How One Careless AI Prompt Can Waive Privilege

A senior associate is up against a filing deadline. She has a draft set of patent claims and a client's invention disclosure open in one window, and a public AI tool open in the other. To tighten the language, she pastes a paragraph describing the invention and asks for a cleaner phrasing. The answer comes back in seconds. The problem is that the disclosure is now gone — submitted, retained, possibly processed by sub-processors and used to train a model, and impossible to recall.

That single action can do more damage than a missed deadline. For an IP firm, the content pasted into that box is often the exact material whose confidentiality, privilege, or novelty the firm exists to protect. And the emerging case law suggests courts are prepared to treat the act of pasting it as a voluntary disclosure — with consequences that no retraction can undo.

Why a prompt is a disclosure, not a draft

Lawyers are trained to think carefully about who is in the room when privileged information is discussed. A public AI tool is a room you can't see into. When pasted content is submitted, it becomes subject to the provider's terms of use, which can grant broad rights to retain, use, and train on it. That is a fundamentally different posture from typing into a word processor.

Two early rulings sharpen the point. In U.S. v. Heppner (S.D.N.Y., Feb 2026), documents created with a public GenAI tool were held not protected by attorney-client privilege. In Trinidad v. OpenAI (N.D. Cal., Jan 2026), a trade-secret claim was dismissed because developing the alleged secrets via ChatGPT counted as voluntary disclosure — the secrecy that gave the material legal protection was lost the moment it was submitted.

These are early, unsettled decisions, not settled law, and they shouldn't be read as legal advice. But the direction is hard to ignore: the legal protections IP firms rely on — privilege, confidentiality, trade-secret status, patentability — all depend on controlling disclosure. A prompt is a disclosure. Once it happens, there is nothing left to protect.

The exposure is structural, not a discipline problem

It would be comforting to treat this as a one-off lapse by a careless associate. The data says otherwise. According to Cyberhaven (2025), 82.8% of legal documents entered into AI tools go to non-corporate accounts — meaning they flow through personal logins the firm has no visibility into or control over. That is not a fringe behaviour; it is how a large share of legal AI usage already works.

The pressure is structural too. The people closest to the crown-jewel material — the associate drafting claims, the agent preparing a novelty argument, the partner reviewing a client's invention disclosure — are precisely the ones most tempted to reach for a tool that drafts and summarizes well. LayerX (2025) found that 77% of AI users paste data into prompts, and 82% of that pasted content comes from unmanaged personal accounts. Gartner reports that 88% of employees with enterprise AI access also use personal AI tools for work. The instinct to use these tools is not going away, and it shouldn't have to.

It's worth naming a specific scenario IP practitioners will recognize: the client AI questionnaire. A client sends a list of technical questions about a competitor's product or their own pre-filing invention, and an associate runs them through a public model to accelerate the response. Every question, every detail of the unfiled invention, every hint about strategy is now outside the firm's control — and potentially outside the conditions that preserve patentability.

Why bans and policies don't close the gap

The reflexive response is to ban the tools. The Samsung case from 2023 is the canonical lesson in why that fails: within roughly 20 days of allowing ChatGPT, engineers had pasted source code, a defect-detection algorithm, and a meeting transcript into it. The company-wide ban came after the data was already gone. Bans also push usage underground — people route around them through personal accounts, which is exactly the unmanaged channel the Cyberhaven and LayerX numbers describe.

Acceptable-use policies fare little better. IBM's 2025 Cost of a Data Breach Report found that 63% of organizations have no AI governance policy, and only 17% have technical controls to redact or block sensitive data at the point of entry. A policy that says "don't paste client matter into AI" is a sign on the door, not a lock. It assumes every person, under deadline pressure, will correctly identify what's privileged before they hit enter.

The gap is the moment between the paste and the submission. That is where the control has to live — not in a quarterly training, not in a policy memo, but in the instant the prompt is about to leave.

How firms are closing the gap

The firms getting this right have stopped relying on memory and willpower. They've moved the control to the point of entry, so that sensitive content — a client name, an unfiled invention, a draft claim — is caught and redacted before the prompt ever reaches the AI tool. When something risky is flagged, the person sees a plain-language explanation of what was caught and why, which turns each near-miss into a moment of training rather than a silent failure. Over time, that builds a workforce that is measurably better at handling AI safely, and a record that demonstrates it.

This matters for the duty of technological competence that law societies and CPATA increasingly expect. Governance that educates in the moment — rather than banning tools people will use anyway — keeps the firm's velocity while preserving the conditions that protect privilege and novelty. This is the principle Sanitized AI is built on: act before submission, because after submission there is nothing left to control.

The question worth asking this quarter is narrow and answerable: if an associate pasted a client's unfiled invention into a public tool tomorrow afternoon, would anything stop it — and would you ever know? If the honest answer is no, that's the gap to close. Request an intake to see what closing it looks like for your firm.