Does AI Affect Attorney-Client Privilege?

Why attorneys are asking this question right now

Bar associations in New York, California, and Florida have all issued guidance warning that using AI tools carelessly can breach confidentiality duties under Model Rule 1.6. The concern isn't theoretical. Every time an attorney pastes a client memo into a public AI chat interface, that text is transmitted to and potentially stored or trained on by the vendor's infrastructure.

The attorney-client privilege question sits on top of that confidentiality concern. Privilege protects communications from compelled disclosure in litigation. The third-party doctrine says that voluntarily sharing information with an outside party can destroy that protection. Whether an AI vendor counts as a 'necessary third party' (like a paralegal) or a true outsider is still being litigated and debated in legal ethics circles.

How AI tools actually interact with privilege

Public API wrappers and consumer-grade AI tools are the clearest risk. When an attorney submits privileged content to OpenAI's API without a proper data processing agreement, that content leaves the firm's custody. Courts haven't uniformly ruled on whether this constitutes a waiver, but several ethics opinions treat it as a serious confidentiality violation regardless of the privilege question.

Enterprise agreements with data-processing terms reduce but don't eliminate the risk. OpenAI's enterprise tier and Anthropic's Claude for Enterprise both offer agreements that restrict training on customer data, and vendors with SOC 2 Type II certification have at least audited their data handling practices. That's better than nothing, but the data still traverses vendor infrastructure, which means a subpoena to the vendor is at least theoretically possible.

Private LLM deployments sidestep the problem almost entirely. When the model runs inside the firm's own cloud environment or on-premises hardware, privileged communications never touch a third-party server. The analysis then becomes no different from using an internal document management system: the data stays in the firm's custody, under the firm's security controls.

When the answer changes

Jurisdiction matters. Some state bar ethics opinions are more permissive than others, and the ABA's Model Rules leave significant room for interpretation. A firm practicing in multiple states needs to reconcile the strictest applicable standard, not the most convenient one.

The type of matter also matters. In active litigation, the stakes of a privilege waiver are immediate and concrete. In transactional work or general legal research, the practical exposure is lower, though the confidentiality duty still applies. Firms using AI for research on publicly available case law face far less risk than those summarizing client depositions or drafting privileged strategy memos with AI assistance.