Every day, millions of people type questions into ChatGPT, Claude, Copilot, and similar AI assistants—often without considering where those prompts go or who might see them. The convenience is undeniable, but prompts entered into AI platforms may be discoverable in litigation, accessible to law enforcement, or could even waive the attorney-client privilege. It is therefore essential that employees think before they prompt and that organizations take steps to mitigate the increasing confidentiality and discovery risks. AI notetakers also present similar challenges for organizations ranging from confidentiality concerns to the creation of a discovery minefield. As a result, organizations should act now to ensure that they have effective AI governance policies to address the evolving landscape.
Your Prompts Are Likely Not Private and AI Chats Could Become Trial Exhibits
Courts are rapidly developing the law governing AI and privilege—and four legal decisions over the last three months signal that caution is required when using any publicly available consumer AI chatbot. As we previously reported, on February 17, 2026, in United States v. Heppner, No. 25-cr-00503-JSR (S.D.N.Y Feb. 17, 2026), a court in the Southern District of New York ruled that 31 documents created by a criminal defendant using a public AI chatbot (Claude) were not protected by attorney-client privilege or the work product doctrine. The court found that information shared with the AI platform (1) was not communicated to an attorney, (2) was not confidential because it was shared with a third-party AI platform and could be disclosed to “a host of third parties” under Claude’s user policies, and (3) was not communicated for the purpose of obtaining legal advice.
One week before the Heppner decision was issued, a federal magistrate judge in Michigan addressed the same issue in a civil case. In Warner v. Gilbarco, No. 2:24-cv-12333 (E.D. Mich. Feb. 10, 2026), the defendants sought to compel a pro se plaintiff to produce all documents concerning her use of ChatGPT in connection with the employment discrimination lawsuit. The court denied the motion, holding that the plaintiff’s AI-assisted work was protected under the work-product doctrine. Critically, the court reasoned that “ChatGPT (and other generative AI programs) are tools, not persons” and that work-product waiver requires disclosure to an adversary or in a manner likely to reach an adversary—not merely using an AI platform as a drafting aid.
The Warner court warned that accepting the defendants’ theory “would nullify work-product protection in nearly every modern drafting environment, a result no court has endorsed.” Nevertheless, the court’s reasoning underscores a key distinction: while work product created using AI may remain protected, privileged communications input into AI tools may lose that protection entirely.
Similarly, in March 2026, a federal magistrate judge in Colorado rejected the Heppner court’s reasoning, finding that a pro se plaintiff in an employment discrimination case could assert work product protection for his AI use. In Morgan v. V2X, Inc., No. 25-cv-01991-SKC-MDB (D. Colo. Mar. 30, 2026), the Court held that the use of “AI systems like ChatGPT, Claude, Gemini, and others … does not eliminate all expectations of privacy or automatically waive protections.” Further, the court noted that “even though AI use technically ‘discloses’ information to a third party, it is highly unlikely the information will fall into the hands of an adversary absent some legal process to compel it.”
Pro Se Versus Corporate Litigants: A Critical Distinction
Although Warner and Morgan reached a different conclusion than Heppner, both courts relied on the fact that pro se litigants serve simultaneously as a party and legal advocate, entitling them to use AI systems as a tool to assist in their litigation preparation. However, the dangers of using publicly available AI tools have far greater impact on corporate litigants. Indeed, a CEO’s ChatGPT conversations formed the basis of a devastating post-trial decision announced in March 2026 by the Delaware Court of Chancery (Fortis Advisors, LLC v. Krafton, Inc., No. 2025-0805-LWW), which clearly demonstrated the dangers of using a publicly available AI chatbot in determining corporate strategy.
After a South Korean gaming conglomerate acquired a gaming franchise (the “Target”), the Fortis court concluded that the buyer’s CEO consulted ChatGPT “to contrive a corporate takeover strategy” and executed the chatbot’s detailed plan to eliminate a $250 million earnout obligation. The AI chat logs provided damning evidence at trial of the buyer CEO’s bad faith, pretextual intent in terminating key employees of the Target company and usurping their operational control. In reliance upon the AI chat logs, the court rejected the buyer’s legal arguments, issuing a sweeping remedial order reinstating the Target’s CEO to his previous position with full operational control and extending the earnout measurement period with damages reserved for the second phase of the litigation.
Law Enforcement Access to AI Platforms
Law enforcement is also taking notice. In what appears to be the first known federal search warrant for ChatGPT user data the Department of Homeland Security obtained a court order in 2025 requiring OpenAI to disclose information about a user based on specific prompts. The search warrant affidavit was unsealed in the District of Maine after charges were brought in United States v. Hoehner, No. 2:25-cr-00148. That case demonstrates that AI platforms can and will be compelled to produce user data—including user prompts and chat logs. This is no different than Google search histories, which have been used as evidence at trials for years.
It is clear from recent announcements and initiatives that the U.S. Department of Justice is deploying AI tools and advanced data analytics to identify, investigate, and prosecute crimes. It should therefore come as no surprise that it will seek records from publicly available chatbots in connection with criminal investigations. State Attorneys General will also likely seek user activity data and chat logs from AI platforms. For example, the Florida Attorney General has launched a criminal investigation of OpenAI accusing its AI chatbot, ChatGPT, of acting as an accomplice to murder in connection with the Florida State University shooting, which resulted in the death of two individuals and injuries to six people. ChatGPT is accused of providing tactical instructions and advice on the use of weapons as well as the timing and location of the shooting.
Corporate Policy Considerations
Forward-thinking organizations are updating their AI usage policies to address these risks—and with good reason. When an employee enters a prompt into an AI tool that discloses privileged legal advice or uploads attorney-drafted materials, that disclosure to a third party may constitute waiver of the underlying privilege. Corporate policies should therefore clearly prohibit employees from entering prompts into AI tools concerning attorney communications, seeking AI’s “opinion” on legal advice they have received, or asking AI to “simplify” guidance from legal counsel.
The reasoning is straightforward: Publicly available, commercial AI platforms are third parties. Consumer-grade tools typically retain user queries and outputs, use that data for model training, and may disclose user information to third parties, including government authorities. These features are likely to defeat any reasonable expectation of confidentiality—a foundational element of privilege.
AI Note-Takers Present Hidden Risks
The same risks apply when you speak. AI-powered transcription tools like Otter.ai, Fireflies, and Microsoft Copilot now convert business calls into searchable text—creating a permanent record of every word. These transcripts are discoverable, potentially exposing candid discussions about business strategy, settlement positions, personnel issues, or privileged attorney-client communications that participants assumed would remain confidential. Business partners, vendors, customers, and other third parties might also be using these tools during meetings with your organization, creating records that could be used against your organization in any commercial disputes or regulatory investigations.
Additionally, with many AI transcription tools, every virtual meeting attendee automatically receives a copy of the transcript raising serious confidentiality and data security issues. Further, AI tools also record and transcribe everything said during a meeting, including pre-meeting chatter or post-meeting office gossip that would typically not be recorded in anyone’s notes of an office meeting. Such transcripts could form the basis of an employment discrimination claim or create other legal exposure. The AI-generated transcripts or summaries of a meeting may also be inaccurate or attribute statements to the wrong attendee. Thus, it is imperative that such transcripts or summaries be reviewed for accuracy before an organization is forced to produce them in civil litigation or in response to a criminal grand jury subpoena.
Beyond discoverability, businesses operating in or calling parties located in all-party-consent (sometimes called “two-party consent”) states face potential criminal liability. In jurisdictions, including Massachusetts, California, Connecticut, Delaware, Florida, New Hampshire, Pennsylvania, and Illinois, recording a call without the knowledge and consent of all participants may violate state wiretapping laws.
For these reasons, organizations should develop and implement company policies on the appropriate use of AI notetakers and transcript tools to mitigate these potential risks.
Protect Your Privilege and Your Communications from Disclosure
Organizations and individuals can take concrete steps to protect communications and privileged discussions in an AI-driven environment. Consider implementing the following best practices:
Assume consumer AI tools offer no privilege protection. Treat documents generated through publicly available AI platforms as potentially discoverable. Implement policies that prohibit inputting sensitive or privileged information into any public-facing, commercially available AI platform.
Only use enterprise AI platforms with robust safeguards. Look for platforms with strict privacy policies prohibiting third-party disclosure, data segregation mechanisms, opt-out provisions for model training, and limited data retention periods.
Document attorney direction. When AI tools are used in litigation preparation, ensure that usage occurs at counsel’s specific direction and is properly documented. Prompts should explicitly reflect that the work is being performed at counsel’s direction.
Train employees on AI risks. It is essential that organizations have an AI acceptable use policy and educate employees about the confidentiality and privilege risks associated with AI tools.
Establish clear recording policies. Require disclosure and consent before using AI transcription tools, especially when communicating with parties in all-party-consent jurisdictions. Consider prohibiting the use of such tools when sensitive information is likely to be discussed.
Conduct periodic AI usage audits. Regularly review which AI tools employees are using, what data is being input, and whether those tools comply with organizational policies and applicable legal requirements.
Conclusion
Artificial intelligence offers powerful capabilities, but its use requires careful consideration of privilege and confidentiality implications. Recent rulings signal that courts will continue scrutinizing AI interactions with the same rigor applied to any other third-party disclosure. The law in this area is evolving rapidly, and what may be protected today could be discoverable tomorrow. Organizations and individuals who understand these risks and implement appropriate safeguards can harness AI’s benefits while protecting their most sensitive communications.
This information is provided for educational purposes only. It should not be construed or relied on as legal advice.
