Insights

Federal Court Holds That Communications with Generative AI Are Not Protected by Attorney-Client Privilege or the Work Product Doctrine

By T. Cullen Stafford, Josey L. Newman

Commercial Litigation

In United States v. Heppner, No. 25-cr-503 (JSR), 2026 WL 436479 (S.D.N.Y. Feb. 17, 2026), the United States District Court for the Southern District of New York recently held that a criminal defendant’s written exchanges with a publicly available generative AI platform were not protected by either the attorney‑client privilege or the work product doctrine.

This groundbreaking decision has wide-ranging implications for anyone using generative AI tools in sensitive legal contexts.

Case Background

In October 2025, a grand jury returned an indictment charging Defendant Bradley Heppner with securities fraud, wire fraud, conspiracy, making false statements to auditors, and falsifying corporate records. Following Defendant’s arrest, the FBI executed a search warrant at the Defendant’s home and seized materials, including approximately 31 documents memorializing discussions Defendant had with “Claude”, a generative AI platform operated by Anthropic. 

Defendant had used the AI tool after receiving the grand jury subpoena to create reports summarizing strategy and anticipated legal arguments. Defendant argued the AI‑generated documents were privileged because:

  1. They included information learned from counsel,
  2. He created them for the purpose of seeking legal advice, and
  3. He later shared them with his lawyers.

Court’s Decision

1. Communications with AI Are Not Attorney‑Client Communications

The Court first explained that attorney‑client privilege requires a communication between a client and an attorney, that is intended to be confidential, and that is made for the purpose of obtaining or providing legal advice.

Because Claude is not an attorney, and AI tools do not create the requisite “trusting human relationship” that underlies recognized privileges, the Court concluded that communications with AI were not protected by the attorney-client privilege.

2. AI Platform Inputs Are Not Confidential

The Court also concluded communications with AI were not p because they were not confidential.  Specifically, Anthropic’s privacy policy provides that it:

  • collects and retains both user inputs and AI outputs,
  • uses them for model training,
  • and reserves the right to disclose them to third parties, including government authorities.

As a result, the Defendant had no reasonable expectation of confidentiality in his AI communications.

3. User Intent to Seek Legal Advice From Counsel Does Not Transform AI Communications Into Privileged Material

The Court further determined that the communications with AI were not privileged because they were not made for the purpose of seeking legal advice. Although Defendant argued he used AI to prepare for discussions with counsel, his attorneys did not instruct him to do so. Further, AI platforms explicitly disclaim providing legal advice; therefore, the communications could not have been made for the purpose of obtaining legal advice.

4. Later Sharing with Counsel Cannot Retroactively Confer Privilege

The Court rejected the argument that non‑privileged communications could become privileged simply because the client later shares them with an attorney.

5. Work Product Protection Does Not Apply

The Court also considered whether the AI documents were privileged under the work product doctrine. This doctrine provides qualified protection for materials prepared by or at the direction of counsel in anticipation of litigation or for trial.

Ultimately, the Court held the work product doctrine inapplicable because:

  • the AI documents were not prepared by or at the direction of counsel, and
  • they did not reflect counsel’s mental impressions or legal strategy at the time of their creation.

Key Takeaways

  • All AI tools, including automated note-taking applications, should be treated as third parties with whom privilege is waived, unless the AI tool offers confidentiality guarantees and states that data will not be used for training or shared externally.
  • The logic of the decision applies broadly: in civil, regulatory, or internal investigations, AI‑generated drafts, analyses, or summaries may not receive privilege protections.
  • Organizations should consider implementing proactive AI‑use protocols to ensure sensitive information is protected.