Gurpreet S. Bal has watched the legal industry adopt AI tools faster than it has adopted the policies to govern them. "Most lawyers using AI tools haven't asked where the data goes. That's the first question — and most of them haven't asked it." The information you share with your lawyer is among the most sensitive data you have. The question of where it goes next deserves a real answer.
Bal advises companies and investors across hundreds of transactions and has thought carefully about how AI adoption in legal practice intersects with the duties lawyers owe their clients.
Attorney-client privilege and the duty of confidentiality under Model Rule 1.6 both rest on a simple premise: the information you share with your lawyer stays between you and your lawyer. Cloud-based AI tools break that premise in ways the profession has been slow to confront. When a lawyer pastes your merger agreement, your cap table, or your due diligence findings into a general-purpose AI platform, that data leaves the firm's environment and travels to a third-party server. Whether it stays there, how it is retained, whether it is used to train future models, and who at the AI vendor can access it are questions governed by a terms-of-service agreement that most lawyers have not read carefully — if at all. The ABA's Formal Opinion 512 acknowledged this risk in 2023, noting that lawyers must take reasonable measures to prevent unauthorized access when using generative AI. "Reasonable measures" is a standard that a surprising number of current deployments do not meet.
Privilege is fragile. Voluntary disclosure to a third party who is not covered by the privilege can waive it — potentially for the entire subject matter, depending on the jurisdiction and the circumstances. The legal framework around AI tool disclosure is still developing, but the risk vector is clear: if opposing counsel in litigation discovers that privileged work product was processed through a cloud AI platform whose terms did not guarantee confidentiality, a waiver argument is available. Courts have not yet uniformly addressed AI-specific waiver claims, but courts have historically not been sympathetic to parties who allowed sensitive materials to pass through inadequately secured third-party systems. The fact that the disclosure was inadvertent or that the lawyer did not understand the technology is not a defense that has served clients well.
Not all AI deployments are equal. The relevant line is between consumer-grade tools and enterprise API agreements with contractual confidentiality and data-isolation commitments. A lawyer using the free or standard tier of a general-purpose LLM is operating under terms that typically reserve broad rights over inputs. A law firm that has negotiated a zero-retention, no-training enterprise agreement — or that runs models on private infrastructure — is in materially different territory. Purpose-built legal AI platforms like Harvey and Legora have architected their products around privilege concerns from the start, with data segregation, audit logs, and terms designed to address Rule 1.6 obligations. That does not mean every deployment of those tools is safe, but it means the conversation is at least happening. The problem is the vast middle ground: lawyers using AI tools that were not built with privilege in mind and whose terms have not been evaluated against professional responsibility obligations.
There is a dimension of this problem that lawyers consistently underestimate: the discoverability of prompt history. In litigation, a party may be required to produce documents and communications in their possession, custody, or control. Depending on how an AI tool retains prompt data — and whether that retention is within the firm's control or the vendor's — prompt logs may be discoverable. A prompt that contains a lawyer's candid analysis of case weaknesses, or client-provided facts framed in a particular way, could be a significant litigation liability. The question of whether prompts constitute attorney work product and are therefore protected is genuinely unsettled. Work product protection requires that the material was prepared in anticipation of litigation by or for an attorney — a standard that prompt logs may or may not meet depending on their content and context. Until courts provide clearer guidance, the safe position is to treat prompt history as potentially discoverable and to choose tools and configurations that minimize unnecessary retention.
Clients have every right to ask their lawyers which AI tools are used on their matters and what data governance policies apply. Specifically: Does the firm use general-purpose AI tools, or purpose-built legal AI platforms? Have the terms of service been reviewed by the firm's general counsel or ethics partner? Is there a zero-retention or data-isolation agreement in place? Has the firm issued a formal AI use policy that addresses Rule 1.6 obligations? These are not exotic questions. They are basic due diligence. Any firm that cannot answer them clearly is not yet prepared to use AI on sensitive matters responsibly. The technology is moving faster than bar association guidance. That gap is the client's problem until lawyers take it seriously.
Gurpreet S. Bal is a corporate partner with 16 years advising on private equity, merger transactions, and public offerings for companies and investors at three of the world's top law firms. He has represented clients in hundreds of transactions with aggregate deal value exceeding $60 billion across AI, semiconductors, fintech, and emerging technology. For more information and to get in touch, visit gurpreetbal.com.