Full profile
The early 2026 federal rulings on privilege risk in AI-assisted eDiscovery review do not say that lawyers must keep artificial intelligence out of litigation work. They also do not say that routing sensitive legal material through any system labeled “AI” is harmless. Read closely, the cases ask familiar questions: who used the tool, whose legal work was being advanced, what confidentiality terms applied, and whether the resulting record later became useful evidence for the other side.
That distinction matters because the headline version of the split is too blunt. In Heppner v. Facebook, the Southern District of New York rejected privilege protection for materials generated through Claude in a pro se setting. In Warner v. Meta Platforms, the Eastern District of Michigan treated ChatGPT and similar programs as tools rather than persons and rejected automatic waiver. In Morgan v. Garland, the District of Colorado likewise refused to hold that AI use alone destroys privacy expectations or protection. Those are different outcomes, but they are not three courts inventing three different bodies of AI privilege law.

The Split Is Real, but It Is Narrower Than It Looks
Heppner deserves careful treatment because it is the ruling most likely to be misused in both directions. It is not a general holding that AI-generated litigation material can never be privileged. It is a ruling in which several conventional privilege problems appeared at once: the plaintiff was proceeding pro se, there was no attorney-client relationship for the relevant communications, the AI use was not directed by counsel, and the court found no reasonable expectation of confidentiality under the cited Claude terms, including provisions described as allowing use of data for training and disclosure to government entities under some circumstances.[1]
Those facts do a great deal of work. If a person who is not acting under counsel’s direction gives material to a consumer AI service whose terms do not provide the confidentiality one would expect from a legal technology vendor, waiver analysis does not need a new doctrine to get to a hard result. The court can reach that result through ordinary questions about confidentiality and disclosure.
Warner went the other way, but not because the court announced an AI safe harbor. The Eastern District of Michigan rejected the premise that disclosure to ChatGPT or similar programs is equivalent to disclosure to a person, reasoning that such programs are “tools, not persons” and that use of the tool did not materially increase the likelihood that protected material would reach an adversary.[2] That is a narrower proposition than “AI preserves privilege.” It is closer to the way courts have long treated many litigation technologies: the tool matters, but the confidentiality and adversary-access analysis still matters more.
Morgan then followed the same general path for pro se litigants. The District of Colorado held that AI use “does not eliminate all expectations of privacy or automatically waive protections.”[3] Again, the important word is automatically. Morgan resists a per se waiver rule; it does not excuse lawyers or litigants from reading terms, controlling access, or explaining how the tool fit within protected legal work.

| Case | Tool posture | Privilege result described in the research materials | Fact that carried the analysis |
|---|---|---|---|
| Heppner v. Facebook | Consumer AI use by a pro se plaintiff | Privilege protection rejected | No attorney-client relationship, no counsel direction, and no reasonable expectation of confidentiality under the cited terms |
| Warner v. Meta Platforms | ChatGPT and similar programs treated as tools | No automatic waiver | Disclosure to the tool was not treated as disclosure to a person or as materially increasing adversary access |
| Morgan v. Garland | AI use by pro se litigants | No automatic elimination of privacy expectations or protections | AI use alone did not resolve the privilege question |
Heppner Is a Warning About Facts, Not a Ban on AI Review
The operational value of Heppner is that it names the failure points. A litigation team can do something with “no counsel direction.” It can do something with “no reasonable expectation of confidentiality.” It can do something with consumer terms that allow uses inconsistent with the treatment of privileged litigation material. Those are reviewable procurement and workflow questions, not atmospheric anxieties about new technology.
The pro se posture also limits the case. Privilege doctrine is built around protected legal advice and attorney work. When no lawyer is directing the activity, it becomes harder to characterize the interaction as part of counsel’s privileged process. That does not make the case irrelevant to law firms; it makes it more pointed. If a firm lets lawyers or staff use a consumer chatbot outside the litigation support environment, it has moved closer to the Heppner fact pattern than it may want to admit.
The more interesting portion of Heppner is not the loss. It is the reservation. The court expressly left open that counsel-directed use of a confidential enterprise AI tool could be analyzed differently under traditional agency principles.[1] That is the sentence practitioners should be carrying into vendor reviews. It is also the sentence that keeps the ruling from becoming a crude anti-AI citation.
Why Warner and Morgan Are Not Blanket Permission Slips
Warner and Morgan are useful precisely because they reject a reflexive rule. If every AI interaction were treated as disclosure to an uncontrolled third party, litigation technology would be sorted by label rather than by risk. That is not how privilege normally works. Courts ask whether confidentiality was preserved, whether the disclosure was necessary or consistent with obtaining legal assistance, and whether the disclosure materially increased the chance that an adversary would obtain the material.
Still, the “tools, not persons” formulation should not be stretched beyond its reasoning. A tool can be embedded in a protected legal workflow, or it can be a service with terms that permit training, review, onward disclosure, or retention inconsistent with the client’s confidentiality expectations. Calling something a tool does not answer the next questions. Who can access the prompts? Are outputs stored? Are prompts used to improve the model? What happens when a subpoena, law-enforcement request, or vendor dispute appears? The cases do not make those questions disappear.
Morgan’s phrasing is similarly important because it protects room for case-by-case analysis. AI use does not eliminate all privacy expectations. That is not the same as saying every AI use carries a reasonable expectation of privacy. The difference is where eDiscovery managers and lawyers have to work.
The Consumer-versus-Enterprise Distinction Is Doing Real Work
For privilege risk in AI-assisted eDiscovery review, the most practical dividing line is not whether a model generates text. It is whether the system looks like part of counsel’s protected legal infrastructure or like an uncontrolled outside recipient. A consumer chatbot used ad hoc by an individual lawyer, employee, or client creates a different record than an enterprise review feature deployed inside a litigation platform under a contract that addresses confidentiality, data use, retention, access controls, and security.

That distinction is not cosmetic. A litigation vendor is often treated as assisting counsel, much like translators, consultants, hosting providers, contract reviewers, and forensic specialists can assist counsel without destroying privilege when the arrangement is properly controlled. The analogy becomes weaker when the service terms reserve broad rights to use submitted content, when access is not limited to the legal team and its agents, or when no one can explain whether prompts and outputs are retained.
In procurement terms, the privilege question should reach the security exhibit and the product workflow, not just the sales description. A vendor’s statement that its AI is “secure” does not answer whether client data is used for model training. A promise that the platform is “enterprise-grade” does not answer who can view prompts and outputs. A feature that summarizes hot documents may be useful, but if its logs are stored in a way that later makes them producible, counsel needs to know that before the review begins.
Questions That Belong in the File Before the Review Starts
- Was the AI feature used at the direction of counsel for legal advice, litigation strategy, document review, or work product preparation?
- Do the vendor terms prohibit use of client content for model training or other non-case purposes?
- Who can access prompts, uploaded documents, generated summaries, audit trails, and chat logs?
- Are prompts and outputs retained, deleted, exported, or commingled with non-privileged business records?
- Can the team later describe the workflow without relying on vague statements that a lawyer “used AI”?
None of those questions requires a court to bless a particular platform in advance. They are the same kind of record-building lawyers already do for technology-assisted review, hosted review environments, clawback orders, and expert-assisted analysis. The difference is that generative AI produces more visible intermediate artifacts: prompts, drafts, summaries, classifications, explanations, and sometimes conversational logs. Those artifacts need a home in the privilege plan.
Fortis Shows a Different Risk: The AI Record as Evidence
Fortis v. Krafton belongs near the privilege cases, but not inside the same box. In that Delaware Chancery Court dispute, a CEO’s ChatGPT logs became trial evidence of bad faith in a $250 million earnout dispute.[4] The lesson is not that all AI-assisted review logs are discoverable or that every AI chat waives privilege. The lesson is that an AI interaction can become a contemporaneous record of intent, strategy, or decision-making if it is created outside a protected legal workflow and later fits an issue in the case.
That is a separate discovery path. Privilege waiver asks whether protected material lost protection through disclosure or inadequate confidentiality. Evidentiary use asks whether the record itself tends to prove something relevant. In Fortis, the attention-grabbing fact is not merely that ChatGPT was involved; it is that the logs were probative enough, under the case’s facts, to appear as trial evidence.[4]
For corporate legal departments, this matters outside formal document review. Executives experimenting with chatbots for deal strategy, employee communications, post-closing disputes, or regulatory narratives may be creating records that are not privileged simply because the subject feels legal-adjacent. If counsel is not directing the work and the environment is not controlled, the record may look less like legal work product and more like a business document with an unusually candid drafting history.
What This Means for AI eDiscovery Review
The safest reading of the 2026 cases is neither prohibition nor comfort. A legal team using AI for eDiscovery review should be able to show that the tool sits within counsel’s work, that confidentiality is contractually and technically protected, and that the team has thought about the status of prompts, outputs, logs, and summaries. If those facts are missing, the risk is not caused by the letters A and I. The risk is that a court may see disclosure to a third-party service or creation of ordinary business records rather than protected legal work.
A useful internal protocol does not need to be theatrical. It can identify approved tools, prohibit unsanctioned consumer chatbot use for privileged or confidential matter, require counsel approval before uploading case materials, record the purpose of AI-assisted review features, and preserve the vendor terms in effect at the time of use. If a challenge comes later, the team should not have to reconstruct the workflow from memory while holding a privilege log in one hand and a vendor FAQ in the other.
Protective orders and ESI protocols may also need more precise language. A standard confidentiality designation controls party behavior; it may not answer whether a party may feed produced material into an AI system, whether the system may retain or learn from that material, or whether generated summaries are treated as attorney work product. Those questions are easier to negotiate before production than after a receiving party has already used the tool.
The same discipline applies to privilege logs. If AI-assisted review is used to identify potentially privileged documents, the log should not imply that a machine made the privilege determination without legal supervision. Counsel can use technology to triage, cluster, summarize, and flag. The privilege assertion remains a legal act. That distinction is mundane, but it is exactly the kind of mundanity courts look for when deciding whether a process was controlled.
No Appellate-Safe Rule Yet
As of Q3 2026, there is no circuit-level rule that makes AI-assisted litigation work categorically privileged or categorically waived. The early federal cases leave room for disagreement at the margins, especially while trial courts confront different tools, terms, users, and records. That uncertainty is real for the lawyer approving a workflow before appellate guidance arrives.
But the available rulings point toward a manageable framework. Heppner shows what happens when counsel direction and confidentiality are absent. Warner and Morgan reject automatic waiver from AI use alone. Fortis shows that AI logs can become evidence when they independently bear on disputed conduct. The better working rule is therefore factual rather than categorical: privilege risk in AI-assisted eDiscovery review turns on counsel involvement, confidentiality protections, vendor terms, and later use of the record, not on the AI label itself.
References
- AI Privilege Waivers: SDNY Rules Against Privilege Protection for Consumer AI Outputs, Gibson Dunn
- Generative AI and Privilege: Practical Lessons from Two Early Decisions and What Comes Next, Sidley, March 3, 2026
- AI in eDiscovery: Court Warnings, Privilege Risks, Smarsh
- When your AI tool becomes a witness: AI tools, privilege waiver, hidden risks, Reuters, June 8, 2026
Comments
Join the discussion with an anonymous comment.