AI‑Generated Communications Not Protected by Attorney‑Client Privilege – Legal Update

On February 10, 2026, Judge Jed S. Rakoff of the Southern District of New York ruled that a defendant’s highly sensitive queries to the generative AI platform Claude were not shielded by attorney‑client privilege or the work‑product doctrine. The decision, detailed in NatLaw Review’s analysis of “AI privilege and caveat emptor”, signals a seismic shift for legal professionals, compliance officers, and tech firms that rely on AI for research, drafting, or strategy.

Key Facts from the NatLaw Review Article

• The case, United States v. Heppner, involved a defendant who used Claude to brainstorm legal defenses without counsel present.
• The court held that AI communications fail the three‑prong test for attorney‑client privilege: (1) no attorney‑client relationship, (2) no expectation of confidentiality, and (3) no purpose of obtaining legal advice.
• The work‑product doctrine was also rejected because the AI output was not prepared “by or at the behest of counsel.”
• Judge Rakoff emphasized that generative AI platforms retain user inputs for model training, undermining any claim of confidentiality.
• The ruling applies a modern “caveat emptor” (buyer‑be‑ware) doctrine to AI: users must assume that anything disclosed to an AI can be retrieved and used in litigation.

AI Privilege, Caveat Emptor, and the Law

Traditional privilege doctrines were crafted for human‑to‑human communication. When a client whispers to an attorney in a private office, the law assumes confidentiality. AI shatters that assumption in three critical ways:

1. No Human Attorney, No Privilege

Privilege requires a “trusting human relationship.” An algorithm, no matter how sophisticated, cannot be a fiduciary. The court noted that “a trusting human relationship cannot exist between an AI user and the AI platform.” Consequently, any exchange with Claude, ChatGPT, or similar tools is treated as a conversation with a third‑party service provider.

2. Lack of Confidentiality by Design

Most generative AI services retain prompts and outputs to improve future models. This data‑retention policy means users have no reasonable expectation that their inputs will remain private. The court described this as a “failure to keep the communication confidential,” a fatal flaw for privilege.

3. Purpose of Legal Advice Is Missing

Even if a user asks an AI for “legal strategy,” the AI itself does not provide counsel. The privilege’s third element—communication for the purpose of obtaining legal advice—requires a licensed attorney’s involvement, which AI lacks.

“What you tell AI can and will be used against you.” – NatLaw Review

These three deficiencies collectively invoke the “caveat emptor” principle: users must exercise extreme caution, assuming that AI will not protect their disclosures.

Practical Implications for Legal Teams and Enterprises

For lawyers, compliance officers, and tech companies, the ruling translates into immediate risk‑mitigation actions:

• Adopt AI‑acceptable‑use policies. Define which data categories (e.g., client identifiers, trade secrets) are prohibited from AI prompts.
• Implement closed‑loop AI solutions. Prefer on‑premise or private‑cloud models that do not retain user data for training.
• Train staff on “prompt hygiene.” Provide sample prompts that avoid disclosing confidential facts.
• Document human oversight. Ensure any AI‑generated output used in legal work is reviewed and approved by a licensed attorney.
• Preserve original communications. Keep a record of the prompt and AI response for evidentiary purposes.
• Update discovery protocols. Anticipate that opposing counsel may request AI logs as part of e‑discovery.

Failure to act can result in:

1. Loss of privilege protection, exposing sensitive strategy to adversaries.
2. Trade‑secret leakage and competitive harm.
3. Regulatory penalties for mishandling personal data under AI‑privacy statutes.
4. Reputational damage and client mistrust.

How UBOS Empowers Organizations to Navigate AI Legal Risks

UBOS offers a suite of tools designed to keep AI usage compliant, secure, and auditable.

For startups, the UBOS for startups program offers a sandboxed AI lab where you can prototype without risking privileged data. SMBs can leverage UBOS solutions for SMBs to embed compliance checks directly into everyday workflows.

Additionally, developers can integrate AI assistants into existing communication channels. For example, the ChatGPT and Telegram integration lets teams ask legal questions in a secure, encrypted chat, while the OpenAI ChatGPT integration provides a controlled gateway to OpenAI’s models.

Ready to protect your privileged communications? Explore the UBOS templates for quick start, including a “Legal AI Use Policy” template that aligns with the latest court rulings.

UBOS Template Marketplace Highlights for Legal Teams

• AI Article Copywriter – Generate internal policy documents with built‑in confidentiality flags.
• AI Legal Risk Assessment – Automated checklist for AI‑related compliance.
• AI Email Marketing – Securely craft client communications without exposing PII.
• AI SEO Analyzer – Optimize legal service pages while keeping client data off public servers.