Your Construction Team Is Using AI Tools — Are You Managing the Risk?

Shadow IT, Bid Document Exposure, and What Happens When Project Data Enters Unapproved AI Tools

AI tools have found their way into construction workflows at every level. Project managers are using AI to draft RFI responses and summarize meeting minutes. Estimators are using AI writing assistants to speed up bid proposals. Field superintendents are using AI apps to generate daily report summaries from their notes. Some of this is happening with company oversight — most of it is not. A 2024 CybSafe/NCSA study found that 38% of employees share confidential data with AI tools without employer approval. A separate BlackFog study found that 49% use unapproved AI tools at work. For a construction company where bid documents, project schedules, and subcontractor pricing represent real competitive value, that unauthorized data sharing is a genuine business risk — not just an IT concern.

What Happens to Project Data Entered into Unapproved AI Tools

When a project manager pastes bid pricing, subcontractor costs, or project schedules into a publicly accessible AI tool, that data leaves your controlled environment. Depending on the tool's terms of service, your company's confidential project information may be stored on third-party servers, used to train future AI models, or reviewed by human trainers. The AI tool's data handling policy is unlikely to include the same confidentiality protections you expect from platforms like Procore or Autodesk Construction Cloud.

In competitive bidding environments, this matters directly. Your bid documents, unit cost databases, and subcontractor pricing are competitive intelligence. If an AI tool that has processed your bid data is also being used by competitors, your pricing strategies could inform competitive responses. Even without deliberate misuse, data shared with consumer AI tools is outside your company's control in ways that well-designed construction platforms are not.

Shadow IT — the use of unapproved apps and platforms for work purposes — is not a new problem in construction, where field teams regularly use personal apps to solve immediate problems. But AI tools represent a new category of shadow IT risk because they are specifically designed to process and work with text content, making it easy and natural to paste in project information without thinking of it as a data sharing event.

The AI Hallucination Risk in Construction Documents

AI language models produce fluent, confident-sounding text — and they regularly invent facts, statistics, and details that sound plausible but are not accurate. In construction, AI hallucinations can create real problems. An AI-generated proposal that includes fabricated material cost estimates, invented code references, or incorrect safety statistics does not just look unprofessional if caught — it can create liability if it reaches a client or becomes part of a contract.

The risk is highest when AI output is used without verification. An estimator who uses an AI tool to draft a bid proposal section and submits it without checking the numbers against real supplier quotes is relying on a tool that has no access to current pricing data and may have invented figures to fill in gaps. A project manager who uses AI to summarize a set of specifications and misses a critical requirement because the AI hallucinated a detail has a field problem, not just a document problem.

The principle that should govern AI use in construction is simple: AI drafts, humans verify. AI tools are genuinely useful for drafting, organizing, and summarizing — but every output needs to be reviewed by someone with domain knowledge before it enters a proposal, a contract, or a communication with an owner or subcontractor.

What Shadow IT Looks Like on a Construction Job Site

Construction shadow IT spans the full range of operations. In the office: estimators using free AI writing tools to draft bid documents, project coordinators using personal cloud storage to share blueprints that are too large to email, AP staff using consumer-grade messaging apps to discuss payment terms with subcontractors. In the field: superintendents using personal file-sharing apps to distribute updated drawings when Procore is slow, foremen using consumer AI apps to translate job site instructions.

The common thread is that well-intentioned people are solving real operational problems with available tools — without awareness of the data risks those tools create. A superintendent who shares an updated blueprint via a personal file-sharing app because the owner needs it immediately has just put your company's design documents on a platform with no contractual data protection obligations. That is a real exposure, even if the intent was entirely innocent.

Three Things Your Construction Company Should Do Right Now

1. Find out what AI and shadow IT tools your team is actually using.

You cannot manage what you cannot see. A short survey of your project managers, estimators, and field supervisors asking what apps and tools they use for work tasks will produce a list that almost certainly includes unapproved platforms. This is not a gotcha exercise — it is the first step toward building an AI policy that actually fits how your team works.

2. Define what project information must not be entered into AI tools.

Some categories of information should never enter an unapproved AI tool: subcontractor pricing and bid documents, owner contract terms, proprietary project schedules, company financial data from Sage 300 CRE, and any information covered by confidentiality agreements with owners or developers. Write these boundaries down and train your office and field teams on them.

3. Designate approved tools and provide training on their appropriate use.

The fastest way to reduce shadow IT is to give your team approved alternatives that solve the same problems. Evaluate and approve one or two AI tools for construction workflows — tools with enterprise data handling agreements that protect your company's information. Make clear to your team that these are the approved options, explain why unapproved tools create risk, and provide brief training on what is and is not appropriate to enter. People generally follow policies they understand.

Protecting Your Bid Documents and Competitive Intelligence

Your estimating database, your subcontractor pricing, and your bid strategies represent years of accumulated expertise and competitive advantage. In a market where margins are tight and project awards are competitive, that information is genuinely valuable — both to your business and to competitors who would benefit from seeing it. An AI tool that processes your bid documents with unclear data retention policies is a risk to that competitive position.

Platforms designed for construction — Procore, Autodesk Construction Cloud, Sage 300 CRE — are built with enterprise-grade data controls and contractual confidentiality protections. Consumer AI tools are not. The gap between those environments is where your competitive intelligence is most exposed.

Qual IT works with Salt Lake City construction companies to keep office and field systems running securely. Schedule a free discovery call to build an AI and shadow IT policy that fits your project workflows.

Frequently Asked Questions

Q: How do we handle field teams who use personal apps when job site connectivity is slow?

Job site connectivity is a real operational challenge that drives shadow IT in construction — if your approved platforms are slow or unavailable, field teams will use whatever works. The solution is twofold: improve connectivity with job site Wi-Fi or cellular hotspot solutions so approved platforms are actually usable in the field, and provide field-optimized versions of your approved tools (Procore's mobile app, for example, is designed for field use with offline capability). Qual IT helps construction companies design field connectivity solutions that reduce the operational friction that drives shadow IT.

Q: Can AI tools be used safely for bid preparation?

Yes — with the right controls. The key requirements are: use an approved AI tool with an enterprise data handling agreement, never enter subcontractor pricing or owner-confidential information without authorization, verify all AI-generated figures and references against real sources before submitting, and ensure a qualified estimator reviews and takes professional responsibility for every AI-assisted proposal. AI can significantly accelerate the drafting and formatting of bid proposals — the risk comes from treating AI output as authoritative without human verification.

Q: What is the risk if a subcontractor uses an unapproved AI tool with our project data?

If a subcontractor processes your project files, blueprints, or contract terms through an unapproved AI tool, your company's confidential information has left your controlled environment via a third party. Your subcontractor agreements should include data handling requirements that address this scenario. Requiring subcontractors to comply with your data security policies — including restrictions on AI tool use with your project data — is increasingly standard in construction contracts with sophisticated owners and GCs. Qual IT can help you draft subcontractor IT security requirements appropriate for your project types.