Gurpreet S. Bal has watched the legal industry adopt AI tools faster than it has adopted the policies to govern them. "Most lawyers using AI tools haven't asked where the data goes. That's the first question — and most of them haven't asked it." The information you share with your lawyer is among the most sensitive data you have. The question of where it goes next deserves a real answer.
Bal advises companies and investors across hundreds of transactions and has thought carefully about how AI adoption in legal practice intersects with the duties lawyers owe their clients.
Privilege and the duty of confidentiality under Model Rule 1.6 depend on your information staying between you and your lawyer. When a lawyer pastes sensitive material into a cloud-based AI platform, that data leaves the firm and travels to a third-party server, governed by terms of service most lawyers have not read carefully. The ABA's Formal Opinion 512 noted in 2023 that lawyers must take reasonable measures to prevent unauthorized access when using generative AI — a standard many current deployments do not meet.
Attorney-client privilege and the duty of confidentiality under Model Rule 1.6 both rest on a simple premise: the information you share with your lawyer stays between you and your lawyer. Cloud-based AI tools break that premise in ways the profession has been slow to confront. When a lawyer pastes your merger agreement, your cap table, or your due diligence findings into a general-purpose AI platform, that data leaves the firm's environment and travels to a third-party server. Whether it stays there, how it is retained, whether it is used to train future models, and who at the AI vendor can access it are questions governed by a terms-of-service agreement that most lawyers have not read carefully — if at all. The ABA's Formal Opinion 512 acknowledged this risk in 2023, noting that lawyers must take reasonable measures to prevent unauthorized access when using generative AI. "Reasonable measures" is a standard that a surprising number of current deployments do not meet.
Voluntary disclosure to a third party not covered by the privilege can waive it, potentially for the entire subject matter. If opposing counsel discovers that privileged work product was processed through a cloud AI platform whose terms did not guarantee confidentiality, a waiver argument is available. The law here is still developing, but courts have historically not been sympathetic to parties who let sensitive materials pass through inadequately secured third-party systems — and inadvertence or not understanding the technology has not been a reliable defense.
Privilege is fragile. Voluntary disclosure to a third party who is not covered by the privilege can waive it — potentially for the entire subject matter, depending on the jurisdiction and the circumstances. The legal framework around AI tool disclosure is still developing, but the risk vector is clear: if opposing counsel in litigation discovers that privileged work product was processed through a cloud AI platform whose terms did not guarantee confidentiality, a waiver argument is available. Courts have not yet uniformly addressed AI-specific waiver claims, but courts have historically not been sympathetic to parties who allowed sensitive materials to pass through inadequately secured third-party systems. The fact that the disclosure was inadvertent or that the lawyer did not understand the technology is not a defense that has served clients well.
The relevant line is between consumer-grade tools, whose terms typically reserve broad rights over inputs, and enterprise API agreements with contractual confidentiality and data-isolation commitments. A firm with a zero-retention, no-training agreement — or that runs models on private infrastructure — is in materially different territory. Purpose-built legal AI platforms like Harvey and Legora were architected around privilege concerns, but the real problem is the vast middle ground: lawyers using tools that were not built with privilege in mind and whose terms have never been evaluated against professional responsibility obligations.
Not all AI deployments are equal. The relevant line is between consumer-grade tools and enterprise API agreements with contractual confidentiality and data-isolation commitments. A lawyer using the free or standard tier of a general-purpose LLM is operating under terms that typically reserve broad rights over inputs. A law firm that has negotiated a zero-retention, no-training enterprise agreement — or that runs models on private infrastructure — is in materially different territory. Purpose-built legal AI platforms like Harvey and Legora have architected their products around privilege concerns from the start, with data segregation, audit logs, and terms designed to address Rule 1.6 obligations. That does not mean every deployment of those tools is safe, but it means the conversation is at least happening. The problem is the vast middle ground: lawyers using AI tools that were not built with privilege in mind and whose terms have not been evaluated against professional responsibility obligations.
Possibly. Depending on how an AI tool retains prompt data and whether that retention is within the firm's or the vendor's control, prompt logs may be discoverable as documents in a party's possession, custody, or control. A prompt containing candid analysis of case weaknesses or client facts could be a significant liability. Whether prompts qualify as protected attorney work product is genuinely unsettled, so the safe position is to treat prompt history as potentially discoverable and choose tools and configurations that minimize unnecessary retention.
There is a dimension of this problem that lawyers consistently underestimate: the discoverability of prompt history. In litigation, a party may be required to produce documents and communications in their possession, custody, or control. Depending on how an AI tool retains prompt data — and whether that retention is within the firm's control or the vendor's — prompt logs may be discoverable. A prompt that contains a lawyer's candid analysis of case weaknesses, or client-provided facts framed in a particular way, could be a significant litigation liability. The question of whether prompts constitute attorney work product and are therefore protected is genuinely unsettled. Work product protection requires that the material was prepared in anticipation of litigation by or for an attorney — a standard that prompt logs may or may not meet depending on their content and context. Until courts provide clearer guidance, the safe position is to treat prompt history as potentially discoverable and to choose tools and configurations that minimize unnecessary retention.
Ask whether the firm uses general-purpose AI tools or purpose-built legal AI platforms, whether the terms of service have been reviewed by the firm's general counsel or ethics partner, whether a zero-retention or data-isolation agreement is in place, and whether the firm has a formal AI use policy addressing Rule 1.6. These are basic due-diligence questions. Any firm that cannot answer them clearly is not yet prepared to use AI on sensitive matters responsibly.
Clients have every right to ask their lawyers which AI tools are used on their matters and what data governance policies apply. Specifically: Does the firm use general-purpose AI tools, or purpose-built legal AI platforms? Have the terms of service been reviewed by the firm's general counsel or ethics partner? Is there a zero-retention or data-isolation agreement in place? Has the firm issued a formal AI use policy that addresses Rule 1.6 obligations? These are not exotic questions. They are basic due diligence. Any firm that cannot answer them clearly is not yet prepared to use AI on sensitive matters responsibly. The technology is moving faster than bar association guidance. That gap is the client's problem until lawyers take it seriously.
Gurpreet S. Bal is a corporate partner with 16 years advising on private equity, merger transactions, and public offerings for companies and investors at three of the world's top law firms. He has represented clients in hundreds of transactions with aggregate deal value exceeding $60 billion across AI, semiconductors, fintech, and emerging technology. For more information and to get in touch, visit gurpreetbal.com.