The Intersection of AI and Attorney-Client Privilege—A Cautionary Tale

00:00

24:53

Quick Hits

• A federal judge in New York ruled that documents generated using a publicly available AI tool are not protected by attorney-client privilege or the work product doctrine.
• The court found that the defendant’s use of a consumer-grade AI platform to draft legal documents compromised confidentiality, thus failing to meet the requirements for attorney-client privilege.
• The court’s decision highlights the risks of using consumer AI tools in legal contexts and underscores the importance of secure, attorney-directed AI platforms to maintain privilege protections.

Case Background

Bradley Heppner, the defendant, was indicted on October 28, 2025, on charges of securities fraud, wire fraud, and related offenses, including conspiracy, obstruction, and making false statements. Following a grand jury subpoena and after Heppner became aware he was the target of a federal investigation, he engaged legal counsel.

In the critical period after learning he was under investigation but before his indictment, Heppner independently used a publicly available generative AI platform to draft approximately thirty-one documents. These documents outlined potential defense strategies, legal arguments, and factual analyses related to the investigation. In his prompts to the AI, Heppner discussed the government’s likely case theory, his potential criminal exposure, and anticipated defenses. Critically, he created these materials entirely on his own initiative—without direction from his attorneys—and only later shared them with counsel to inform strategy discussions.

During the execution of a search warrant on Heppner’s property, federal agents seized electronic devices containing both the AI-generated documents and the underlying interaction logs showing Heppner’s prompts to the AI platform. Heppner’s defense team asserted privilege over the materials, describing them in a privilege log as “artificial intelligence-generated analysis conveying facts to counsel for the purpose of obtaining legal advice.” The government moved for a ruling that the documents were not privileged, arguing they lacked the confidentiality essential to privilege and were not prepared in connection with obtaining legal advice from an attorney.

The Court’s Decision

Judge Jed S. Rakoff, presiding over the case, ruled from the bench during a pretrial conference on February 10, 2026, granting the government’s motion in full. He held that neither attorney-client privilege nor the work product doctrine protected the AI-generated documents from disclosure. His subsequent written opinion, issued February 17, 2026, characterized the question as one of first impression at the federal level and provided a detailed roadmap for analyzing privilege claims involving AI-generated materials.

Attorney-Client Privilege Analysis

Attorney-client privilege protects confidential communications between a client and an attorney made for the purpose of obtaining or providing legal advice. The privilege belongs to the client, but its protections depend on maintaining confidentiality. The court found that Heppner’s interactions with the AI platform failed this framework on multiple grounds.

First, Judge Rakoff emphasized that confidentiality—the cornerstone of the privilege—was fatally compromised. By inputting sensitive information into a consumer AI platform operated by a third party, Heppner voluntarily disclosed that information outside the attorney-client relationship. The court examined the AI company’s terms of service and privacy policy, which explicitly permit data collection, retention, and use for model training purposes, and found that these terms negated any reasonable expectation of confidentiality.

Second, the court rejected the defense’s creative argument that the AI platform functioned as a privileged intermediary under the Kovel doctrine. Under United States v. Kovel, 296 F.2d 918 (2d Cir. 1961), privilege may extend to communications with third parties—such as accountants, translators, or experts—when their involvement is necessary for effective legal representation. Judge Rakoff found this doctrine inapplicable for two reasons: the AI was not “necessary” for counsel to understand the client’s communications, and more fundamentally, Heppner engaged the AI entirely on his own initiative rather than at counsel’s direction.

Third, the court rejected the notion that privilege could attach retroactively. Although Heppner eventually shared the AI-generated documents with his attorneys, this subsequent disclosure to counsel could not cure the earlier waiver. The privilege, the court explained, must exist at the time of the communication; it cannot be manufactured after the fact by routing previously disclosed materials through an attorney.

Work Product Doctrine Analysis

The work product doctrine, rooted in Hickman v. Taylor, 329 U.S. 495 (1947), and codified in Federal Rules of Civil Procedure 26(b)(3), shields materials prepared in anticipation of litigation by a party or their representative. The doctrine applies in criminal cases through Federal Rules of Criminal Procedure 16(b)(2). Its core purpose is to create a zone of privacy in which attorneys can develop legal theories and strategies without fear of disclosure to adversaries.

Judge Rakoff held that the documents failed to qualify as protected work product for several reasons. Although Heppner undoubtedly prepared them in anticipation of litigation—he knew he was under investigation—the materials reflected his own thinking rather than the mental impressions or legal strategies of his attorneys. The court emphasized that the doctrine’s animating purpose is to protect attorney work product, and while client-prepared materials can qualify in some circumstances, the protection is strongest when materials are prepared by or at the direction of counsel. Here, Heppner acted entirely independently. Moreover, even if the documents could otherwise qualify, Judge Rakoff found that disclosure to the third-party AI platform effected a waiver by destroying the confidentiality that work product protection presupposes.

Limitations of the Decision

While United States v. Heppner represents an important early judicial statement on attorney-client privilege and work product protections in the context of generative AI tools, it has several notable limitations in scope, precedential value, and applicability.

Fact-Specific Nature of the Ruling

The decision is tightly tied to its particular facts. Heppner used a consumer-grade, public version of the AI tool entirely on his own initiative, without any direction, supervision, or involvement from his attorneys. He created the documents before or outside structured attorney guidance and only later shared them with counsel. Moreover, the tool’s terms of service explicitly disclaimed confidentiality, permitted data use for model training, and allowed disclosure to third parties, including regulators.

In his decision, Judge Rakoff acknowledged that the outcome might well differ under alternative circumstances—for example, if defense counsel had directed or supervised the AI use as part of a deliberate legal strategy, if an enterprise-grade or secure version of the AI tool had been employed (one with contractual confidentiality protections, prohibitions on data training from inputs, or zero-retention policies), or if the AI had functioned more like a necessary third-party aide under the Kovel doctrine, such as a translator or technical expert retained by counsel. The court did not broadly prohibit AI use in legal work; it rejected privilege only under these specific unsupervised, nonconfidential conditions.

Limited Precedential Weight

It is important to recognize that Heppner is a single district court decision from the Southern District of New York. While it carries persuasive weight—particularly given Judge Rakoff’s prominence—it is not binding on other judges within the Southern District of New York, other federal districts, state courts, or appellate courts. No appeal has yet addressed the ruling. As a matter of first impression nationwide, future courts could distinguish, narrow, expand, or reject its reasoning based on different facts or evolving technology.

Not a Blanket Rule Against AI

Critically, the decision does not hold that all communications involving generative AI are inherently unprivileged, that privilege is automatically waived merely by using any AI tool, or that enterprise, confidential, or attorney-supervised AI platforms cannot preserve protections. Many legal commentators stress that the ruling reinforces traditional privilege principles—confidentiality, attorney involvement, and the purpose of obtaining legal advice—rather than creating new anti-AI doctrine. If AI is used under attorney direction with secure tools designed for confidentiality, such as private instances with data isolation, privilege arguments remain viable.

Questions About Cloud-Based Legal Technology

The opinion may also reflect an incomplete view of how contemporary cloud-based legal tools operate. Document management systems, email platforms, and legal research databases all involve third-party servers, yet they do not typically destroy privilege when confidentiality is reasonably maintained through appropriate contractual and technical safeguards. The court’s heavy reliance on the platform provider’s specific privacy policy and disclaimers may not translate perfectly to every AI platform or to future iterations with stronger privacy protections.

As more courts confront AI-related privilege disputes—particularly those involving enterprise tools, attorney-directed workflows, or platforms with evolving privacy policies—these principles will likely be refined or clarified. In essence, Heppner represents a cautionary, fact-specific application of longstanding privilege rules to consumer AI misuse rather than a sweeping prohibition. It highlights real risks but leaves room for privilege-preserving AI practices when confidentiality and attorney involvement are properly maintained. Attorneys and litigants may want to treat it as persuasive authority urging careful tool selection and supervision rather than an absolute bar on AI use in legal contexts.

Practical Implications for Attorneys and Clients

The Heppner decision carries immediate and practical consequences for legal practitioners and their clients.

For individual and corporate clients: The ruling sends an unambiguous message: sensitive legal matters discussed with consumer-facing AI platforms will likely not be protected under the Kovel doctrine. Information shared with publicly available AI platforms may be discoverable, subpoenaed, or seized, and Heppner suggests courts will not extend privilege to shield it. Opposing counsels certainly will seek information in discovery about litigants’ use of consumer-facing AI platforms.

For law firms and in-house legal departments: Attorneys may want to proactively inform clients about the risks of AI use during representation. Engagement letters and litigation hold notices may need to be updated to address AI platforms explicitly. Firms may want to also evaluate their own AI usage: consumer-grade tools used for legal research, drafting, or case analysis may implicate similar concerns. Enterprise AI solutions with contractual confidentiality protections, data isolation, and compliance certifications offer a more defensible path forward.

The Evolving Legal Landscape

Judge Rakoff acknowledged that Heppner represents an early judicial foray into uncharted territory. As AI adoption accelerates—generative AI tools are now used in a majority of U.S. households and an increasing number of businesses—courts will inevitably confront more disputes at the intersection of AI and privilege. Future cases may test whether enterprise AI platforms with robust confidentiality agreements receive different treatment, whether AI tools directed by counsel qualify for Kovel protection, or whether work product doctrine analysis changes when attorneys actively supervise AI-assisted preparation. For now, Heppner establishes a cautious baseline: consumer AI platforms are third parties, and disclosure to them carries the same privilege consequences as disclosure to any other outside party.

Conclusion

United States v. Heppner delivers a clear warning: the convenience of AI does not come without legal risk. For clients, the instinct to use powerful AI tools to understand legal exposure is understandable—but acting on that instinct without attorney guidance may create discoverable evidence and waive protections that would otherwise apply. For attorneys, the decision underscores the importance of early and explicit conversations with clients about technology use, as well as careful evaluation of the AI tools employed within the practice itself. As generative AI becomes ubiquitous, maintaining privilege will require not only legal sophistication but technological vigilance.

Ogletree Deakins’ Cybersecurity and Privacy Practice Group and Technology Practice Group will continue to monitor developments and will post updates on the Cybersecurity and Privacy and Technology blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts