FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatorylegallaw firmsABAPrivilege

Attorney-Client Privilege and the AI Tool Question

By Basel IsmailMay 25, 2026

Attorney-Client Privilege and the AI Tool Question

A lawyer drafts a memo analyzing litigation risk for a client. Solid work product, clearly privileged. Then they paste the whole thing into ChatGPT to "clean up the language." Did they just waive privilege?

The honest answer right now is: maybe. And "maybe" is a terrible place to be when privilege is on the line, because waiver is typically a one-way door. Once you have disclosed privileged material to a third party without adequate confidentiality protections, getting that privilege back is extraordinarily difficult.

The Core Problem: Disclosure to a Third Party

Privilege law has always turned on the question of whether a communication was made in confidence. The foundational principle, codified in various forms across jurisdictions (Federal Rule of Evidence 502, the Restatement (Third) of the Law Governing Lawyers, and state equivalents), is that voluntary disclosure to a third party who is not within the privilege relationship generally waives protection.

When you input text into a public AI tool, you are transmitting data to a third-party service provider. OpenAI, Google, Anthropic, Meta; these are commercial entities with their own data handling practices. Most public-facing AI tools explicitly state in their terms of service that user inputs may be used for model training, reviewed by human annotators, or stored in ways the user cannot control. OpenAI's terms of service for the free tier of ChatGPT, for instance, default to using inputs for training unless the user opts out. Even with the opt-out, the data still traverses their infrastructure.

The question then becomes whether transmitting privileged material to these services constitutes disclosure to a "third party" in the privilege sense. Under traditional analysis, it almost certainly does.

Where the Case Law Is Heading

We do not yet have a definitive appellate ruling squarely addressing AI-tool privilege waiver, but the trajectory is becoming visible.

In Varghese v. China Shenghuo Pharmaceutical Holdings, Inc. (S.D.N.Y. 2023), Judge Carter addressed concerns about AI use in litigation and signaled that courts are paying attention to how attorneys handle confidential information in AI contexts. While the case focused more on AI-generated fabrications (the hallucinated citations problem), the court's broader language about attorney obligations with AI tools has been widely cited in bar guidance.

More directly relevant is the growing body of ethics opinions. The Florida Bar's Proposed Advisory Opinion 24-1 (2024) explicitly warned that inputting client confidential information into generative AI tools may violate Rule 4-1.6 (confidentiality) and could implicate privilege waiver. The New York City Bar Association's Formal Opinion 2024-1 reached similar conclusions, noting that lawyers must evaluate whether AI tool terms of service provide adequate confidentiality protections before using them with any client information.

The State Bar of California's Practical Guidance for the Use of Generative AI Tools (November 2023) was particularly blunt: lawyers using public AI tools bear the burden of understanding how those tools process data, and a failure to do so does not excuse a confidentiality breach.

At the federal level, multiple district courts have adopted standing orders requiring disclosure of AI use in filings. Judge Brantley Starr in the Northern District of Texas was among the first in May 2023. These orders create a paper trail that opposing counsel can use to probe whether privileged material was exposed during AI-assisted drafting.

The analogy courts are likely to reach for is the line of cases involving inadvertent disclosure to cloud service providers and outsourced vendors. In cases like In re Teletrack, Inc. (N.D. Ga. 2016), courts have held that disclosure to third-party vendors can waive privilege unless the relationship is structured with adequate confidentiality agreements and the vendor is functioning as an agent of the attorney. Public AI tools, with their broad data-use terms, are going to have a very hard time fitting into that "agent" framework.

The Reasonable Precautions Standard

Federal Rule of Evidence 502(b) provides a limited safety net for inadvertent disclosures, but it requires showing that the holder took "reasonable steps to prevent disclosure" and "promptly took reasonable steps to rectify the error." Deliberately pasting privileged content into a public AI tool is hard to characterize as inadvertent. If a lawyer made a conscious choice to use the tool, the 502(b) defense likely fails.

Some firms have tried to argue that enterprise agreements with AI providers create sufficient confidentiality protections. This argument has more legs. If the AI provider contractually agrees not to use inputs for training, not to allow human review, and to process data within defined security boundaries, the relationship starts to look more like the outsourced vendor arrangements courts have blessed in the past. But you need the actual contract terms to support this, and the default terms of most public AI products do not.

Safe Paths for Lawyers Using AI

The practical guidance emerging from bar associations and risk-conscious firms converges on several principles:

Never input privileged or confidential client information into public AI tools operating under standard consumer terms of service. This is the bright line. If you are using the free or standard tier of any major AI product, assume your inputs are not confidential.
If you use AI for privileged work, use an enterprise deployment with a Business Associate Agreement or equivalent confidentiality contract. The contract should explicitly prohibit use of inputs for training, restrict data access, and define data residency. For healthcare-adjacent legal work, a BAA is not optional; it is required under HIPAA.
Strip identifying information before using AI tools for general research or drafting assistance. If you want AI help structuring an argument, you can describe the legal issue abstractly without including client names, deal terms, or case-specific facts.
Document your AI use policies and training. When (not if) a court asks whether your firm took reasonable precautions, you want to show a written policy, training records, and technical controls. The "reasonable steps" analysis under FRE 502(b) rewards firms that can demonstrate systematic diligence.
Monitor the terms of service of any AI tools your attorneys use. These terms change frequently. OpenAI, for example, has modified its data use policies multiple times since ChatGPT launched. A tool that was compliant six months ago may not be today.

The Bigger Risk: Opposing Counsel Knows to Ask

Here is what makes this urgent rather than theoretical. Sophisticated opposing counsel are beginning to include AI-use interrogatories in discovery. Questions like "Identify all AI tools used in the preparation of documents responsive to these requests" and "Describe the data handling terms applicable to each such tool" are showing up. If your answer reveals that privileged analysis was processed through a public AI tool with permissive data-use terms, you have handed opposing counsel a waiver argument on a silver platter.

The litigation risk compounds because waiver can extend beyond the specific document disclosed. Under the subject matter waiver doctrine, disclosing one privileged communication on a topic can waive privilege over all related communications on the same subject. A single careless AI interaction could unravel privilege protection across an entire matter.

How FirmAdapt Addresses This

FirmAdapt was built for exactly this kind of problem. The platform processes all data within a compliance-first architecture where client inputs are never used for model training, data residency is contractually defined, and access controls are auditable. For legal teams, this means AI-assisted work stays within a confidentiality framework that mirrors the protections courts expect when evaluating privilege preservation with third-party vendors.

FirmAdapt also supports the documentation requirements that are becoming essential. Usage logs, policy enforcement records, and data handling configurations are maintained in a way that gives legal teams the evidence they need if privilege is ever challenged. The goal is straightforward: let lawyers use AI without creating a waiver argument for the other side.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free