Clearon AI

Clearon AI

Your AI Prompts May Not Be Privileged

Your AI Prompts May Not Be Privileged
Published in Eastern time…
Estimated reading time: 3 minutesTopics: Legal Risk · Litigation / Enforcement · IP / Copyright / Confidentiality · In-House AI Adoption · AI Tools for Legal

Lawyers and business teams are increasingly using AI to think through legal and risk questions.

That does not automatically make the prompt, output, or workflow privileged.

The practical risk is simple: if people put sensitive legal analysis into the wrong AI environment, they may create a discoverable record instead of a protected one.

This is not really a new AI doctrine problem. It is a privilege, confidentiality, and workflow problem showing up in a new tool.

The key practical point

There is a major difference between:

  • a public or lightly controlled AI tool
  • and an enterprise environment with negotiated controls, restricted retention, and clear terms that do not permit your prompts or data to be used to train models for other users

That distinction should be doing a lot of work in legal AI policy.

If the tool is not enterprise-approved, if the data controls are unclear, or if the provider can use prompts to improve models for others, legal teams should assume the risk is much higher.

What not to do

  • Do not paste live dispute facts, investigation details, board communications, draft legal theories, or regulator-response strategy into a casual AI tool.
  • Do not assume a prompt is protected just because it relates to legal advice.
  • Do not let employees use consumer AI tools for sensitive legal work without tool-specific approval.
  • Do not treat “internal” and “privileged” as if they mean the same thing.
  • Do not rely on vague vendor marketing about privacy or security. Check the actual enterprise terms, retention settings, training terms, and admin controls.

What to do instead

  • Use an enterprise AI environment with contractual controls and settings that prevent your prompts and data from being used to train models for other customers or the public service.
  • Limit legal-use cases to approved tools and approved users.
  • Create a short list of off-limits prompt categories, including litigation strategy, privileged investigation facts, deal-sensitive issues, and regulator-response planning.
  • Require lawyer involvement when the purpose of the workflow is legal advice.
  • Know what records the tool keeps, where they are stored, who can export them, and how long they remain available.

Why this matters now

Recent attention to cases like United States v. Heppner has put a spotlight on a basic point many organizations still blur: a communication can feel private and still fail privilege requirements.

In Heppner, Judge Rakoff held that AI-generated materials created through Claude were not protected by attorney-client privilege or the work-product doctrine because the defendant disclosed information to a third-party platform and the materials were not prepared by counsel or at counsel’s direction.

Different cases can come out differently, and courts are not applying a one-line rule that all AI prompts are discoverable or all AI-assisted work loses protection.

But that is not a reason for comfort. It is a reason to stop assuming the facts will break your way.

A useful default rule

If a prompt would be uncomfortable to hand to an opposing lawyer, regulator, or prosecutor later, it should not be casually entered into an unstructured AI workflow.

That rule is not perfect, but it is much better than assuming “we were just using AI to think.”

The takeaway for legal teams

The real issue is not the model by itself. It is whether the workflow, tool, and contract structure are good enough to support sensitive legal use.

Clearon AI’s recommendation is not to ban AI for legal work. It is to make sure legal AI use happens inside the right workflow.

  • approve an enterprise AI environment with terms and settings that protect sensitive prompts and do not allow them to train models for other users
  • block consumer or unapproved tools for privileged, litigation, investigation, and regulator-response work
  • limit sensitive legal prompting to approved users and defined use cases
  • give employees concrete do-and-don’t rules instead of vague policy language
  • treat prompt security, retention, and export controls as part of legal workflow design, not an afterthought

In law, workflow mistakes have a nasty habit of becoming exhibits.