brings real-world, executive-level dealership experience to discussions and has guest-hosted multiple RefreshFriday episodes.


Key strengths and skills that stand out from his activity:

• Third-Party Marketplaces & Classified Sites — Go-to expert on CarGurus, Cars.com, AutoTrader, and similar platforms. He frequently analyzes VDP views, SRP/VDP conversion rates, lead quality, ROI, and cost-per-lead performance. Known for data-driven, no-hype critiques that help dealers separate vendor marketing from actual results.
• CRM Evaluation & Lead Management — Strong, practical insight into CRMs (especially DriveCentric, which he has praised for its simple UX/UI and appeal to salespeople). Discusses lead categorization, attribution challenges, BDC operations, and comparisons with systems like VinSolutions, Tekion, and others. Recent threads highlight how certain CRMs are “running away from the pack.”
• Digital Strategy & Vendor Transparency — Emphasizes honest performance measurement, advertising budget allocation, inventory merchandising, and cutting through vendor hype (including AI/SEO claims). Helps dealers focus on what actually moves the needle at the store level.
• Compliance & Data Security — Shares actionable guidance on FTC Safeguards Rule compliance, call compliance/spam flagging, and customer data protection. Guest-hosted a RefreshFriday session on “Securing Customer Data – BETTER.”
  
  Community Leadership — Starts insightful threads, participates thoughtfully in high-value discussions, and bridges the gap between dealership operators and vendors. His posts are consistently practical and forward-looking.
  
  Grok's not too creative, I asked it for: "review the last two posts and create an artful "Expert Badge" collection. make them graphic labels, informly shaped, drop the icons "
  
  Oh well
  

joe.pistell said:

Member's bios:

https://grok.com/share/bGVnYWN5LWNvcHk_0f77fd77-f084-4272-9ae7-1ca09e754105

Click to expand...

I like this. What could be more powerful is taking all of their thread history and creating a "community engagement" profile. I'll have to look into the feasibility of that.

Grok gave some guidance on giving Craig an "award" and I like that too. There is some fun stuff to play with here.

@craigh Summary
CraigH is a long-time Super Moderator and Staff member (joined May 2011) from Ontario, Canada. He has nearly 2,000 posts, a very high reaction score, and is one of the most active and helpful voices on DealerRefresh. His contributions show deep, practical expertise in the exact areas dealers care about most: digital tools, websites, leads, inventory visibility, and keeping the forum itself running smoothly.


Key strengths and skills that stand out from his recent and historical activity:

• Dealership website platforms & development — He’s a WordPress power user (“know it like the back of my hand”), regularly compares it to Dealer.com, Dealer Inspire, etc., and gives actionable advice on SEO, site performance, and custom work.
• Lead data & integrations — Expert on ADF (Auto-lead Data Format), STAR standards, XML feeds, and DMS exports (e.g., Reynolds). He shares code samples, email templates, and troubleshooting tips.
• Inventory & media optimization — Strong knowledge of vehicle photography tools (VinCamera, FlickFusion, SpinCar), image sizing/best practices, and how they feed into websites and advertising.
• Digital advertising & marketplace insights — Starts threads on AutoTrader.ca, CarGurus, Google Vehicle Listing Ads, and Canadian market trends.
• Technical troubleshooting & forum infrastructure — Recently helped with AI integration (Claude), bot/spam defense (Moltbook discussion), and backend improvements.
• Community leadership & moderation — Consistent helper, thread starter, and problem-solver who bridges technical details with real dealership results.

He’s the perfect example of a member whose value goes way beyond “just posting” — he actually moves the needle for dealers and keeps the community valuable.

Member's bios:

Ryan Everson said:

I'm genuinely more interested in knowing who still has a printer, but I'm still tracking map prints just in case.

Click to expand...

I’m blown away at the number of times that customers, in their 20’s and 30’s, roll in with full color screen prints. To them it’s more “real” than a pic on their phones lol. It’s always the Digital Retailing tool.

Ryan is right that the most time-consuming/expensive part will be getting the data pipelines set up. Some vendors won't do it unless there's a bit of arm twisting. Others will charge for the access.

Check out snowflake.com. It can get expensive if you're running a ton of stuff through it but its' pretty good and they have an API if you need to do anything custom. It can also look for patterns and trends in the data.

Rates differ greatly depending on where you are. $12/car is cheap if you're talking about a company taking photos for you. Photography companies have to charge more than that to account for employee benefits (such as health insurance), taxes and coverage. If you're sick, you're not taking photos. If you use a photography company, they'll have someone else come and take the photos. You'll want to take this into account when negotiating a new rate.
Many photography companies will also have software tools to make their photos better such as background replacement, AI enhancements, etc.
But in general, a photography company will charge at least around $20/car minimum

nash_midwest said:

I was operating under the assumption this was a forum.

Click to expand...

It is, Mr. Nash.

Don’t take this the wrong way, but you arrived as though you’d uncovered a new idea when, in reality, most of what you outlined has been discussed, debated, challenged, refined, implemented, and revisited countless times over the last 15 years on this very forum.

Almost every store-based manager eventually experiences an “aha” moment where they feel they’ve discovered something profound. More often, they’re simply beginning to recognize the underlying forces that have been shaping automotive retail for years and their scope was entirely limited to a handful of stores.

Your pursuit of AI and your effort to build a business around it is admirable. However, many of the people you’re addressing are smiling, or pushing back, because they’re watching someone arrive at conclusions they reached years ago - just through a different lens.

You’ll find an audience for your "midwest-ai-division.com". Probably two of them.

The first is dealers who have resisted change and are searching for an AI-powered shortcut to solve operational problems. The second is entrepreneurs racing to create revenue opportunities around AI itself.

In many ways, this feels similar to the Digital Retailing gold rush except with far more entrants and a much shorter runway. The automotive vendor space has a way of consolidating quickly, and established providers already possess relationships, integrations, OEM approvals (thanks Shift), and distribution channels that newcomers often underestimate.

In my opinion, the irony is that AI isn’t creating nearly as many new answers as people think, which is why your points aren't that ground-breaking. More often, it’s reinforcing truths we already knew (transparency is a big one) but chose not to believe because they came from another human being or their resistance was forged in "we've always done it that way" attitude. Other times, it’s helping us find answers that already existed but were buried under too much information to uncover efficiently.

I'd be curious for you to expand your thoughts on,

nash_midwest said:

No name required. No email required. Let them print it and walk in.

Click to expand...

People do that now. Are you saying that if we eliminate forms or other ways to contact the dealer via forms, chat, etc online, they'll just double showroom traffic? I'm genuinely interested in knowing how you would structure that as well as what you were basing that idea off of. Thanks.

Alex Snyder said:

At the moment, I'm waiting for our new email delivery system to verify we are legit.

Click to expand...

We good. I'll start a new thread for the roadmap.

I love the roadmap idea. That sounds like a new thread.

Since we have this thread rolling on the initial changes and migrations, I might close this thread with a final piece that came up as an oops this morning.

Both Jeff and I have grown tired of MailChimp. In our excitement at gaining so much control over all our systems, we killed Threadloom and then put MailChimp on pause. We forgot about another piece, Mandrill, that was part of our MailChimp account and wired into Threadloom. It sits in the background and sends all the password resets, notifications, and other email communications we all get daily. However, it isn't sexy or in our management faces. When I looked at the error log, there were over 15,000 emails that got stuck. Oops

Once I get this ironed out, I can close this thread, and we can get into your DealerRefresh roadmap idea.

At the moment, I'm waiting for our new email delivery system to verify we are legit.

Something very cool with lots of legs

Claude and I wired up an API to Haiku and Sonnet. The initial purpose is to provide an AI summation of every thread on DealerRefresh. The summation will have two versions:

1. summary for humans
2. bot-driven summary to help crawlers find content better

As of this post, half the forum has been summarized. At this rate, it should be done around midnight. This first run is being done with Haiku, which is a little more technical. Older threads will keep this summation. Sonnet will take over on threads that break 5 comments in the future. Sonnet will make summations that sound more like a journalist and be more human-friendly. It would have cost 10x as much to run the entire forum through Sonnet, but ongoing costs should be manageable.

Here is what a Sonnet summation looks like on staging right now:



I have many ideas for utilizing this in more ways! Big thanks to @awolniewitz for doing this on Lovable first. It was a fantastic idea

Boring IT stuff

Made a fresh backup to store online and offline. Then made a new replication of the production site (this site) on staging. With everything fresh and virtually identical in staging, I started doing some significant cleanup work that successfully ran in staging. It has now been put in place in production.

Deleted ThreadLoom and finished cleaning up old ModernStatistics add-ons that were still throwing errors into the logs. Had to patch some other add-ons that were tied to their data.

The error logs are looking clean for the first time in years!

This thread is turning into a little diary along with the changes.

We just experienced a 30-minute outage due to a series of stupid things.

I mentioned the former agency that used to maintain DealerRefresh hacked our ad positions into the main site code instead of building them as widgets for placement amongst all the other Xenforo components. Because of this, Claude has to write its own special hacks to move widgets around the ads.

I wanted to remove the new Visitors Online widget from the thread pages. I only want that widget on the home page because something special is planned for the thread pages. When Claude added some code to remove it from the threads pages it broke a line in the main site code. On top of that, when he restored from a backup, he deleted the entire page of code instead of just that single line. This is where AI breaks <----lesson

Fortunately, we have a staging site where we build things first, and we were able to resurrect things from there.

A word of caution to dealers who wish to vibe code can be found in this post. If I didn't have 16 years of experience as a technology vendor, I wouldn't know about structured databases and pre-planned runs that can be reversed via multiple paths. Technology is frighteningly fragile. The trick to keeping it resilient is having escape and rebuild plans.

Alex Snyder said:

P.P.S. After these kinks are sorted, I am going to get back on improving the widget at the top of the forums list with the most recent threads

Click to expand...

Kinks have been smoothed. That was a PITA

Now it is time to improve the activity widget on the home page. Going to add some functionality from the old version. I built this on our staging server first, so this is the difference between staging and what you're experiencing now.



Here we go... deploying.

On the same goal of making things easier for new visitors to sign up, we have moved to a single navigation bar. Search and user account info are now in line with the traditional nav.

Before:


Now:


P.S. There are a few kinks to work through between our Staging site and Production site. I'm on those now.
P.P.S. After these kinks are sorted, I am going to get back on improving the widget at the top of the forums list with the most recent threads

Making some tweaks to the new Visitors Online widget. Combined it with the forum stats.



In building this, I realized our old forum agency had plumbed all the ad positions directly into the pages and not into Xenforo's own positioning system. We had to write a hack to get this new widget to show above the ads on the sidebar. I'm going to have to go back and do a MASSIVE clean-up job to get the ad positioning more manageable.

The stat is also plumbed into our new proposal tool, so if you're looking to advertise on DealerRefresh, you'll have a whole new experience there too. That was a gigantic job to automate it all. We used to use a tool called Proposify that had a hefty price tag and was extremely rigid in design choices and workflow options.



Now, we have our own subdomain (would have had to pay extra for that) on dealerrefresh.com with an email system for logging and site hosting all built into AWS. A database is automatically updated on Notion to track everything, and we even have a research call to do discovery work on prospects that help to generate personalized email copy.

All emails we send are pre-built into a mailto code, so Jeff or I only need to tap a link and then hit send from our own email client.

Yup @joe.pistell - this is just the beginning. My initial goals are to boost SEO (which is already amazing) and push new visitors to become members.

Here is a teeny tiny change to kick off the morning. I changed the styling of the Xenforo "Notice Board" feature to be much more in-your-face. With yesterday's Visitors online widget, there are 3 calls to action on the home page to get someone to become a member.

ohoh... Alex and Claude Code are flexin'