Sign In
ChatGPT and attorney client privilege
Listen to this article
Once again, a post from the Maryland Lawyers group on Facebook caught my attention. In the post, an attorney was concerned because a client uploaded documents prepared by the attorney to ChatGPT and then brought the questions asked by ChatGPT to the lawyer. I was encouraged by the many commenters who recognized the issue immediately: The client may have just waived the attorney-client privilege.
By way of background, using confidential client information in an open system generative artificial intelligence platform raises significant confidentiality concerns and is likely a violation of Md. Rule 19-301.6. However, the MARPC do not address client use of generative AI or speak to what happens if a client puts confidential data in an open-source generative AI platform. Unfortunately, there are no Maryland appellate cases to guide us.
While the Maryland courts have not yet weighed in on whether the use of generative AI by clients and/or pro se litigants waives the attorney-client privilege or work product protection, three Federal Courts recently addressed this question. See, United States v. Heppner, No. 25 Cr. 503 (JSR) (S.D.N.Y. Feb. 17, 2026), Warner v. Gilbarco, Inc., Case No. 2:24-cv-12333 (E.D. Mich. Feb. 10, 2026), and Morgan v. V2X, Inc., Civil Action No. 25-cv-01991-SKC-MDB (D. Colo. Mar. 30, 2026).
In each case, the court recognized the confidentiality concerns raised by use of open-source generative AI. The Heppner Court treated the AI platform as a third party, concluding that the use of open-source AI platforms waived the attorney-client privilege. In Warner, the court treated the open-source AI platform as a tool, analyzed the issue of discoverability of the AI under the work product doctrine, and concluded the AI chats were protected work product of mental impressions, drafts and litigation strategy.
The Morgan Court’s approach differed slightly. While the Morgan Court utilized the same work product analysis as the Warner Court, the analysis differed from Warner probably because Morgan was the third case and because the court was addressing a motion to modify a protective order rather than a motion to compel. Indeed, the Morgan dispute centered on whether the pro se plaintiff could upload confidential documents to open-source AI platforms.
In granting the motion to modify the protective order in part, the court agreed that the use of generative AI is protected work product, required the plaintiff to disclose the name of the AI platform used, but then prohibited the plaintiff from uploading, inputting, or submitting confidential information into any mainstream open-source AI platform.
Once again, therefore, we see that the use of confidential data in open-source AI platforms remains problematic. As a result, prudence dictates taking steps to mitigate the concerns.
Steps that might be considered include reminding clients about confidentiality and explaining how courts view open-source AI platforms and modifying protective orders as in Morgan. But none of this prevents clients and pro se plaintiffs from using AI, and we should assume that clients and pro se litigants will use AI more often going forward.
The solution is not to avoid AI, but to understand it and work with it as best we can.
Craig Brodsky is a partner with Goodell, DeVries, Leech & Dann LLP in Baltimore. His legal ethics column appears monthly. He can be reached at [email protected].
