When OpenAI’s generative artificial intelligence chatbot ChatGPT debuted late in 2022, Chief Information Officer Christos Ruci had a quick, gut reaction. Absolutely not.
“We are not doing it, not generative AI,” says Ruci, who oversees technology and cybersecurity for building and construction services provider Limbach Company. “I blocked everything I could.”
What kept him on the AI sidelines were concerns about data leakage, which Ruci feared could erode trust with Limbach’s employees and clients, and even potentially damage his own professional reputation. Any external data exposure would far outweigh the rewards of using generative AI to potentially automate workplace tasks or accelerate software and product development.
“My personality is typically the opposite, which is, ‘Let’s get it done. Let’s figure it out. Let’s fail first,’” says Ruci. “But when it comes to the security and risk of my company, and my customers and my employees’ data, there is no failing.”
IT departments are spending billions annually on enterprise generative AI tools and today, around seven out of every ten companies are using AI in at least one business function, according to consulting giant McKinsey & Co. But there are plenty of CIOs that aren’t yet using generative AI and until recently, Ruci was one of them.
This year, Ruci finally authorized some limited uses of generative AI tools from OpenAI, Microsoft, and Google to Limbach’s 1,400 employees. Ruci has complete oversight into any future AI extensions or features pitched by vendors that workers may want to use.
Ruci’s judicious approach meant he would consult regularly with legal and compliance to develop clear corporate guidelines explaining what employees could and could not do with generative AI. At Limbach, he also oversaw cybersecurity and used his experience educating the workforce on how to prevent cyberattacks as a model to roll out AI training.
That steady cadence of training has included webinars, all-hands staff meetings, and Ruci speaking to each separate business unit to explain the company’s AI policies to every employee. Newsletters are distributed to give future updates. “It’s on rinse and repeat now to continuously remind them on what they can and cannot do,” says Ruci.
Up to this point, Ruci’s generative AI focus has been narrowly focused, almost entirely putting an emphasis on making employees more productive, like transcription tools for meeting summaries. Some larger use cases, which Limbach hasn’t fully embraced yet, include new generative AI tools that make data retrieval easier and automating the customer contract renewal process. There’s still a lot that isn’t allowed to touch AI at Limbach: no personal or protected health information, non-public financial data, and customer data, including anything about building projects, intellectual property, or trade sercrets.
Ruci is further along deploying traditional forms of AI, including the collection of data from building facilities like heating, ventilation, and air conditioning and then using those AI-enabled insights to make those systems more efficient for building owners and facilities managers.
He also moved quickly to complete a full migration of all of Limbach’s infrastructure across 20 locations to the cloud. Limbach has been scooping up smaller, regional building systems providers and Ruci says a 100% cloud environment can speed up IT integration.
When asked about agentic AI—the new buzzword on every CIOs lips in 2025—Ruci again stresses caution. He says he is taking a page from Apple CEO Tim Cook, who has been slower than most Big Tech giants to deploy AI features externally to users.
“I really want to see where the market and industry goes before we go all-in on something,” says Ruci.
John Kell
Send thoughts or suggestions to CIO Intelligence here.
This story was originally featured on Fortune.com
