Legal teams using AI tools in their work face an unresolved question: are those conversations privileged? According to CDF Labor Law LLP’s analysis of recent court decisions, the answer depends on which court is deciding, and courts are currently split.
The most pointed ruling cited in the analysis involves *United States v. Heppner*. In that case, a court held that communications with Claude AI were not protected by attorney-client privilege. The reasoning, per CDF Labor Law LLP’s analysis, turned on two elements: there was no human attorney in the relationship (a prerequisite for attorney-client privilege), and Anthropic’s privacy policy, which explicitly reserves the right to review user conversations, undermines any claim of confidentiality. Privilege requires confidentiality. A tool whose vendor can access session content cannot, under this reasoning, be a conduit for privileged communication.
That logic is clean. But another line of cases pushes back.
*Warner v. Gilbarco*, also cited in CDF Labor Law LLP’s analysis, represents the contrasting approach, courts that have found work-product protection available for AI-assisted attorney work product. Work-product doctrine protects materials prepared in anticipation of litigation, and the doctrine’s scope is broader than attorney-client privilege. It doesn’t require a human-to-human confidential relationship the way privilege does.
Why the distinction matters for legal teams.
Two different doctrines, two different standards. Attorney-client privilege protects communications between attorney and client. Work-product doctrine protects the attorney’s mental impressions, conclusions, and legal strategies prepared for litigation. An AI tool might lose on privilege grounds (no human attorney, no confidentiality guarantee) while still producing materials that qualify for work-product protection.
The practical upshot: legal teams should not assume that AI tool sessions are privileged. They should assess whether their use of AI generates materials that could qualify for work-product protection under the applicable jurisdiction’s doctrine, and they should review the AI vendor’s privacy and data access policies before routing privileged communications through any AI tool.
What to watch.
The circuit split, if it develops, will eventually require appellate resolution. In the meantime, the most consequential variable is the privacy policy of the AI tool in use. A vendor whose terms explicitly reserve access to conversation content will face the *Heppner* analysis. A vendor offering enterprise deployment with contractual data isolation may be positioned differently. Legal teams should be reviewing their AI vendor contracts now, before a ruling in their jurisdiction resolves the question for them.