The U.S. Federal Court for the Southern District of New York ruled in a recent criminal case that information provided to consumer Artificial Intelligence (“AI”) platforms is not protected under attorney-client privilege or the work product doctrine.

In United States v. Heppner, the defendant entered what he described as “sensitive legal strategy” into a public AI platform. The government later recovered these communications as part of a search and introduced them as evidence. The defendant argued that the information was protected under attorney-client privilege. The judge disagreed, citing three key reasons:

1. The AI platform is not a lawyer
2. The platform’s terms permit use and potential disclosure of customer inputs to government authorities
3. The defendant acted on his own, without direction from legal counsel

On the same day, however, a Michigan state court reached a different conclusion in Warner v. Gilbarco, Inc. There, the court held that a pro se litigant’s (i.e., someone acting as their own counsel) AI outputs were protected from disclosure by the work product doctrine. This ruling came despite third-party operators potentially having access to the litigant’s AI inputs and outputs. This court reasoned that generative AI functions as a tool rather than a “person,” but did not address the matter of using the platforms at counsel’s direction as the New York court did.

Taken together, these decisions illustrate the unsettled and evolving nature of privilege in the context of AI.

What Does This Mean for Your Organization?

These cases serve as a reminder that, while AI tools can be highly effective, organizations should carefully consider what information is shared with AI platforms. Implementing a clear Artificial Intelligence Policy is a critical first step to ensure employees understand when and how AI tools may be used for business purposes, along with the associated benefits and risks.

This is not to say that using AI should strictly be prohibited. Rather, organizations that permit the use of AI should establish safeguards to prevent the disclosure of confidential or sensitive information to protect both your organization and its clients. Once an AI Policy is in place, organizations should train employees to ensure that they understand expectations and compliance requirements. In addition, periodic audits of AI usage can help confirm adherence to internal policies and ensure that only approved tools and appropriate use cases are in practice.

As AI technology continues to evolve and become more widely adopted, ongoing oversight will be essential to managing risk effectively.

Key Takeaway

At present, any legal questions or information entered into an AI platform may be discoverable by government authorities or opposing parties. Until the courts and, potentially, legislators, provide clearer guidance, confidential legal matters, including internal investigations and litigation, should remain strictly between you and your attorneys. Before using AI, ask yourself, would it be a problem if my questions, inputs, and AI responses became public? If the answer is yes, it’s best to talk to your lawyer.