Can pasting client information into ChatGPT waive attorney-client privilege?

It creates a real risk. Privilege depends on confidentiality being maintained; voluntarily disclosing privileged communications to a third party can waive it. A consumer AI service whose terms allow retention and human review of inputs is a third party. Whether a court finds waiver will turn on the facts, but no firm wants to litigate that question about its own conduct.

What does the ABA say about lawyers using generative AI?

ABA Formal Opinion 512 (July 2024) holds that lawyers must evaluate confidentiality duties under Model Rule 1.6 before inputting client information into generative AI tools, and that informed client consent may be required where a self-learning tool could expose client data. Competence (Rule 1.1) also requires understanding how the tools handle inputs.

What do legal professionals actually paste into AI tools?

Typical prompts include full contracts for summarisation or clause comparison, settlement agreements for drafting, demand letters containing client and opposing-party PII, discovery excerpts, due-diligence documents, and client emails for tone or strategy suggestions. Each can carry names, financial terms, and privileged analysis.

How can law firms let lawyers use AI without leaking client data?

Sanction enterprise AI tools with no-training terms and DPAs, adopt a clear matter-data policy, and deploy browser-level controls that detect and block client personal data, financial details, and credentials before a paste reaches any AI tool, with an audit log the firm can show clients and insurers. AIovert provides this control: it classifies matter data on-device and blocks it before it reaches the AI tool.

Industry · LegalJune 12, 20268 min read

What Lawyers Paste into ChatGPT: Privilege, Confidentiality, and AI

The legal profession runs on confidential documents, and LLMs are extraordinarily good at reading them. That combination is producing some of the most consequential data leaks in any industry.

AIovert Security Team

GDPR & EU AI Act practitioners

Quick answers

What gets pasted?

Contracts, settlement terms, demand letters, discovery excerpts, client emails: routinely containing client identities, financial terms, and privileged analysis.

What is at stake?

Potential privilege waiver, Model Rule 1.6 confidentiality breaches, GDPR exposure for EU client data, malpractice claims, and client trust.

What is the fix?

Sanctioned AI tools with no-training terms, plus browser-level detection that blocks client data before it leaves, and logs the attempt as evidence of supervision.

Why lawyers are heavy AI users, quietly

Legal work is text work: reading, summarising, comparing, drafting. LLMs do all four startlingly well, and associates under billable-hour pressure noticed early. Surveys throughout 2024–2025 consistently showed legal among the highest-adoption professions for generative AI, and among the least likely to have usage formally sanctioned. The result is classic shadow AI: heavy, valuable, invisible use.

What does that use look like in practice? These are the prompt patterns that appear over and over:

“Summarise this agreement”, followed by an entire executed contract: party names, pricing, indemnities, change-of-control terms.
“Draft a settlement counter-offer based on this”, pasting the existing offer with client and opposing-party identities and amounts.
“Rewrite this email to the client”, including the client's name, the matter, and the advice itself.
“Find the inconsistencies in these two depositions”, pasting discovery material, sometimes under protective order.
“Check this due-diligence list”, including target-company financials and employee data in an M&A context.

The privilege problem

Attorney-client privilege survives only while confidentiality is maintained. Voluntary disclosure to a third party outside the privilege relationship is the classic route to waiver. A consumer-tier AI chatbot (whose terms of service permit input retention, human review, and model training) is a third party with none of the safeguards of, say, a vendor under a confidentiality agreement.

Has a court squarely held that a ChatGPT paste waived privilege? The case law is still developing. But the asymmetry is brutal: the upside of the paste was twenty saved minutes; the downside is arguing novel waiver questions in front of a judge while opposing counsel subpoenas AI usage records. No litigation department wants to be the test case.

The professional-conduct problem

The ABA addressed generative AI directly in Formal Opinion 512 (July 2024). Its core holdings map onto exactly the behaviour above:

Lawyers must evaluate their duty of confidentiality under Model Rule 1.6 before inputting information relating to the representation into a generative AI tool, and where the tool is self-learning, informed client consent may be required.

Competence (Rule 1.1) requires understanding how a tool handles inputs; supervision (Rules 5.1 and 5.3) extends those duties to the conduct of associates and staff. A firm that cannot say which AI tools its people use cannot honestly claim to be supervising that use. And for EU client data, GDPR runs in parallel: an unauthorised disclosure of client personal data is a reportable breach analysis on top of the ethics issue.

Why policy memos haven't worked

Most firms responded with a memo: “do not put client confidential information into AI tools.” The memo fails for the same reason it fails everywhere: it asks a busy professional to weigh an abstract future risk against a concrete present deadline, with no friction at the moment of action. The associate pasting a contract at 11pm is not consulting the memo.

Effective control has to live where the paste happens: the browser.

A workable AI programme for a firm

Sanction real tools. Provide enterprise AI (with no-training terms and DPAs) good enough that lawyers do not need workarounds. Legal-specific assistants with confidentiality commitments count.
Define matter-data rules. Names, identifying facts, financial terms, and privileged analysis stay out of unsanctioned tools, stated in one page, not thirty.
Block at the point of paste. Browser-level detection that recognises client PII, financial data, and credentials and cancels the paste into unsanctioned AI tools, explaining why in the moment. The associate learns; the client data never leaves.
Keep the supervision log. A timestamped record of detections and blocks is what Rules 5.1/5.3 supervision looks like in evidence, and it answers clients (and increasingly, cyber insurers and outside-counsel guidelines) who now ask firms to attest to their AI controls.

The client question is coming either way

Corporate clients have started adding AI-usage clauses to outside-counsel guidelines: disclose which tools touch our matters, or certify that none do. Firms that can answer with an audit log turn a risk conversation into a differentiator. Firms that cannot are one associate's paste away from a very difficult phone call.

Protect privilege at the point of paste

AIovert Guard blocks client names, financial data, and credentials from reaching ChatGPT, Claude, and 21 other AI tools, and explains the confidentiality risk to the lawyer in the moment. The firm gets a supervision-grade audit log; the content itself never leaves the browser. Deploys to every machine in 15 minutes.

Get started Get a demo