When you talk to your lawyer, the law protects that conversation. It is called attorney-client privilege, and it exists so you can speak freely, share the full picture, and get honest advice without worrying that your words will be used against you later.
But that protection comes with a condition: you have to keep the conversation confidential. Share it with someone who has no obligation to protect it, and the privilege disappears.
That is the problem with free AI chatbots, notetakers, and similar tools. When you type something into a consumer AI chatbot or let an AI notetaker record and transcribe a call with your lawyer, you are not thinking in private. You are sending information to a company, one whose privacy policy almost certainly says it can store your inputs, use them to improve its technology, and in some cases share them with third parties, including the government.
A Court Puts Privilege to the Test
A fraud defendant learned the hard way that a free chatbot is not a confidential workspace.
A federal court recently confirmed what that means in practice.
In United States v. Heppner, a defendant facing fraud charges used a free AI chatbot to work through his legal strategy. He typed in details from confidential conversations with his lawyer, hoping the tool would help him organize his thoughts before their next meeting. Prosecutors obtained those AI-generated documents and asked the court to rule they were not protected.
The court agreed. The judge found that typing privileged information into a free AI tool was no different from handing it to a third party. Privilege was waived. The court also rejected a second protection called the work product doctrine, which shields materials prepared at a lawyer’s direction for litigation, because the defendant created the documents on his own without his lawyer’s involvement.
The judge made an important distinction, though. This was a free, consumer-grade tool with a privacy policy that allowed broad data reuse. The outcome might have been different with an enterprise AI platform that includes data-training restrictions, encryption, access controls, and strong contractual privacy commitments.
The Bottom Line
The ruling did not break new legal ground. It applied established principles to a new technology. And the core lesson is one every business should internalize: if the tool you are using does not have a duty to keep your information confidential, neither the law nor the courts will do it for you.
What This Means for You
AI is a legitimate and valuable business tool. No one is saying stop using it. But there is a real difference between using AI wisely and using it carelessly, and that difference can determine whether your confidential information stays confidential.
Here is what to keep in mind:
- Free often is not private. Consumer AI tools typically reserve the right to train on your inputs and share data with third parties. If you are working with anything sensitive, that is a problem.
- Think before you type. A good rule of thumb: if you would not read it aloud in a crowded elevator, do not type it into a free chatbot.
- Know your company’s rules. Your organization may already have a policy on which AI tools are approved for work use. If you are unsure, ask before uploading anything confidential.
- Enterprise tools exist for a reason. Business-grade AI platforms offer privacy protections, data-training opt-outs, and security controls that consumer versions do not. The investment is worth it when sensitive information is involved.
- Enterprise does not mean personal. Even when your company provides an approved, enterprise-grade AI tool, remember that it belongs to the company, not to you. Your employer can access, monitor, and review anything you enter into it. Do not treat a company AI tool as a private notebook for personal legal matters.
The courts have now made clear that the rules protecting your confidential legal communications apply the same way whether you share them with a person or a machine. The privilege belongs to you, and so does the responsibility to protect it.
