FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatorylegallaw firmsABAInsurance defense

Insurance Defense Firms and the AI Confidentiality Gap With Carrier Data

By Basel IsmailMay 27, 2026

Insurance Defense Firms and the AI Confidentiality Gap With Carrier Data

Insurance defense work has always involved a confidentiality structure that most other practice areas never have to think about. You have the insured, the carrier, and the defense firm, all bound together in a tripartite relationship where the lines of privilege, duty, and data ownership get genuinely complicated. Now layer AI tools on top of that, and you get a confidentiality gap that very few firms have seriously addressed.

The Tripartite Relationship: A Quick Refresher on Why It Is Uniquely Fragile

In most jurisdictions, the insurance defense attorney owes duties to both the insured (the client in the traditional sense) and the carrier (who is paying the bills and directing, to some degree, the litigation strategy). Courts have landed in different places on exactly how this works. Some states treat the insured as the sole client. Others, like Florida under Florida Ins. Guar. Ass'n v. Carey Canada, Inc. (1996), have recognized a dual-client framework. The ABA's Formal Opinion 01-421 tried to bring some clarity, but the reality is that the ethical obligations remain jurisdiction-specific and frequently murky.

What everyone agrees on: the defense attorney receives confidential information from both the carrier and the insured. Carrier data includes claims reserves, settlement authority, coverage analysis, litigation strategy preferences, and sometimes proprietary claims-handling guidelines. These guidelines, often called "litigation management guidelines" or LMGs, are treated by carriers as highly confidential trade secrets. Carriers like Zurich, Travelers, and Liberty Mutual have spent years refining these documents, and unauthorized disclosure can trigger real consequences, including termination from panel counsel lists and, in some cases, breach of contract claims.

The Data Flow Problem Nobody Planned For

When a defense firm adopts an AI tool for document review, drafting, summarization, or case strategy analysis, the data flowing into that tool inevitably includes carrier-origin information. Think about what happens when an associate uses a generative AI platform to summarize a claims file or draft a coverage analysis memo. The input contains carrier reserve figures, internal assessments of liability exposure, and strategic directives from the carrier's claims examiner. If that AI tool is cloud-hosted, processes data on shared infrastructure, or retains input data for model training, the firm has potentially disclosed carrier confidential information to a third party without authorization.

This is not a hypothetical risk. In March 2023, Samsung banned employee use of ChatGPT after discovering that engineers had uploaded proprietary source code. The legal profession's version of this problem is arguably worse because the confidentiality obligations are layered and contractual, not just internal policy. A defense firm that feeds carrier LMGs into an AI tool may be violating its panel counsel agreement, the carrier's outside counsel guidelines, and potentially the duty of confidentiality under Model Rule 1.6.

Where the Regulatory and Contractual Obligations Collide

Let's get specific about the exposure points.

Panel counsel agreements. Most carrier panel agreements include explicit confidentiality provisions covering claims data, reserve information, and litigation guidelines. Many of these agreements were drafted before generative AI existed, so they do not specifically address AI tool usage. But the broad language ("shall not disclose to any third party") almost certainly covers feeding data into a cloud-based AI platform. Some carriers, including Chubb and Hartford, began issuing AI-specific addenda to outside counsel guidelines in late 2023 and early 2024.
Model Rule 1.6 and its state equivalents. Comment 18 to ABA Model Rule 1.6 requires lawyers to make "reasonable efforts" to prevent unauthorized disclosure of client information. ABA Formal Opinion 477R (2017) extended this to electronic communications and data storage, requiring lawyers to assess the sensitivity of the information and the adequacy of safeguards. Feeding carrier confidential data into an AI tool without understanding the tool's data handling practices is hard to square with "reasonable efforts."
State-specific AI guidance. California's Proposed Formal Opinion 2024-1 and Florida Bar Ethics Opinion 24-1 both address AI usage and emphasize the lawyer's duty to understand how AI tools process and store client data. New York City Bar Association's Formal Opinion 2024-1 specifically flagged the risk of confidential information being used to train AI models. These opinions do not create new law, but they signal where disciplinary authorities are heading.
Insurance regulatory frameworks. The NAIC's Model Bulletin on AI (December 2023) focuses on insurers' own use of AI, but it creates downstream pressure. If a carrier is subject to regulatory scrutiny on how its data is handled, it will push that scrutiny onto its panel firms. Expect carrier audits of law firm AI practices to become routine within the next two years.

The Reserve Information Problem

Reserve data deserves special attention. Carriers set reserves based on their internal assessment of claim value, and this information is among the most sensitive data in the tripartite relationship. Courts have generally protected reserve information from discovery by plaintiffs. See Bernstein v. Travelers Ins. Co., 447 F. Supp. 2d 1100 (N.D. Cal. 2006), where the court held that reserve information was protected work product. If a defense firm's AI tool processes reserve data and that data is stored on servers accessible to the AI vendor, the work product protection could be waived. The firm has effectively shared the information with a third party outside the scope of the common interest or attorney-client privilege.

This gets worse if the AI vendor's terms of service permit data retention or use of inputs for model improvement. OpenAI's enterprise terms, for example, were updated in early 2024 to clarify that enterprise API inputs are not used for training. But the consumer and team-tier products do not offer the same guarantees. A firm that allows associates to use non-enterprise AI tools for carrier work is taking a significant and largely unmanaged risk.

What Firms Actually Need to Do

The practical challenge is that most insurance defense firms operate on thin margins. Carrier billing rates have been compressed for years, and the pressure to adopt efficiency tools is real. Firms cannot simply refuse to use AI. But they need to build a compliance layer that accounts for the tripartite relationship's unique data sensitivities.

A few concrete steps that matter:

Audit your data flows. Map exactly what information enters your AI tools. If carrier reserve data, LMGs, or claims-handling directives are part of the input, you need to know that and control it.
Review your panel agreements. Identify which carriers have issued AI-specific guidance and which agreements contain broad confidentiality language that would cover AI tool usage. Proactively seek carrier consent where needed.
Vet your AI vendors against Rule 1.6 standards. This means understanding data retention policies, training data practices, encryption standards, and subprocessor arrangements. ABA Formal Opinion 477R's "reasonable efforts" standard applies directly here.
Implement role-based access controls. Not every attorney or staff member handling a carrier's files should have the same level of AI tool access. Segment by matter type and data sensitivity.
Document everything. If a carrier audits your AI practices (and they will), you need to demonstrate that you assessed the risks and implemented safeguards. A written AI usage policy specific to insurance defense work is the baseline.

How FirmAdapt Addresses This

FirmAdapt's architecture was built around the assumption that different data sources within a single matter may carry different confidentiality obligations. For insurance defense firms, this means carrier-origin data can be tagged, segmented, and processed under rules that reflect the specific confidentiality requirements of each panel agreement. Data never leaves the firm's controlled environment for model training, and retention policies can be configured at the matter or data-source level.

The platform also generates audit-ready documentation of how AI tools interact with sensitive data, which is exactly what firms will need when carriers begin conducting AI compliance reviews. FirmAdapt treats the tripartite relationship's data complexity as a design constraint, not an afterthought.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free