Artificial Intelligence at BESIX: how we will use AI from now on

Dear colleagues,

This memo sets out how BESIX will use artificial intelligence from now on, and what this means in practice for the way each of us works. The position outlined here is the operational extension of Group Rule 5.6 (IT Cybersecurity) and Group Rule 5.7 (IT Data & Application Governance) into the AI domain. It does not introduce a new framework. It applies the standards we have already agreed at BESIX Group level to a technology that is moving faster than any of us can anticipate.

What changed since January

Four things have shifted in the last four months, and together they change what we can safely do with AI at work.

First, Anthropic and Microsoft released Cowork Agents. These are not chat assistants. They are agents that can take actions on your behalf, opening browsers, signing into systems, moving files, sending messages. Google, OpenAI and xAi have shipped or announced equivalents in the same window. ‌

Second, an open-source agent originally called Moltbot, then ClawdBot, now OpenClaw, has been observed storing user credentials in plain text and being manipulated through prompt injection to exfiltrate data. It is freely downloadable. Several variants are already circulating inside BESIX.

Third, an industry survey of 4,200 knowledge workers reports that 57% use personal AI accounts for work tasks and 33% have pasted confidential or regulated data into those accounts. There is no reason to assume BESIX is an exception.

Fourth, what the industry calls “vibe coding” has arrived inside BESIX. Colleagues with no formal development background are using AI to put together small applications, dashboards, and scripts that solve real problems on their projects or within departments. The creativity is welcome and we have already seen genuinely useful results. The side effect is that we are accumulating software no one in ICT knows about, on hosting we did not choose, with data we cannot trace, and with no clear owner once the person who built it moves on. We need a path that lets this energy continue, safely.

The four things I worry about

I want to be plain about what I think the risk is, because the technical vocabulary obscures it.

1. Who is acting. When an AI agent signs into a system on your behalf, the audit trail shows the human, not the agent. If something goes wrong, a payment, a contract change, a deletion, we cannot tell who or what did it.
2. What it can do. Modern agents can open files, send emails, move money, and interact with our suppliers and clients. The blast radius of a single bad instruction is much larger than it was for a chatbot that just produced text.
3. What it remembers. Anything you type into a personal AI account may be retained, used for training, or exposed in a future breach of that provider. Once it leaves our perimeter, we cannot recall it.
4. Where the code comes from. Open-source AI projects are being published, abandoned, forked, and renamed within weeks. OpenClaw is the cautionary tale, not the exception. Anything we adopt without review is something we cannot vouch for.

These four risks map directly to obligations we have already committed to under GR 5.6 (confidentiality, integrity, availability of information; mandatory monitoring and auditing; incident response) and GR 5.7 (named data and application owners; assessed cross-border data flows). The AI policy gives us the tooling to honour those commitments in a domain that did not exist when the rules were drafted.

What we will implement

The following measures will be put in place across BESIX Group under my authority as CIO, in line with GR 5.6 and GR 5.7.

1. One sanctioned AI platform. Microsoft 365 Copilot, operating inside the BESIX tenant, becomes the default AI tool for all employees. Data stays under our existing Microsoft data protection commitments.
2. Technical block on unsanctioned AI platforms. ICT is deploying technology to prevent access from BESIX devices and networks to unsanctioned AI services, including free public chatbots, open-source agent frameworks, and computer-use agents. The block list will be reviewed continuously as the market evolves. Exceptions go through the Application Governance Board.
3. BESIX data stays on BESIX-governed devices. Use of BESIX data with any AI tool, including the sanctioned platform, is restricted to managed devices that meet our security baseline. Personal devices and personal accounts are not permitted. BESIX data will receive a security label in order to enforce this technically, in line with GR 5.6.
4. A named owner for every AI-generated application, consistent with the application owner principle in GR 5.7, with a data classification, a hosting decision, and a documented review cycle.
5. A 60-day amnesty during which any team can register an AI tool or AI-built application without consequence, so we can build a complete inventory. After the amnesty, undeclared use is treated as a security policy breach under the standard process in GR 5.6.
6. Awareness and mandatory training for all employees and relevant external service providers, extending the cyber awareness obligations already set out in GR 5.6 to cover AI-specific risks.
7. Incident response. AI-related incidents are handled through the existing Incident Response Plan under GR 5.6, with AI-specific playbooks added.

What this means for you in practice

• Use Microsoft 365 Copilot for everyday AI tasks: drafting, summarising, searching, analysing. It is already available in the BESIX tenant.
• Do not paste BESIX data into personal AI accounts. ChatGPT, Gemini, Claude, or any other public service. This includes contracts, drawings, financials, employee data, client correspondence, and code.
• Do not install AI agents or browser extensions from public sources on your work device without going through the AI Review Board.
• If you are already using an AI tool or have built something with AI, declare it through the IT Helpdesk during the 60-day amnesty. No questions asked, no consequences.
• If you are unsure, ask. Your ICT contact, your manager, or the Application Governance Board can give you a quick read.
• Read the BESIX AI Rule v1.0 on the Group intranet. The seven rules, the may/may-not examples, and the rules for AI-assisted development are the authoritative reference when this memo is silent on a specific case.

Timeline

• Today: this memo and a short briefing pack reach every employee.
• Today: policy and supporting documentation published on the Group intranet.
• 31 May: amnesty opens and inventory begins; first wave of technical controls live.
• End of June: AI Review Board operational, first review cycle complete, full enforcement.

Bottom line

BESIX already has a clear standard for how we treat information assets, who owns applications, and how we respond when things go wrong. That standard is GR 5.6 and GR 5.7. The AI policy applies it to a category of tool that did not exist when the Group Rules were last revised. None of this is meant to slow you down. It is meant to give you a safe, sanctioned, and capable AI environment so you can use these tools with confidence and so the trust our clients place in BESIX continues to hold.

Thank you for taking the time to read this and for the care I know you will bring to applying it.

With kind regards,

Werner Godaert
Chief Information Officer
BESIX Group