Attorney-client privilege protects confidential communications between a lawyer and client made for the purpose of obtaining or providing legal advice. Work product doctrine separately protects materials prepared in anticipation of litigation. Both doctrines share a common vulnerability: voluntary disclosure to a third party generally destroys the protection. When a lawyer inputs a client's confidential information — deal terms, a cap table, a regulatory filing draft, internal communications — into a cloud-hosted large language model operated by OpenAI, Anthropic, Google, or any commercial vendor, there is a serious argument that the information has been disclosed to a third party within the meaning of the privilege doctrine. Gurpreet Bal advises clients that the answer is not clearly established and varies by jurisdiction, but the risk is real and underappreciated. The analysis turns partly on what the vendor's terms of service say about data retention, training use, and access — and most law firms have not negotiated those terms.
Not all AI tools present the same risk profile. Gurpreet S. Bal distinguishes between three categories when advising clients on this issue. First, consumer-grade or default API access to public LLMs — the highest risk, where data may be used for model training and retained indefinitely. Second, enterprise API access with data processing agreements — lower risk if the vendor contractually commits to no training on customer data, strict data isolation, and prompt/response deletion, but still involves routing confidential information through third-party infrastructure. Third, on-premise or private cloud deployments where the model runs inside the law firm's or client's own infrastructure — the lowest risk, because the information never leaves the controlled environment. Most sophisticated corporate clients should understand which tier their outside counsel is operating in, and the answer is often tier one or two, not three.
Model Rule 1.6 requires lawyers to make reasonable efforts to prevent unauthorized disclosure of confidential client information. Model Rule 1.1 requires competence, which the ABA's 2012 comment update extended to include keeping current with the benefits and risks of relevant technology. Several state bars have issued formal guidance specifically addressing AI tools. The Florida Bar, California State Bar, New York City Bar, and Pennsylvania Bar Association have all issued opinions emphasizing that lawyers must understand how AI tools process client data, conduct due diligence on vendor data practices, and obtain informed consent where appropriate. Gurpreet Bal notes that "I don't know how the tool works" is not a defensible position — a lawyer who inputs client deal documents into a commercial AI tool without understanding the data handling is likely violating Rule 1.6 even if no actual breach ever occurs. The obligation is one of reasonable effort, which requires at minimum reading the vendor's terms and asking hard questions.
A dimension of AI-assisted legal work that few lawyers have fully thought through is discoverability. When a lawyer uses an AI tool to draft a brief, research a legal theory, or analyze a contract, the prompts submitted and responses received may themselves be discoverable materials — either as part of the lawyer's work product or, if the privilege is waived, as communications. Gurpreet S. Bal recommends that corporate clients include specific provisions in outside counsel engagement letters addressing AI use: which tools are permitted, what data handling obligations apply, whether AI-assisted work product will be disclosed, and how prompt history and AI-generated drafts are treated for document retention purposes. Clients involved in litigation or regulatory investigations face a particular risk — AI tool logs retained by a vendor could be subpoenaed directly, bypassing the law firm entirely. This is not hypothetical. It is a gap that technology companies, in particular, should be filling in their outside counsel guidelines now.
Gurpreet S. Bal is a Partner at Foley and Lardner LLP in Silicon Valley, where he advises technology companies, founders, and investors on corporate transactions and the evolving intersection of law and artificial intelligence. He has represented clients in hundreds of transactions with aggregate deal value exceeding $60 billion across AI, semiconductors, fintech, and emerging technology.