Skip to content

May 28, 2026 · Daniel B. Garrie

Federal Courts Split on Whether Using Public GenAI Tools Waives Privilege — And Issue First AI-Specific Protective Order Mandates

Four federal courts issued sharply diverging rulings in early 2026 on whether using consumer generative AI platforms during litigation destroys attorney-client privilege and work product protection. The emerging framework draws a critical line between consumer-tier AI tools and enterprise platforms with contractual data safeguards — a distinction every litigator and in-house counsel must understand before discovery begins.

The collision between generative AI and litigation privilege was inevitable. What no one predicted was how fast, how fractured, and how consequential the initial case law would be. Between February and May 2026, four federal courts issued rulings that collectively define the first contours of an AI-use governance framework for discovery — and they do not all point in the same direction.

The Split: Confidentiality Expectations and the "Tool vs. Person" Debate

The fault line opened in U.S. v. Heppner (S.D.N.Y., Feb. 17, 2026), where Judge Rakoff held that a criminal defendant's litigation preparation materials generated through a public generative AI platform were not protected by attorney-client privilege. The reasoning was structural: when a user submits queries and confidential facts to a consumer-tier platform governed by broad terms of service — terms that typically reserve rights to use input data for model improvement — any reasonable expectation of confidentiality is destroyed. The third-party disclosure problem, long familiar from cloud storage debates, arrived in the AI context with full force.

Just two weeks earlier, Warner v. Gilbarco (E.D. Mich., Feb. 10, 2026) reached the opposite conclusion in a civil matter. That court reasoned that AI platforms are "tools, not persons," and that routing work product through an AI system does not constitute disclosure to an adversary in the legally cognizable sense required to waive protection. Under that framing, an attorney using an AI drafting assistant is no more exposed than one using spell-check or document management software.

The tension between these two decisions is not merely academic. It reflects a genuine doctrinal uncertainty: does the privilege analysis turn on the nature of the receiving party (human adversary vs. automated system), or on the contractual and technical realities governing what happens to the data once submitted? Heppner answers with the latter; Warner with the former.

The Morgan Framework: Disclosure Requirements and the First AI-Specific Protective Order

Morgan v. V2X (D. Colo., Mar. 30, 2026) synthesized and sharpened the emerging analysis in ways that commentators have called the most consequential ruling of the quartet. A magistrate judge in that case upheld work product protection for a pro se plaintiff's AI-assisted litigation materials — but attached two conditions that are already reshaping how practitioners think about protective order drafting.

First, the court ordered the plaintiff to disclose the name of any AI tool used in connection with confidential materials. Second, and more significantly, the court amended the existing protective order to prohibit the use of consumer-tier AI on any confidential electronically stored information unless the vendor satisfies three contractual conditions: it must bar the use of submitted data for model training, restrict onward disclosure of that data, and permit the user to demand deletion on request.

Those three conditions — training prohibition, disclosure restriction, deletion right — now constitute a practical compliance checklist for any enterprise AI tool a litigant wants to use safely in a matter subject to a protective order. Platforms that cannot satisfy all three contractually should be presumed off-limits for confidential ESI.

Expert Witnesses and Rule 26: AI Prompts as Discoverable Work

A separate ruling flagged by Arnold & Porter in May 2026 extended the analysis to expert witnesses, holding that an expert's AI prompts are "fair game" under Rule 26. This is a significant development that many practitioners have not yet internalized. Under the existing framework for expert disclosure, the inputs feeding an expert's opinions — the data considered, the methodologies applied — are already subject to scrutiny. Courts are now treating AI prompts as part of that analytical record, not as privileged attorney communications shielded from production.

The practical implication is immediate: any expert who uses a generative AI tool to assist in forming or articulating opinions should expect that the prompts, the outputs, and the iterative exchange may be producible. Counsel retaining experts need to build AI-use disclosure into engagement letters and ensure that prompt logs are preserved from the outset.

Building an AI-Use Governance Checklist Before Discovery Opens

Taken together, these four rulings point toward a framework that practitioners can operationalize before any matter enters discovery. At the tool-selection stage, the threshold question is whether the platform offers enterprise-grade contractual protections covering training prohibition, disclosure restriction, and deletion rights — the Morgan triad. Consumer-tier versions of ChatGPT, Claude, and Gemini will presumptively fail that test absent specific enterprise agreements.

At the ESI protocol and protective order stage, litigants should propose affirmative language governing AI use modeled on the Morgan amendments: identification of approved tools, certification of contractual safeguards, and a prohibition on consumer-tier platforms for any confidential ESI category. Waiting for opposing counsel or the court to raise these issues is a losing strategy.

At the Rule 26(f) meet-and-confer, counsel should address AI use proactively — both their own and their experts'. Given the May 2026 ruling on expert prompts, failure to disclose AI-assisted expert workflows during the meet-and-confer creates avoidable motion practice risk. Agentic AI systems that autonomously gather or synthesize information present an additional layer of complexity that courts have only begun to address.

How Law & Forensics Helps

Law & Forensics works with litigation teams and in-house counsel to build AI-use governance frameworks calibrated to current and emerging case law. Our services include vendor assessment against the Morgan contractual triad, protective order language tailored to AI-specific risks, Rule 26(f) disclosure protocols that address both counsel and expert AI use, and forensic preservation procedures for AI-generated materials and prompt logs. As courts continue to issue diverging rulings, having a defensible AI governance posture documented before discovery opens is no longer optional — it is a matter of professional responsibility.

Explore our eDiscovery services →