Recent federal court decisions signal that AI-generated documents, chat logs, and meeting transcripts are fair game in litigation — and the law is still being written.
Recent court decisions have addressed whether communications with generative AI platforms remain protected by attorney-client privilege and the work product doctrine. At the same time, courts, litigants, and regulators are confronting a related question: whether AI-generated materials, prompts, chat logs, and transcripts may become discoverable in litigation.
Generative AI tools such as ChatGPT, Claude, Copilot, and Gemini are now routinely used to summarize documents, draft communications, analyze information, and assist with litigation preparation. At the same time, many publicly available AI platforms collect user inputs, retain prompts and outputs, use information to improve their models, or reserve rights to disclose information under specified circumstances.
These features have raised questions regarding whether information shared with AI systems remains confidential and whether traditional legal protections survive when information is transmitted through third-party platforms.
On February 17, 2026, Judge Jed S. Rakoff of the United States District Court for the Southern District of New York held that documents generated through a criminal defendant's interactions with Anthropic's Claude platform were protected by neither attorney-client privilege nor the work product doctrine. United States v. Heppner, No. 25 Cr. 503 (JSR), 2026 WL 436479 (S.D.N.Y. Feb. 17, 2026).
The defendant argued that the documents incorporated information received from counsel, were prepared in anticipation of litigation, and were later shared with counsel. The court rejected those arguments.
With respect to attorney-client privilege, the court concluded that Claude was not an attorney, that the communications were not confidential, and that the defendant was not communicating with the platform for the purpose of obtaining legal advice. The court also relied on Anthropic's privacy policy, which disclosed that user inputs and outputs could be collected, used for training purposes, and disclosed under certain circumstances.
The court separately rejected work product protection because the documents were not prepared by or at the direction of counsel and did not reflect counsel's litigation strategy.
One week earlier, on February 10, 2026, Magistrate Judge Anthony P. Patti of the United States District Court for the Eastern District of Michigan reached a different result. Warner v. Gilbarco, Inc., No. 2:24-cv-12333, 2026 WL 373043 (E.D. Mich. Feb. 10, 2026).
In Warner, defendants sought discovery concerning a pro se plaintiff's use of ChatGPT in connection with employment-discrimination litigation. The court denied the request.
The court concluded that the materials were protected by the work product doctrine and rejected the argument that the use of ChatGPT constituted waiver. In doing so, the court distinguished attorney-client privilege from work product protection and stated that work product waiver generally requires disclosure to an adversary or in a manner likely to place the information in an adversary's hands.
The court further stated that "ChatGPT (and other generative AI programs) are tools, not persons," and concluded that use of the platform did not automatically waive work product protection.
Last week, we wrote about President Trump's June 2 executive order on AI and cybersecurity, which keeps the regulatory touch light at the federal level; these privilege and work-product decisions show the courts moving faster than the agencies, working out AI's place in litigation case by case.
Several recent developments have focused on how AI platforms handle user information rather than on the mere use of AI itself.
Publicly available AI platforms may retain prompts and outputs, use information for model training, and permit disclosure under specified circumstances. These features were relevant to the court's analysis in Heppner and have also appeared in subsequent commentary addressing confidentiality and privilege concerns.
By contrast, recent commentary and court orders have distinguished enterprise or closed AI systems operating under contractual safeguards that prohibit model training on user data, restrict third-party disclosures, and permit deletion of stored information. While courts have not adopted a uniform approach, the distinction between public and closed systems appears repeatedly in recent discussions of privilege and confidentiality.
The recent decisions do not establish a uniform rule regarding privilege or work product protection in the context of generative AI. They do, however, highlight several issues organizations may wish to evaluate when adopting AI tools.
Organizations using generative AI should pay particular attention to:
Reuters recently reported that prompts, chat logs, and AI-generated materials may themselves become relevant evidence in litigation and that publicly available AI platforms may be subject to legal process seeking user information. Any organization incorporating AI into its legal, compliance, or operational functions benefits from a documented AI governance policy — covering tool selection, approval, supervision of output, and confidentiality — and should weigh these considerations when selecting and governing AI tools.
Summer Associate Aliana Rivera assisted with this article.
