Attorney-Client Privilege and AI: What Every Plaintiff Firm Must Know
Attorney-client privilege protects communications between attorneys and clients made for the purpose of obtaining or providing legal advice. When law firms use AI tools to process case materials, they must ensure that the technology does not inadvertently waive or compromise this privilege — particularly when case content is sent to third-party cloud services for AI processing.
Key Takeaways
- +ABA Model Rule 1.6 and Formal Opinion 477R require attorneys to make 'reasonable efforts' to protect client information when using technology — including AI tools.
- +Sending privileged case materials to cloud AI services creates a disclosure vector that firms must evaluate against their ethical obligations.
- +The safest architecture for privileged content processes everything on infrastructure the firm controls, with no case content passing through shared cloud services.
- +Privilege protection is not a feature — it is an architectural constraint that must be designed into the AI system from the ground up.
What the ABA actually says about AI and privilege
ABA Model Rule 1.6(c) requires attorneys to 'make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.' ABA Formal Opinion 477R applies this rule specifically to technology: attorneys must understand the technology they use and take reasonable precautions to protect client information.
In 2024, the ABA issued Formal Opinion 512, addressing generative AI specifically. The opinion does not prohibit AI use but requires attorneys to understand how the tool processes data, whether client information is used for model training, and what confidentiality protections are in place. The duty of competence under Rule 1.1 now extends to understanding the technology used in practice.
Where cloud AI creates privilege risk
When an attorney uploads medical records, case notes, or demand letter drafts to a cloud AI service, that content traverses and may be stored on infrastructure operated by a third party. Even with data processing agreements and encryption in transit, the attorney has expanded the circle of systems that have access to privileged information.
Three specific risk vectors emerge. First, data retention: does the AI provider retain input data for model training or improvement? Many consumer-grade AI tools do, even when enterprise terms state otherwise. Second, subprocessor chains: cloud AI providers often use third-party infrastructure (compute providers, monitoring services) that may have access to data in transit. Third, breach exposure: if the AI provider suffers a data breach, client materials are among the compromised data.
Privilege-safe AI architecture
The simplest way to protect privilege is to never send privileged content outside a controlled trust boundary. This means running AI inference on infrastructure the firm controls — either physical hardware in the firm's facility or dedicated vendor-managed hardware where the firm's data is the sole tenant.
The system architecture should enforce this boundary automatically. Case content should flow between the AI inference engine and the case data store without ever passing through cloud infrastructure. The control plane — authentication, billing, user management — can operate in the cloud because it never touches case content.
For firms evaluating AI tools, the decisive question is: 'Where does my client's medical record go when I upload it?' If the answer involves any infrastructure the firm does not control, privilege analysis is required.
Practical steps for plaintiff firms adopting AI
First, document your AI usage policy. The ABA expects attorneys to make informed decisions about technology — having a written policy demonstrates the 'reasonable efforts' required by Rule 1.6.
Second, categorize your AI tools by data sensitivity. Tools handling privileged content (case analysis, demand drafting, medical record review) need the highest protection level. Tools handling non-privileged work (marketing, general research, scheduling) can use standard cloud services.
Third, review vendor data processing agreements line by line. Confirm: no training on client data, no data retention beyond processing, no subprocessor access to content, and clear breach notification obligations.
Fourth, consider local or managed infrastructure for your highest-sensitivity workflows. The operational cost of privilege-safe infrastructure is substantially lower than the cost of a privilege waiver — or a malpractice claim based on inadequate data protection.
Frequently asked questions
Does using AI waive attorney-client privilege?
Using AI does not automatically waive privilege, but it can create waiver risk if client information is disclosed to third parties without adequate protections. The key factors are where the AI processes data, whether the provider retains input data, and what confidentiality agreements are in place. Local AI that processes data on firm-controlled infrastructure preserves privilege most effectively.
What does ABA Formal Opinion 512 say about AI?
ABA Formal Opinion 512 addresses generative AI and requires attorneys to understand how AI tools process client data, ensure confidentiality protections are adequate, review AI outputs for accuracy, and disclose AI use to clients when appropriate. It does not prohibit AI use but extends the duty of competence to include understanding the technology.
Can plaintiff firms use ChatGPT for case work?
Using consumer AI tools like ChatGPT for privileged case materials creates significant privilege risk because content is processed on shared cloud infrastructure and may be retained for model training. For non-privileged tasks like general legal research or marketing, consumer AI tools carry lower risk. For privileged case content, firms should use AI tools that process data on controlled infrastructure.
Sources
- ABA — Model Rules of Professional Conduct, Rule 1.6: Confidentiality of Information
- ABA Formal Opinion 477R — Securing Communication of Protected Client Information
- ABA Formal Opinion 512 — Generative AI Tools (2024)
- NYSBA — Report and Recommendations on the Ethical Implications of Large Language Models (2024)
See how Pleadly automates case preparation.
Demand letters, medical chronologies, and litigation intelligence — delivered to your inbox automatically.
Related Articles
AI Hallucination in Legal Documents: How Evidence Traceability Prevents Fabricated Citations
Why AI hallucination is uniquely dangerous in legal work, how evidence-anchored generation prevents fabricated facts, and what attorneys should verify in every AI-generated document.
Building a Legal AI Governance Framework for Your Firm
A practical framework for law firm AI governance — covering data classification, vendor evaluation, usage policies, and audit trails that satisfy ethical obligations.
AI Infrastructure for Plaintiff Law Firms: What You Actually Need in 2026
A technical breakdown of the AI infrastructure stack plaintiff firms need — local inference, evidence traceability, and privilege-safe pipelines that replace cloud-dependent tools.