Skip to content
Back to Blog
Industry NewsJuly 10, 202612 min readMy MSP TechMy MSP Tech

ChatGPT Work: What OpenAI’s New AI Agent Means for Commercial Property IT

Quick Answers for Property & Facility Managers

What does OpenAI’s ChatGPT Work mean for commercial property and facility managers?

ChatGPT Work is a new OpenAI agent designed to execute tasks across apps and files, accelerating AI-powered workplace automation. This matters for commercial property and facility managers because it will quickly increase staff and tenant demand for AI tools, forcing clear decisions on governance, cybersecurity, data protection, and how your managed IT provider integrates AI into building operations.[7]

Is it safe to let staff or tenants use AI tools like ChatGPT Work on corporate building networks?

AI tools can be used safely on corporate building networks only with clear policies, technical controls, and managed cybersecurity in place.[1][3][6] Risks include data leakage, exposure of confidential tenant information, and compliance violations, so property owners should rely on managed IT partners to enforce security baselines, monitoring, and usage rules before broad rollout.[1][3][6]

How should my managed IT provider prepare our building portfolio for tools like ChatGPT Work?

Your managed IT provider should inventory AI use, classify data, and implement policies before enabling ChatGPT Work.[4][6][7] That includes network controls, identity and access management, logging, and user training, aligned to frameworks like NIST CSF and SOC 2, so AI automation improves productivity without compromising security or compliance.[6][7][8]

OpenAI’s ChatGPT Work: Why Property and Facility Managers Should Care

OpenAI has introduced ChatGPT Work, a professional-grade AI agent designed to execute tasks across applications and files, expanding its push into workplace automation.[7] While details continue to emerge, the positioning is similar to other enterprise-focused AI offerings: embedded in daily workflows, connected to business data, and tuned for professional use.

For commercial property managers, facility managers, and building owners, this is not just another technology headline. It signals that AI-assisted work is moving from pilot projects to mainstream adoption in tenant offices, property management teams, and building operations. That shift directly affects IT governance, cybersecurity, and compliance across your portfolio.

Most property organizations already rely on managed service providers (MSPs) or internal IT to support Microsoft 365, building management systems (BMS), access control, and tenant-facing networks. As tools like ChatGPT Work are introduced, those same teams will be expected to integrate AI agents safely, protect building and tenant data, and maintain uptime and SLAs.

The critical question becomes: how do you harness AI productivity gains without exposing your buildings and tenants to unacceptable risk?

Key Risks of AI Agents in Commercial Building Environments

AI tools like ChatGPT have already raised well-documented security and privacy questions. Those risks tend to increase when the tools are connected to corporate file shares, email, and operational systems.

Common risk areas relevant to property and facility operations include:

  • Data leakage from prompts: Staff may paste leases, rent rolls, incident reports, or access logs into an AI chat to “summarize” or “rewrite,” not realizing that sensitive data could be stored, logged, or exposed depending on tool configuration.[1][3][6] This is especially problematic for personally identifiable information (PII) and financial data.
  • Regulated data exposure: In mixed-use or healthcare-adjacent properties, tenant or occupant information may be subject to HIPAA, PCI DSS, or the FTC Safeguards Rule. Improper use of AI tools with such data can create compliance and breach-notification obligations.[3][6][7]
  • Phishing and social engineering: AI tools can also help attackers craft more convincing phishing emails that target property staff, vendors, or tenants.[3][8][10] Property operations teams are already frequent targets due to their access to financial approvals, work orders, and building systems.
  • Shadow AI use: Without a clear policy, employees may start using public AI tools on their own—often from unmanaged devices—bypassing the controls your MSP or internal IT has put in place.[4][6][7] This undermines SOC 2-style controls on data access and logging.
  • Inaccurate or biased outputs: ChatGPT is trained on real-world data, which can reflect biases and offensive content.[7] Unvetted AI-generated communications to tenants, vendors, or regulators could introduce reputational or legal risk if not reviewed by humans.

These risks do not mean you must block AI entirely. Instead, they point to the need for structured governance and managed cybersecurity whenever AI agents like ChatGPT Work are used on your building networks.

Governance and Policy: Foundation for Safe AI Use in Property Operations

Legal and cybersecurity experts consistently recommend that organizations adopting ChatGPT establish clear corporate AI policies rather than allowing ad hoc use.[4][6][7] For property managers and building owners, an effective policy should be tailored to your operating model, the sensitivity of your data, and your regulatory obligations.

Key elements to cover with your managed IT or vCIO partner include:

  • Approved AI tools and editions: Specify which AI platforms are authorized (e.g., enterprise or “Work” editions only) and prohibit use of personal/free accounts for work data.[4][6] Enterprise/Work offerings are typically designed with stronger security controls and data-handling guarantees than public consumer versions.[2][7]
  • Data classification and usage rules: Define what information may never be shared with AI tools—such as Social Security numbers, payment card data (PCI), health data (HIPAA), protected tenant information, access credentials, or sensitive security plans.[3][6][7] Align this with NIST CSF or NIST 800-171 style data classification practices.
  • Use-case approvals: Require formal review for AI use cases involving personal data or significant operational impact, with legal review where AI-based re-identification is a concern.[7] For example, using AI to analyze access-control logs or incident reports should be cleared before deployment.
  • Human-in-the-loop requirements: Mandate human review of AI-generated communications, contracts, and technical recommendations to avoid over-reliance on unverified output.[7][9] Property managers remain accountable for decisions and tenant communication.
  • Training and awareness: Provide staff training on risks of public-facing AI tools, safe prompt design, and the organization’s approved workflows.[1][4][6] This is especially important for front-office staff who may be tempted to “speed up” lease or email drafting with AI.

Managed IT providers can help codify these rules into acceptable-use policies, onboarding materials, and standard operating procedures that fit within your broader information security program and SOC 2-style governance.

Security and Compliance Controls Managed IT Should Implement

Beyond policy, AI agents like ChatGPT Work require technical controls so that security does not depend solely on employee behavior. Guidance from cybersecurity organizations and practitioners emphasizes data protection, identity management, and monitoring.[1][3][6][8]

For commercial building portfolios, expect your managed IT or MSSP partner to handle at least the following:

  • Network and access controls: Limit AI tool access to managed devices and trusted networks, using firewalls and secure web gateways. Block unapproved AI domains where necessary to reduce shadow AI use.[4][6]
  • Identity and MFA: Integrate ChatGPT Work with your identity provider so logins are controlled by corporate SSO and multi-factor authentication (MFA). This aligns with NIST CSF and SOC 2 expectations around strong access control.
  • Data protection and encryption: Ensure data used with AI tools is encrypted in transit and at rest, and that access is logged and auditable.[2][6] For highly sensitive datasets (e.g., access control exports, CCTV metadata), explore techniques such as format-preserving encryption when using them in analytics or AI workflows.[6]
  • Endpoint and email security: Deploy EDR/MDR and advanced email security to reduce the risk of AI-crafted phishing or malware reaching staff.[3][8][10] AI accelerates both defense and offense, so detection and response need to keep pace.
  • Logging and monitoring: Treat AI services as part of your critical SaaS stack. Your SOC or MDR provider should monitor authentication logs, anomalous usage, and data exfiltration attempts tied to AI tool traffic.[6][8]
  • Compliance alignment: Ensure AI usage is mapped against frameworks relevant to your portfolio: NIST CSF for risk management, SOC 2 for service providers, HIPAA and PCI DSS where applicable, and the FTC Safeguards Rule for financial-related tenant data.

In many cases, tools like ChatGPT Work will be part of broader M365, collaboration, or workflow platforms your MSP already manages. The goal is to integrate AI into existing security architecture instead of treating it as a separate, unmanaged add-on.

Practical Use Cases for Property Teams—and How to Implement Them Safely

Despite the risks, AI agents can provide meaningful value to property and facility teams when deployed with proper guardrails. Examples include:

  • Drafting non-sensitive communications: Use AI to draft general tenant memos, preventive maintenance announcements, or internal SOPs—without including personal or contractual specifics. Human review remains mandatory before sending.[1][7][9]
  • Summarizing technical documents: AI can summarize equipment manuals, warranty terms, or vendor proposals so facility teams can understand key points faster. Keep full warranty documents and service contracts stored in secure document management systems; avoid pasting entire contracts containing sensitive fields.[1][6]
  • Knowledge base and training: AI can help turn existing SOPs and emergency response plans into searchable Q&A for new staff, provided the underlying documents are stored in controlled, compliant repositories.[2][6][9]
  • Basic data analysis and reporting: Safely anonymized operational data—such as high-level energy usage trends or maintenance ticket categories—can be analyzed by AI tools to highlight patterns and inform capital planning.

To implement these use cases safely at building or portfolio scale:

  • Start with a pilot on a limited group of users (for example, a central property management team), with clear rules on what can and cannot be done.
  • Have your MSP configure AI access, integrate SSO/MFA, and set logging before expanding tenant-facing features.
  • Document approved workflows and store them in your service desk or ITSM platform so they are repeatable across sites.

This staged approach reduces risk while giving leadership real-world data on ROI and productivity impacts.

How to Work with Your Managed IT Provider on ChatGPT Work

Because most property organizations do not have large in-house security teams, your managed IT provider or vCIO will be critical in shaping your AI roadmap. Industry guidance emphasizes that AI can be safely used in regulated environments only with strict oversight and ongoing cybersecurity monitoring.[3][6]

When you discuss ChatGPT Work or similar AI agents with potential or existing providers, consider asking:

  • Have you deployed enterprise-grade AI tools for other clients? Look for experience with AI-enabled productivity suites, including configuration for security and compliance.[2][9]
  • How do you align AI use with frameworks like NIST CSF or SOC 2? Providers should be able to explain their control mapping and evidence collection.
  • Do you provide AI-specific policies, user training, and incident response playbooks? This includes procedures for suspected data leakage through AI prompts.[1][3][6]
  • How will AI fit into our existing MDR/SOC monitoring? Ask how AI-related access and data flows will be incorporated into threat detection and response.[8][10]
  • How do you handle multi-tenant environments and mixed portfolios? Buildings hosting healthcare, financial, or retail tenants often have stricter requirements; your provider should understand HIPAA, PCI DSS, and FTC Safeguards implications.

For owners evaluating new MSPs on marketplaces like My MSP Tech, this is now a core differentiator: does the provider treat AI as a strategic capability that is governed, monitored, and integrated, or simply as a convenience tool left to end users?

Next Steps for Building Owners and Facility Managers

The launch of ChatGPT Work underscores that AI will increasingly be embedded in the tools your teams and tenants use daily.[7] You do not need to adopt it overnight—but you do need a plan.

Practical next steps include:

  • Inventory current AI use across your organization and tenant services: what tools are in use today, and where?
  • Engage your MSP or internal IT to develop an AI acceptable-use policy that aligns with your contracts, SLAs, and regulatory exposure.[4][6][7]
  • Prioritize data protection for sensitive building and tenant information, using encryption, access control, and logging consistent with NIST and SOC 2 practices.[2][6][8]
  • Pilot AI safely in low-risk workflows, measuring time savings and quality improvements while monitoring for security or compliance issues.
  • Update vendor selection criteria so future managed IT and cybersecurity partners can demonstrate AI readiness, including integration with MDR, SIEM, and compliance reporting.

Handled thoughtfully, AI agents like ChatGPT Work can become another managed tool in your technology stack—improving productivity for property teams while maintaining the security, compliance, and reliability your occupants expect.

Frequently Asked Questions

How should a national commercial property owner evaluate the ROI of ChatGPT Work with managed IT support?

Start with specific use cases—such as faster tenant communication or maintenance reporting—and estimate time saved per user. Compare that to licensing, configuration, and managed security costs. ROI improves when AI is standardized across the portfolio, integrated with Microsoft 365, and supported by an MSP that can automate repeatable workflows and maintain compliance.[2][9]

Can ChatGPT Work be used in properties handling HIPAA, PCI DSS, or FTC Safeguards data?

AI can be used in regulated environments only with strict configuration, data segregation, and ongoing cybersecurity monitoring.[3][6] Property owners must prevent protected data from being entered into public AI, use enterprise-grade editions with defined data handling, and align controls with HIPAA, PCI DSS, NIST CSF, and the FTC Safeguards Rule where applicable.[3][6][7]

What are the biggest cybersecurity risks of AI tools on corporate building networks?

Major risks include sensitive data leakage through prompts, AI-assisted phishing and fraud, and unmonitored shadow AI use by staff.[1][3][8][10] These can be mitigated by clear policies, endpoint and email security, access controls, logging, and by routing AI traffic within the same governance framework as other critical SaaS platforms.[3][6][8]

Should we block public ChatGPT and only allow enterprise or Work editions?

Many organizations restrict or block public AI access and standardize on enterprise editions to gain stronger security and governance.[2][4][6] For property portfolios, this approach simplifies compliance, centralizes configuration, and lets your MSP manage SSO, MFA, monitoring, and data retention policies consistently across all sites and users.[2][6][8]

What qualifications should we look for in an MSP to manage AI adoption in our buildings?

Seek providers with proven experience deploying enterprise AI tools, SOC 2–aligned processes, and strong MDR/SOC capabilities. They should understand NIST CSF, NIST 800-171, HIPAA, PCI DSS, and FTC Safeguards implications, offer AI-use policies and training, and demonstrate how AI services are integrated into their broader security and incident response processes.[3][6][8][9]

Related Reading on My MSP Tech

Find a Qualified Managed IT & Cybersecurity Contractor

Need help acting on this? Browse managed IT & cybersecurity providers in your area, or explore commercial managed IT services like preventative maintenance, inspections, and emergency response. Are you a contractor? List your business on My MSP Tech to reach IT and operations leaders actively searching for help.

Sources

  1. metomic.io
  2. youtube.com
  3. ertech.io
  4. reddit.com
  5. kickidler.com
  6. community.opentext.com
managed itcommercial property technologyai governancecybersecurity