The Confidentiality Trap: Why Open AI Systems Are a Liability for Law Firms

One of the most frequent questions I get from managing partners is whether their associates can use ChatGPT to draft client memos. The answer, unless the deployment is a secured enterprise-tier product managed by the firm, is no.^{1, 2}

Open Systems Versus Closed Systems

The distinction every law firm needs to understand sits at the foundation of modern legal AI ethics. Open systems, including the free consumer versions of every major generative AI platform, often ingest user inputs into their training pipelines. The terms of service usually say so plainly.

When an attorney pastes sensitive client facts, trade secrets, or personally identifying information into an open prompt, that information becomes part of the system's training data. It can resurface, in some form, in outputs delivered to other users of the platform. Under ABA Model Rule 1.6, a lawyer cannot reveal information relating to the representation of a client and must take reasonable steps to prevent unauthorized disclosure. Pasting privileged facts into a consumer chatbot is the kind of disclosure the rule was written to prevent.

The market is crowded with AI tools that all look professional in the demo. The lawyer remains responsible for confirming the security of the system before any non-public client information goes into it.

Enterprise Closed Systems

To protect attorney-client privilege, firms need to operate in closed systems, sometimes branded as "enterprise AI." These platforms offer contractual guarantees, including zero-retention policies, that prompts and outputs stay inside a tenant controlled by the firm and never enter the vendor's training data. The closed-system tier is more expensive than consumer AI. It is also the only tier compatible with the lawyer's confidentiality obligations.

Vendor Due Diligence in Practice

The technical vocabulary of vendor due diligence (SOC 2 Type 2, DPA, model isolation, retention windows) is unfamiliar to most attorneys and to most firm administrators. That unfamiliarity is what vendors rely on. A defensible vendor evaluation requires reading the data processing addendum carefully, confirming the SOC 2 report covers the actual product being purchased, and getting the zero-retention guarantee in writing rather than in a sales conversation. None of that work is glamorous. All of it is necessary before client data enters the tool.