AI in law: privacy and privilege risks

Two federal judges reached opposite answers in separate February 2026 hearings about whether using consumer AI tools exposes confidential legal material: Judge Jed S. Rakoff in the Southern District of New York ruled that roughly 31 documents a criminal defendant generated with a commercial AI tool were not protected, finding the AI interactions could defeat confidentiality. (debevoise.com) That same day Magistrate Judge Anthony P. Patti in the Eastern District of Michigan concluded that a pro se plaintiff’s use of an AI assistant to prepare filings was shielded as litigation-preparation work, and warned that treating every upload to AI as a waiver would “nullify” ordinary protections for modern drafting. (law.justia.com) (paulweiss.com) Major professional bodies have issued clear operational rules: the American Bar Association’s Formal Opinion 512 says lawyers must tell clients when they will use generative AI, explain the risks, obtain informed consent that is more than boilerplate, and supervise any AI outputs used in the matter. (lawnext.com) (nycbar.org) State bar guidance and practice-oriented checklists translate that into specific firm actions — anonymize or avoid entering identifying client details into public chatbots, vet and contractually limit vendor use of client inputs (including explicit prohibitions on using inputs to train models), and document who used the tool and whether it was at an attorney’s direction. (calbar.ca.gov) (lexisnexis.com) Legal reasoning behind the split turns on two technical doctrines: attorney-client privilege, which protects private communications made for the purpose of getting legal advice, and the work-product rule, which protects materials prepared in anticipation of litigation — courts differ on whether typing facts or strategy into a third‑party AI counts as a disclosure to an outsider that defeats those protections. (debevoise.com) (paulweiss.com) Practical, source-backed guardrails firms are adopting include: create an AI-use policy that lists approved vendors and forbids client identifiers in public tools; require written client consent that specifies which types of inputs and outputs are allowed; contractually require vendors to commit not to train models on firm data and to delete inputs on request; and log AI use and have a supervising attorney certify any AI-generated drafts before filing. (calbar.ca.gov) (lexisnexis.com) (natlawreview.com) For litigation strategy and privilege accounting, courts and commentators emphasize one concrete recordkeeping step: when an AI tool is used at counsel’s direction, privilege logs should state that the AI work was performed at counsel’s direction and identify the privilege basis, because that invocation can materially affect whether a court treats the interaction as protected. (debevoise.com) (paulweiss.com)