Artificial intelligence is already showing up in everyday business operations, often in small and seemingly harmless ways.
An employee may use an AI tool to clean up a guest email. A manager may use it to draft a schedule, job description, or employee memo. A supervisor may use it to compare vendor information, summarize notes, or speed up an administrative task.
None of that is automatically bad.
In fact, many hospitality businesses are exploring AI because it can make routine work faster, easier, and more efficient. But there is a difference between using AI intentionally and having AI quietly spread through a business without leadership fully realizing where, how, or why it is being used.
That difference matters.
The Risk Is Not Just the Tool
For hospitality businesses, the concern is not simply that employees are using AI. The bigger issue is what they may be entering into those tools.
Guest information. Employee details. Vendor contracts. Internal financial data. Incident reports. Private emails. Reservation notes. Payroll questions. Customer complaints.
These details may feel ordinary to the person trying to get through a busy day, but they can carry real privacy, security, and operational concerns.
A well-meaning employee may not think twice about pasting information into a public AI tool if the goal is to save time or improve wording. A manager may not realize that a third-party platform could retain, process, or expose information in ways the business has not evaluated. A supervisor may use AI to move faster without realizing that the company has no clear policy around what is appropriate.
That is how risk often starts.
Not with bad intent.
With convenience.
AI Can Create a Visibility Problem
One of the most difficult parts of AI risk is that leadership may not have a clear picture of how employees are already using it.
That creates a visibility problem.
A business cannot manage what it has not identified. It cannot create meaningful safeguards around tools it does not know employees are using. It cannot train employees on boundaries that have never been defined.
For hospitality businesses, this can be especially tricky because so much work happens quickly. Teams are balancing guest requests, staffing issues, vendor communication, service recovery, payroll needs, scheduling changes, and back-office administration.
When everyone is trying to save time, AI can feel like a simple solution.
But small shortcuts can become larger exposures when there are no rules around them.
Everyday AI Use Deserves Clear Boundaries
AI may be helpful for drafting, summarizing, organizing, and brainstorming. But employees should not be left to guess what information is appropriate to use.
That is where clear internal guidance matters.
A hospitality business should be able to answer basic questions:
Where are employees actually using AI?
Are managers, supervisors, or administrative staff using public AI tools?
What kind of information is being entered into those tools?
Are guest records, employee data, financial information, vendor details, or internal communications being shared?
Does the business have a written AI policy?
Are employees trained on what should never be entered into a third-party tool?
Who reviews AI-generated work before it is used to make decisions or communicate with guests, employees, vendors, or applicants?
These questions are not meant to discourage innovation. They are meant to help businesses use new tools with more awareness and control.
Deepfakes and AI Scams Are Part of the Conversation Too
AI risk is not limited to what employees type into a tool.
It also includes what employees receive.
A finance employee may receive a voice message that sounds like an executive authorizing a payment. A manager may get a text that appears to come from ownership. A vendor request may look more polished and legitimate than the phishing emails businesses used to recognize.
As AI tools become more convincing, hospitality businesses may need to rethink how they verify unusual requests.
That could mean requiring a second form of confirmation before changing payment instructions, approving wire transfers, releasing sensitive information, or responding to urgent requests that seem slightly off.
The solution does not need to be complicated.
But it does need to be clear.
Employees should know when to pause, who to contact, and what steps to follow before acting on something that could expose the business.
A Better Way to Approach AI
The goal is not to ban AI from every corner of the business.
The better goal is to understand how it is being used and create guardrails around it.
A practical AI policy may address which tools are approved, who is allowed to use them, what information is prohibited, when human review is required, and who owns the process internally.
For hospitality businesses, those guardrails should be especially clear around guest data, employee information, payment details, vendor contracts, internal communications, hiring-related content, and financial records.
AI should help the business operate more efficiently. It should not create uncertainty about where sensitive information is going, how decisions are being made, or whether employees understand the boundaries.
Before Small Shortcuts Become Bigger Problems
AI use should not be invisible inside a business.
If employees are using these tools to move faster, leadership should know where that is happening. If sensitive information is involved, there should be rules. If AI-generated work is being shared, relied upon, or used in decision-making, there should be human review.
The issue is not that hospitality businesses are using AI.
The issue is using it quietly, without making sure policies, training, procedures, and risk conversations have caught up.
That includes insurance conversations, too. If your property has changed the way it uses technology, AI tools, guest data, internal systems, or payment verification procedures, those changes may be worth discussing before your next renewal.
At DiNicola Insurance Services, we help hospitality businesses think through operational risk before small issues become larger problems. If AI has become part of your daily workflow, it may be time to bring that into the broader risk conversation.