On February 10, 2026, Judge Jed Rakoff of the U.S. District Court for the Southern District of New York issued a ruling that should keep every attorney in America awake at night. In United States v. Heppner, the court held that documents generated through a consumer AI platform are not protected by attorney-client privilege.
The implications are staggering. If you or anyone at your firm is using ChatGPT, Claude, Gemini, or Copilot for anything involving client matters, you may be waiving privilege every time you hit "send."
This isn't theoretical risk. This is case law.
What Happened in US v. Heppner
Bradley Heppner was arrested on federal fraud charges. When agents seized his electronic devices, they found approximately thirty-one documents generated using Anthropic's AI tool, Claude. Heppner's defense argued these documents were protected by attorney-client privilege and the work product doctrine.
Judge Rakoff disagreed — decisively.
The court's reasoning centered on two critical points:
1. Claude Is Not an Attorney
"Because Claude is not an attorney, that alone disposes of Heppner's claim of privilege." The court rejected the argument that using an AI tool for legal analysis creates a privileged relationship. An AI chatbot, regardless of how sophisticated, is not a lawyer. Communications with it do not carry privilege.
2. The Terms of Service Destroy Confidentiality
This is where it gets devastating for every firm using consumer AI tools. The court examined Anthropic's terms of service and privacy policy, which:
- Reserve the right to log prompts and outputs
- Permit use of data for model training
- Allow disclosure of information to regulators and third parties
Judge Rakoff wrote that "submitting information to a system with express provisions undermining confidentiality was inconsistent with maintaining a reasonable expectation of privacy."
In plain English: if the AI tool's terms of service say they can read, store, and share your data, you cannot claim that data is confidential. And if it's not confidential, it's not privileged.
Key quote from the ruling: "Had counsel directed Heppner to use Claude, Claude might arguably be said to have functioned in a manner akin to a highly trained professional who may act as a lawyer's agent within the protection of the attorney-client privilege." But absent that direction, the privilege did not apply.
Why This Matters for Every Law Firm
Heppner involved a defendant using AI directly, not a lawyer. But the court's reasoning about terms of service applies equally to attorneys. Consider what happens when a lawyer:
- Pastes client facts into ChatGPT to draft a motion
- Uses Claude to analyze discovery documents
- Runs a client's financial data through Gemini for bankruptcy analysis
- Asks Copilot to summarize a witness statement
Every one of these actions transmits potentially privileged information to a third-party platform whose terms of service permit data logging, training, and disclosure.
Under Heppner's logic, that transmission may constitute a waiver of privilege.
The Scale of the Problem
According to the 8am 2026 Legal Industry Report, 69% of legal professionals now use general-purpose AI tools for work — more than double last year's 31%. Yet 43% of firms have no formal AI policy and no plans to create one.
That means roughly two-thirds of lawyers are using tools that may waive privilege, with zero governance framework in place.
Is Your Firm Exposed?
Get the free AI Privilege Risk Checklist — 7 diagnostic questions, a risk classification framework, and template policy language you can use today.
Get the Free ChecklistNo spam. Takes 2 minutes. Based on the Heppner ruling analysis.
It's Not Just About Privilege
Heppner lands on top of an already alarming landscape:
The Hallucination Crisis
A Stanford HAI study found that even purpose-built legal AI tools hallucinate at shocking rates:
- Lexis+ AI: 17% hallucination rate
- Westlaw AI-Assisted Research: 34% hallucination rate
These aren't generic chatbots. These are tools marketed as "hallucination-free" legal research platforms. When the premium products fail one-sixth to one-third of the time, what happens with free consumer tools?
Sanctions Are Escalating
U.S. courts have now issued more than 500 decisions cautioning lawyers against over-reliance on AI-generated content. In late 2025 and early 2026 alone, courts levied over $100,000 in combined sanctions for AI-related filing errors.
Bankruptcy courts are specifically stepping up — the ABI documented the bankruptcy court system's first AI hallucination case as a standard-setting moment for the entire practice area.
Malpractice Insurance Gaps
Most legal professional liability policies lack explicit AI protections. Some insurers are implementing sublimits — $500,000 coverage despite a $10 million policy — for AI-related claims. Firms without documented AI verification procedures may face higher premiums or coverage limitations.
What Your Firm Should Do Right Now
Step 1: Audit Your Current AI Usage
Before you can fix the problem, you need to see it. Ask every attorney and paralegal at your firm:
- What AI tools are you using for work? (Include personal accounts)
- Are you inputting client information into these tools?
- Have you read the terms of service for each tool?
- Is there an enterprise agreement in place, or are you using a personal/free account?
The answers will likely be uncomfortable. That discomfort is the beginning of a solution.
Step 2: Classify Your Tools by Privilege Risk
Not all AI tools carry the same risk. The Heppner analysis turns on the terms of service:
| Risk Level | Tool Type | Examples |
|---|---|---|
| HIGH RISK | Consumer AI (free or personal accounts) | ChatGPT free/Plus, Claude free, Gemini, Copilot |
| MEDIUM RISK | Enterprise AI with shared infrastructure | Harvey AI, ChatGPT Enterprise, Claude for Business |
| LOWER RISK | Private, firm-isolated AI (no data sharing) | Self-hosted models, private RAG systems, on-premise deployments |
The key question for each tool: Does the vendor's terms of service permit them to log, train on, or share your data with third parties? If yes, Heppner suggests that information submitted to that tool may not be privileged.
Step 3: Implement an AI Acceptable Use Policy
If you're in the 43% without a policy, the time to act was yesterday. At minimum, your policy should address:
- Approved tools list — Which AI tools are sanctioned for use with client data?
- Prohibited inputs — What types of information must never be entered into AI tools?
- Verification requirements — How must AI outputs be checked before use?
- Disclosure obligations — When and how must AI use be disclosed?
- Training requirements — What training must attorneys complete before using AI?
The North Carolina Bar Association published an excellent framework for AI policy development. Florida now mandates informed consent before sharing confidential information with third-party AI. New York requires 2 CLE credits in AI competency annually.
Step 4: Consider the Private RAG Alternative
Here's the architectural solution that Heppner practically demands: Retrieval-Augmented Generation (RAG) deployed on firm-isolated infrastructure.
A private RAG system:
- Runs on your firm's own database — no third-party ToS applies
- Never trains on your data — your documents feed the system, not the model
- Cannot share data across firms — complete tenant isolation
- Provides full audit trails — every query, every retrieval, every citation documented
- Validates citations architecturally — the system can only cite documents that actually exist in your corpus
When the underlying architecture makes it impossible for your data to reach a third party, the Heppner analysis simply doesn't apply. There's no ToS permitting data sharing because there's no third party.
See what privilege-safe legal AI looks like
We built a private RAG system for law firms that eliminates the Heppner risk entirely. Zero hallucination by architecture. Your data never leaves your database.
The Bigger Opportunity: Institutional Intelligence
Here's what most firms miss when they think about AI: the real value isn't in searching public law. Westlaw and Lexis already do that (hallucinations notwithstanding). The real value is in searching your own firm's knowledge.
Over 90% of civil cases settle. Fewer than 5% produce published opinions. The overwhelming majority of legal work product — your briefs, your motions, your discovery strategies, your settlement analyses — exists only in your firm's files. No public database captures it. No enterprise AI tool has access to it.
When a senior partner retires, decades of institutional knowledge walk out the door. The firm starts from scratch on strategies that were already perfected.
A private RAG system trained on your firm's own work product answers a fundamentally different question than Westlaw:
- Westlaw: "What does the law say?"
- Your private RAG: "How did we argue this? What worked for us?"
That's the difference between generic legal research and institutional intelligence. Between using the same tools as every other firm and compounding your own competitive advantage.
As Legal IT Insider noted: "In 2026, context wins. Legal AI will decisively shift from 'knowing more' to 'knowing the situation.'"
The Cost Reality: Enterprise AI Pricing Excludes Most Firms
Even if enterprise AI tools addressed the privilege concern (they partially do, through enterprise agreements), the pricing locks out most of the market:
| Tool | Price | Minimum | Contract |
|---|---|---|---|
| Harvey AI | $100–500/user/month | 25–50 seats | 12+ months |
| Westlaw AI | $200–1,200/month | Full Westlaw subscription | Annual |
| Lexis+ AI | $200–400/user/month | Lexis subscription | Annual (often multi-year) |
| CoCounsel | $225+/user/month | Westlaw Edge required | Annual |
70% of lawyers practice solo or in firms with fewer than 20 attorneys. For a solo attorney billing $150–$250 per hour, $1,000/month in AI tools represents 4–7 billable hours just to break even. And Harvey's 25-seat minimum means a 10-attorney bankruptcy firm literally cannot purchase the product.
The market needs a different approach: affordable, private, practice-area-specific AI that doesn't require enterprise contracts or compromise privilege.
What the ABA Says About AI and Ethics
ABA Formal Opinion 512 (July 2024) permits attorneys to use AI if they:
- Understand how the tool works — including its limitations
- Review and verify all output — AI is a starting point, not a final product
- Protect confidentiality — understand data retention and sharing policies
- Comply with applicable law — including disclosure requirements
After Heppner, point three takes on new urgency. "Protect confidentiality" now means affirmatively verifying that your AI tool's terms of service do not permit data logging, training, or third-party disclosure. If they do, using that tool with client information may violate your duty of confidentiality under Model Rule 1.6 — and may waive privilege entirely.
What Comes Next
Heppner is the first ruling of its kind, but it won't be the last. Expect:
- Opposing counsel to challenge AI-generated work product on privilege grounds, citing Heppner
- State bar associations to issue emergency guidance on AI and confidentiality
- Malpractice insurers to add AI questionnaires to renewal applications
- Clients to demand AI disclosure policies before engaging firms
- Courts to require AI usage attestations in filings (several already do)
The firms that get ahead of this — with clear policies, compliant tools, and documented governance — will have a competitive advantage. The firms that don't will face privilege challenges, sanctions, and the uncomfortable conversation with a client whose confidence was just disclosed to a third-party AI provider.
The Bottom Line
Heppner changed the calculus on legal AI overnight. Before February 10, 2026, using consumer AI for legal work was risky but theoretical. Now it's case law from one of the most respected federal courts in the country.
The question is no longer "should we use AI?" It's "are we using AI in a way that protects our clients?"
The answer starts with three things:
- An honest audit of what your firm is actually doing with AI today
- A formal policy that distinguishes between tools that protect privilege and tools that don't
- Infrastructure that makes privilege protection architectural, not aspirational
The technology exists to do legal AI right — privately, accurately, and without compromising the trust your clients placed in you. The question is whether your firm will adopt it proactively, or wait until a judge forces the issue.
Sources & Further Reading
- Harvard Law Review — United States v. Heppner
- Gibson Dunn — AI Privilege Waivers: SDNY Rules Against Privilege Protection
- DLA Piper — Are AI-Generated Documents Protected from Discovery?
- Stanford HAI — AI on Trial: Legal Models Hallucinate in 1 out of 6 Queries
- LawNext — 8am 2026 Legal Industry Report
- ALPS Insurance — Coverage Issues for Lawyers in the Era of Generative AI
- Bloomberg Law — Bankruptcy Judges Step Up Sanctions on AI Misuse
- North Carolina Bar Association — AI Policy Framework for 2026
Your Clients Trust You With Their Secrets.
Your AI Should Too.
After Heppner, private AI isn't optional — it's the standard of care. See how firms are protecting privilege while gaining institutional intelligence.
Book a Confidential Demo$2,500 pilot setup. Month-to-month. No annual contract. 30-day refund guarantee.
Keep Reading: AI + Law Firms
About the Author: Mike Soto is the founder of The Innovative Native, an AI automation consultancy specializing in systems that survive contact with reality. He builds private AI infrastructure for law firms and professional services firms that need institutional intelligence without compromising client confidentiality. Learn more about privilege-safe legal AI →