There’s a lot of noise about artificial intelligence (AI) right now—and rightly so. Tools like ChatGPT, Microsoft Copilot, and Google Gemini are changing how companies operate, and Salt Lake City construction firms are no exception. From drafting RFIs and summarizing job site reports to helping project engineers run cost analysis spreadsheets, AI is creeping into every corner of our workflows.
But while these tools can boost productivity, they can also open the floodgates to serious IT security risks—especially if your team doesn't understand how dangerous a few careless clicks can be.
Even small-to-mid-sized GCs and specialty subcontractors are at risk.
Here’s The Problem
The threat isn’t the AI itself—it’s how your team is using it. When project managers or estimators copy and paste sensitive information into public AI platforms, that data doesn’t just disappear. It can be stored, indexed, and even used to train future models.
Think about that for a second. You could be feeding bid data, site logistics plans, or even sensitive client contracts into an open platform without realizing you’re exposing your firm’s intellectual property.
Just last year, Samsung engineers accidentally leaked source code into ChatGPT. The breach was serious enough that Samsung banned all employee use of public AI tools, according to reporting from Tom’s Hardware.
Now picture one of your PMs pasting subcontractor pricing or OSHA compliance notes into ChatGPT for "quick formatting help."
Seconds later? That info could be logged and exposed.
A New Threat: Prompt Injection
Here’s where it gets sneakier. Hackers are now embedding malicious commands inside PDFs, subcontractor docs, job site photos, even YouTube transcripts. These commands are invisible to your team but get triggered when an AI tool scans or summarizes the content.
It’s called prompt injection —and it tricks AI tools into performing harmful actions or leaking data. Like giving up login info or sharing internal schedules.
The worst part? The AI doesn’t know it's being hacked. It just follows instructions, which could lead to massive data leaks inside your company without anyone realizing what happened.
Why Construction Firms in Salt Lake Are Especially Vulnerable
Most construction IT departments don’t have guardrails in place for AI usage. Field engineers, VDC teams, and project admins adopt these tools with good intentions—trying to save time on daily tasks—but without understanding how they work or the risks involved.
There’s also a lot of misunderstanding. Many of your people assume AI tools are just like Google. They don’t realize what they paste could be stored permanently or fed back into future systems.
And when something goes wrong? It’s you—the IT or Ops Director—who’s going to catch the heat.
What You Can Do Right Now
You don’t need to shut down every AI tool in your company. But you do need to get ahead of the problem—fast. Here’s how:
- Create an AI Usage Policy
Spell it out clearly. Define which tools are approved, what can and can’t be shared, and who to go to for questions. Your BIM guys and PMs need guidance, not just rules.
- Educate Your Team
Get in front of your people. Do short training sessions or toolbox talks that show how AI tools work and how prompt injection can happen. The goal isn’t to scare them—it’s to build awareness.
- Stick to Secure, Business-Grade Platforms
If you’re going to use AI, make sure it’s integrated into secure environments like Microsoft Copilot. These enterprise-level tools give you more control over where your data goes—and who sees it.
- Monitor and Manage AI Access
Keep an eye on what’s being used. If needed, block public AI tools on company devices or limit access to high-risk platforms. Better to be cautious now than face a data breach during a high-profile build.
The Bottom Line
Look, I get it. AI is here, and it’s not going anywhere. But if you’re not putting guardrails in place, you’re rolling the dice with sensitive project data, subcontractor bids, and even your reputation in Salt Lake's tight-knit construction network.
A few copy-paste mistakes could lead to compliance failures, lawsuits, or worse—a full-blown cybersecurity incident.
Let’s talk. We’ll walk you through how to create an AI usage policy that protects your team, your data, and your job sites—without slowing down productivity.
[Click here to book your free network assessment] and let’s make sure your construction tech stack is working for you—not against you.
