The Privilege Is Gone: How Cloud AI Meeting Tools Are Destroying Attorney-Client Confidentiality

In February 2026, a federal judge in the Southern District of New York made legal history. In United States v. Heppner, Judge Jed S. Rakoff ruled that documents a defendant generated using a consumer AI platform were not protected by attorney-client privilege or the work product doctrine. The ruling, described by Perkins Coie as the first federal decision squarely addressing privilege claims for communications with generative AI, sent a shockwave through the legal profession.

The implications extend far beyond criminal defense. Every lawyer using cloud-based AI transcription in client meetings, every in-house counsel allowing AI notetakers into board strategy sessions, and every professional whose confidential conversations flow through third-party cloud servers now faces an uncomfortable reality: your AI tools may be silently destroying the legal protections your clients depend on.

The Heppner Ruling: A Question of First Impression

Bradley Heppner, a former financial services CEO charged with securities fraud, used Anthropic's consumer Claude AI tool to prepare documents analyzing his legal exposure and defense strategy. He then shared those AI-generated documents with his defense counsel. When the FBI seized his devices, his lawyers claimed attorney-client privilege and work product protection over the materials.

Judge Rakoff rejected both claims entirely. As Ogletree Deakins detailed in its analysis, the court applied the standard three-part privilege test and found the AI-generated documents failed on every element:

No attorney-client relationship: Claude is not an attorney. All recognized privileges require a trusting human relationship with a licensed professional bound by fiduciary duties—conditions no AI platform can meet.
No reasonable expectation of confidentiality: The AI platform’s privacy policy disclosed that it collects user inputs and outputs, uses data to train models, and may disclose data to third parties, including government authorities.
No privileged purpose: Because Heppner acted on his own initiative rather than at counsel’s direction, the communications did not serve the purpose of facilitating legal advice from his attorneys.

⚠️ Critical finding: Judge Rakoff held that sharing privileged information with a third-party AI platform constituted a waiver—just as sharing it with any other third party would. Even information Heppner received from his attorneys and then input into Claude lost its privilege protection.

Perhaps most consequentially, the court ruled that sending non-privileged AI outputs to counsel after the fact could not retroactively create privilege. As the Harvard Law Review’s analysis noted, the ruling raises significant questions about the boundaries between clients, attorneys, and AI tools in the modern legal workflow.

Why This Matters for Every Meeting with Counsel

While Heppner involved a defendant independently using a chatbot, the legal principles apply directly to AI meeting transcription. When a cloud-based AI notetaker joins your privileged meeting with counsel, it creates the same fundamental problem: a third party without confidentiality obligations is capturing, processing, and potentially storing your privileged communications.

The American Bar Association has taken notice. An ABA article on the topic warned that cloud AI tools processing meeting audio means a third party gains access to otherwise confidential attorney-client communications, and that introducing such an outsider into a privileged session risks inadvertent privilege waiver. The ABA Journal recently reported that employment attorneys are now advising companies to use humans rather than AI for meeting notes in legal contexts, citing both discovery exposure and privilege risks.

The Third-Party Problem

Attorney-client privilege is destroyed by voluntary disclosure to third parties. This well-established principle applies regardless of whether the third party is a person, a company, or an AI platform operated by a company.

When you use a cloud-based AI transcription tool in a meeting with your attorney, the following chain of events occurs:

Audio from the meeting is captured and transmitted to the vendor’s cloud servers
The vendor’s AI models process the audio, creating transcripts and summaries
The vendor stores the data according to its own retention policies
The vendor’s employees may have access to the data for model improvement
The vendor’s terms of service may grant rights to use the data for training

Each of these steps represents a potential disclosure to a third party. And as Heppner established, a cloud AI vendor’s privacy policy that reserves the right to collect, share, or train on user data eliminates any reasonable expectation of confidentiality.

This concern is amplified by the findings in the Otter.ai litigation. Otter.ai’s privacy policy grants the company broad rights over user content, and the consolidated class action—In re Otter.AI Privacy Litigation—alleges the tool recorded private conversations without consent and used those recordings to train AI models. Imagine those conversations included privileged legal discussions.

Ethical Obligations Are Tightening

Beyond the privilege question, lawyers now face heightened ethical obligations when using AI tools in any context involving client information.

An analysis from the Illinois Attorney Registration and Disciplinary Commission’s publication outlined a three-step framework lawyers should apply when evaluating AI notetakers: classifying the sensitivity of the information involved, identifying whether the tool is internal or third-party, and evaluating the vendor’s data safety practices. The article emphasized that a privileged conversation recorded by a cloud AI vendor could become a permanent, searchable record transmitted, processed, and stored by a third party—potentially accessible for training and analytics under the vendor’s terms of service.

This echoes the guidance from major law firms. Duane Morris warned in a February 2026 analysis that automatic recording and transcription of meetings where sensitive legal strategy is discussed runs the risk of exposing confidential information to third-party vendors. They advised firms to review vendors’ terms of service and data retention policies to specifically ensure client data is not stored on external servers or used for training AI models. For more on how AI transcription tools create broader compliance risks, see our article on organizations banning cloud AI notetakers.

The In-House and Boardroom Risk

The privilege risk is not limited to outside counsel. Goodwin Law’s April 2026 analysis made clear that in-house legal teams, companies involved in investigations, and executives in board strategy discussions attended by counsel are all equally at risk. In cross-border contexts, privilege standards may differ, further complicating the picture when transcripts are stored or processed outside the United States.

Consider the scenario: a board of directors convenes a meeting with legal counsel to discuss litigation strategy. An AI notetaker—enabled by default on the company’s video conferencing platform—silently transcribes the entire conversation. That transcript is now stored on a cloud server operated by a third-party vendor. If opposing counsel later discovers that an AI tool was present during the privileged meeting, they have a powerful argument that privilege was waived over the entire conversation.

Conflicting Rulings Compound the Uncertainty

The legal landscape is far from settled, which makes the risk even more acute. While Heppner found no privilege protection for AI-generated materials, other courts have reached different conclusions in slightly different circumstances. A Detroit federal court judge found that a pro se plaintiff could not be compelled to turn over her ChatGPT transcripts, and a Colorado federal judge found that a pro se litigant's AI communications were covered by work-product protection.

This patchwork of rulings means organizations cannot rely on a single case to determine their risk. The safest approach, as multiple commentators have noted, is to prevent the problem from arising in the first place by keeping privileged communications away from third-party AI platforms entirely.

The Expanding Legal Reckoning

The privilege question exists within a much broader legal reckoning facing cloud-based AI meeting tools. As we covered in our article on AI meeting bots and wiretap law, these tools face mounting challenges across multiple legal fronts simultaneously:

Wiretap violations: At least thirteen states require all-party consent before recording, and AI tools that automatically join meetings without disclosure may violate federal and state wiretap statutes
Biometric privacy: AI transcription tools that use speaker recognition may collect voiceprints subject to BIPA and similar state laws
GDPR compliance: For organizations with EU operations, cloud AI transcription raises serious concerns under GDPR Article 5 regarding data minimization and purpose limitation
Discovery exposure: Every AI-generated transcript becomes a potentially discoverable document, transforming ephemeral conversations into permanent records

For legal professionals, the privilege question layers on top of all these risks, creating a uniquely dangerous compound of exposure.

The Architecture of Protection: Why On-Device Processing Preserves Privilege

The fundamental problem with cloud-based AI transcription in legal contexts is architectural: data leaves your control and enters a third party’s infrastructure. No amount of contractual provisions or vendor assurances can fully mitigate this structural vulnerability, because the data has already been disclosed.

On-device AI processing eliminates this risk at its root. When transcription occurs entirely on your device:

No third-party disclosure: Audio is processed by the device’s own neural engine. No external server ever receives the data. No third party is introduced into the privileged communication.
No vendor access: The transcription vendor has zero access to your meeting content. There is no privacy policy that could undermine your expectation of confidentiality.
No data retention by others: Transcripts exist only on your device. You control retention, deletion, and access entirely.
No training on your data: Your privileged conversations never become training data for anyone’s AI model.

Apple has built this architecture into the foundation of its platform. Apple’s privacy framework emphasizes on-device processing, keeping personal data local and secure. Apple Intelligence features process data on-device by default, and when server-side processing is needed, Private Cloud Compute ensures data is never stored or made accessible to Apple.

      ✅ The privilege-preserving approach: Basil AI performs 100% on-device transcription using Apple’s Speech Recognition framework. No audio, no transcripts, and no meeting data ever leaves your device. There is no third-party server, no cloud processing, and no data retention by any vendor—eliminating the privilege-waiver risk that cloud AI tools create.
    

Practical Steps for Legal Professionals

Whether you’re a solo practitioner, in-house counsel, or managing partner at a large firm, the Heppner ruling and its progeny demand immediate action:

Audit all AI tools in your legal workflow. Identify which tools process data in the cloud, what their privacy policies say about data retention and training, and whether they introduce a third-party disclosure risk.
Prohibit cloud AI in privileged contexts. Establish a clear policy that no cloud-based AI transcription or notetaking tool may be used during privileged meetings, client consultations, litigation strategy sessions, or any discussion involving confidential information.
Update engagement letters. Include AI-use clauses that explain what technology is used, how recordings are handled, and how clients can opt out of any recording.
Switch to on-device processing. For meetings where you want AI-assisted transcription without sacrificing privilege, use tools that process audio entirely on your device. This is the only architectural approach that preserves confidentiality under the legal principles established in Heppner.
Educate attorneys and staff. Ensure everyone in your organization understands that using consumer-grade or cloud-based AI tools with privileged information may constitute an irrevocable waiver of privilege.
Review malpractice coverage. Some carriers now ask about AI tool use at renewal. Undisclosed use of cloud AI tools that compromises privilege could affect your coverage.

The Future Is On-Device

The Heppner ruling represents just the beginning of a legal framework that will increasingly scrutinize how AI tools interact with privileged and confidential information. As courts continue to apply well-established privilege principles to new technology, the trend is unmistakable: sharing confidential information with cloud AI platforms carries significant and potentially irreversible legal consequences.

For legal professionals, this is not just a technology choice—it’s a professional obligation. The ethical duty to protect client confidentiality, enshrined in ABA Model Rule 1.6 and its state equivalents, demands that lawyers exercise reasonable efforts to prevent inadvertent disclosure. In 2026, “reasonable efforts” increasingly means keeping privileged conversations off cloud servers entirely.

On-device AI transcription isn’t a compromise. It’s the only architecture that lets legal professionals capture the productivity benefits of AI-assisted notetaking while honoring their most fundamental obligation: the duty of confidentiality to their clients.

🔒 Protect Privilege with On-Device Transcription

Basil AI processes everything on your device. No cloud servers. No third-party access. No privilege waiver risk. Your meetings stay between you and your client.

Attorney-Client Privilege Legal Ethics On-Device AI Privacy