The AI Policy Question Is Too Small

Imagine you are sitting in the room drafting your company’s AI policy.

Someone says:

“We need to make sure employees do not paste sensitive project information into ChatGPT.”

Everyone nods.

Of course.

Nobody wants proprietary data, client information, project disputes, pricing, contracts, employee records, or internal decisions exposed to a system they do not fully control.

But then ask the question that makes the room uncomfortable:

Are employees allowed to email that same information?

Because if the answer is yes, your policy has a hole big enough to drive a bid package through.

Construction keeps asking the AI question too narrowly:

What sensitive information should employees avoid putting into ChatGPT?

Good question.

Incomplete question.

We Already Sent It Everywhere

Before ChatGPT showed up, what did we do with that same information?

We emailed it.

Forwarded it.

Attached it as a PDF.

Uploaded it to a shared drive.

Sent it through a bid invite.

Dropped it into a portal.

Printed it.

Scanned it.

Photographed it.

Copied five more people.

Then we acted like the information was still controlled.

Construction Runs on Distributed Information

Paper sounds safe until it gets scanned into a PDF.

Phone calls sound safe until the call gets transcribed.

In-person conversations sound safe until half the room has AI note-taking tools running.

Secure portals sound safe until you ask basic questions.

Secure from whom?

For how long?

With what logging?

With what downstream integrations?

With what vendor access?

With what AI features turned on by default?

The AI conversation keeps getting framed like this is about one box on one website.

Do not put sensitive data into ChatGPT.

Fine.

But the data was already out of the building.

It was already in inboxes, attachments, cloud folders, portals, vendor systems, subcontractor accounts, project management platforms, scanned PDFs, OCR indexes, and forwarded threads nobody could fully trace.

That does not mean every system is the same.

It does not mean security is fake.

It does not mean companies should be careless.

But it does mean the clean mental model is wrong.

The model says private information is something you possess.

Construction does not really work that way.

Construction runs by distributing information.

Drawings have to move.

Specs have to move.

Pricing has to move.

RFIs have to move.

Submittals have to move.

Schedules have to move.

Client comments have to move.

Internal decisions become external coordination.

Private information becomes project information.

Project information becomes shared information.

Shared information becomes somebody else’s attachment.

The Inbox Is Not a Vault

Healthcare has HIPAA.

Finance has stricter frameworks.

Government work has classification systems.

Some industries have real restricted-information infrastructure.

Construction mostly runs on contracts, NDAs, civil disputes, relationships, trust, email threads, PDF attachments, forwarded markups, shared drives, RFIs, submittals, bid invites, and “looping in” five more people.

That is the actual operating system.

And the inbox is not a vault.

It is a distribution layer.

Once something lands in email, you often lose meaningful control over where it goes next.

It can be forwarded.

Downloaded.

Indexed.

Backed up.

Searched.

Summarized.

Copied into another system.

Attached to another thread.

Dragged into a folder that syncs somewhere else.

Read by software.

Parsed by software.

Stored by software.

Eventually, maybe learned from by software.

The Old Moats Are Drying Up

People get very focused on whether ChatGPT will train on their data.

I understand why.

But that fear is already too narrow.

Construction has spent decades treating certain things like they were the crown jewels.

The spreadsheet someone built ten years ago.

The standard spec note that gets copied from project to project.

The detail library passed around internally.

The checklist.

The template.

The way one senior person likes to phrase something on a drawing.

That used to feel like institutional knowledge.

In some cases, it was.

But a lot of that value is not going to survive contact with modern AI.

A spreadsheet that took someone years to perfect can now be recreated in minutes.

And it will be better. Way better.

A specification section can be drafted, compared, revised, and adapted from a short prompt.

A standard detail library is not the moat it used to be.

Copying and pasting old standards from project to project is not some protected advantage.

In many cases, it is probably a worse way to work now.

A lot of what construction has historically treated as proprietary knowledge is becoming commodity knowledge.

Get used to it.

Not Everything Is a Secret

That does not mean nothing should be protected.

Some things absolutely should be.

Employee information.

Personal financial information.

Private client information.

Security-sensitive building information.

Legal strategy.

Credentials.

Anything that would create real harm if exposed.

But construction contracts love to call everything confidential.

That does not make everything worth protecting like a secret.

Build the Tool That Replaces the Spreadsheet

If every drawing note, spreadsheet, template, markup, and internal comment is treated like protected intellectual property, the industry cannot function.

Not in an AI world.

Maybe not even in the world we already have.

Construction requires information to move.

AI makes that movement more useful.

The upside is that we can stop worshiping old artifacts and start building better tools.

Use the data.

Use the patterns.

Use the lessons buried in old projects.

Use the RFIs, submittals, markups, estimates, and schedules to improve how work gets done.

Build systems that help teams make better decisions.

Build tools that reduce rework.

Build tools that make coordination faster.

Build tools that turn experience into leverage instead of letting it sit in someone’s private spreadsheet until they retire.

That is where the value is moving.

Not toward hoarding every piece of information.

Toward knowing what to do with it.

The old question was:

How do we stop anyone from copying our stuff?

The better question now is:

What is still worth protecting, and what should we be using to build the next version of how we work?

If your company’s advantage is a spec paragraph someone wrote twenty years ago, you do not have much of an advantage.

If your advantage is judgment, execution, relationships, accountability, speed, and the ability to turn messy project information into better outcomes, that is different.

That is much harder to copy.

And it is much more useful.

So yes, be careful with AI tools.

But stop pretending the goal is to keep every piece of construction knowledge locked in a vault.

There is no vault.

There is email.

There are PDFs.

There are portals.

There are shared drives.

There are vendors.

There are models.

There are tools that can recreate in seconds what used to take years to accumulate.

A lot of that old knowledge is becoming cheap.

That does not make it useless.

It means the value has moved.

The spreadsheet is not the moat anymore.

What you build with the knowledge is.