Securing AI in Legal:
How Law Firms & In-House Counsel
Manage AI Data Risk

One pasted contract can waive privilege, breach confidentiality, and initiate a malpractice claim – all before the AI returns its first sentence. 69% of lawyers are using AI but only 34% of firms are governing it. That 35 point gap is the biggest risk in legal tech today. Here's how firms and in-house teams are closing it.

69% / 34%
of legal professionals use AI individually; only 34% of firms have formally adopted it — a 35-point governance gap
46%
cite data security as the top barrier to AI adoption — ahead of ethics (42%) and privilege (39%)
6 duties
ABA Formal Opinion 512 maps to six existing ethical obligations — all of which AI use implicates
43%
of firms have no AI policy and no plans to create one — even as courts hand down sanctions

For most professions, feeding data into an AI tool is a security question. For lawyers, it is that – and an ethics question, a privilege question, and a malpractice question, all at once. The duty of confidentiality under Model Rule 1.6 is wider than attorney-client privilege: it covers all information about a representation, no matter where it came from. When an associate pastes a contract, a deposition transcript, or a settlement memo into a consumer AI tool to "summarize it," he or she may have done something that no other professional's careless paste does – that is, waived a privilege that cannot be un-waived, and breached a duty that predates the internet.

The legal profession has reached the same place as every other industry: individual use of AI has outstripped institutional governance.69% of legal professionals now use generative AI — more than double a year earlier — but only 34% of firms have formally adopted it. For a lawyer, the gap is not a business risk, it is an ethical and professional-liability exposure with a regulator (the bar) and a set of binding rules already attached. This is a guide to how firms and in-house counsel actually manage that risk: the duties at risk, the failure modes, and the controls that allow lawyers to use AI without risking the privilege.

The Core Risk

Confidentiality under Model Rule 1.6 is everything about a representation – not just privilege. Many terms of use for consumer AI tools permit inputs to be used to train a model. Combining the two: pasting client information into a consumer AI tool can be a breach of confidentiality and a waiver of privilege the instant you hit enter – before the model generates a single word of output.

The legal AI governance gap — individual use vs. firm adoption
69%
Legal professionals
using AI individually
34%
Firms that have
formally adopted AI

A 35-point gap — lawyers using AI faster than firms can govern it. Source: 8am 2026 Legal Industry Report.

The Six Duties AI Puts at Risk

In July 2024, the ABA issued Formal Opinion 512, its first formal guidance on generative AI. It created no new rules — it mapped six existing Model Rules onto AI use, making clear that the ethical obligations don't change just because the tool does. Here is each task, the AI-specific risk it entails and the control that it is addressed by.

Model Rule 1.6
Confidentiality

The headline risk. Entering confidential client information in a "self-learning" AI tool may make it available to others and violate the duty to prevent disclosure. Opinion 512 requires lawyers to consider the data handling of the tool and obtain informed consent from the client before entering confidential information in a tool that may disclose it.

Use tools that are contractually prohibited from training on your data; identify and block client data before it enters an unmanaged tool.
Model Rule 1.1
Competence

You must understand the tool. Competence is now having a reasonable idea of what an AI tool can and cannot do – especially that it is prone to hallucinate. You don't have to be an engineer, but you cannot say that you do not know how the tool deals with the data and where it fails.

Train lawyers and staff on the limitations of approved tools and record the firm's knowledge of each tool before use.
Model Rules 3.1 / 3.3
Candor to the tribunal

Hallucinated citations are sanctionable.Filing AI-generated content with made-up cases or quotes is a breach of the duty of candor and the courts are getting impatient. The verification duty is non-delegable: the signing lawyer is the owner of every citation.

Mandatory checklist for AI-assisted filing to verify citations before filing; log who verified.
Model Rule 1.4
Communication

Sometimes you must tell the client. Opinion 512 describes circumstances in which disclosure of use of AI is required, such as when it affects fees or informs a major decision in the representation. Stand-alone boilerplate engagement-letter language may not be sufficient for informed consent.

Define when AI use is disclosed; capture genuine informed consent, not boilerplate.
Model Rules 5.1 / 5.3
Supervision

Managers are on the hook. Supervisors should have a policy on the use of AI and make reasonable efforts to ensure that lawyers and non-lawyers follow it–including training–and that an associate's careless paste is not a supervisory failure of a partner.

Firm-wide AI policy with enforcement; technical controls that make policy violations hard to commit.
Model Rule 1.5
Reasonable fees

You can't bill for the wrong things. Lawyers cannot usually bill clients for time spent learning a general AI tool and must be transparent about how AI cost and efficiency impact fees. Billing AI-accelerated work at full manual hours is a reasonableness issue.

AI assisted work billing policy. Transparency with clients about efficiency gains.
⚠ The sanctions are real and accelerating

From Mata v. Avianca (2023 lawyer filed a brief with AI-made decisions) to a wave of 2026 rulings, courts have punished lawyers for AI-hallucinated citations – with reported penalties in the six figures in the first half of 2026 and judges saying "the problem is not going away" – every one of them began with the same: an AI output that looked good and was not checked. The duty to verify is the cheapest insurance in law.

A Practical Classification: Red, Yellow, Green

The most useful framework that we observe firms to adopt is a simple traffic-light that tells everyone at a glance what is not allowed, what needs to be watched and what is okay. It translates abstract ethics rules into an operational rule of thumb.

Prohibited
Red — never do this
  • Entering confidential client data into public/consumer AI tools
  • Using AI for fact-finding or citations without independent verification
  • Letting AI make automated decisions about client outcomes
  • Pasting privileged documents into any tool that trains on inputs
Oversight required
Yellow — with controls
  • Legal research (with mandatory citation verification)
  • Document review and first drafts on client matters
  • Summarizing case materials in approved, governed tools
  • Any client-data use through a BAA/DPA-covered platform
Standard use
Green — go ahead
  • Administrative and internal scheduling tasks
  • Marketing content with no client information
  • General (non-client) legal-concept research
  • Drafting internal templates with no confidential data
The Distinction That Matters Most

The most important line to draw is between purpose-built legal AI with enterprise data isolation and general purpose consumer tools. A platform that contractsually prevents your inputs from being used to train its models, that signs the right agreements, and that isolates your data is a different kind of risk than a free consumer chatbot whose terms allow you to paste whatever you want and have it used to train its models. For medical records (PI, mass tort) or other regulated data, this distinction also has HIPAA weight on top of the ethical duties – it is not academic.

Where client data leaks — and where to intercept it
Lawyer / staff drafting, researching Privileged docs, client PII, deal terms INSPECT Consumer AI tool (trains on inputs) ✗ BLOCKED / REDACTED Governed legal AI (data-isolated, under DPA) ✓ ALLOWED An inspection layer at the point of use routes client data to governed tools and blocks it from ungoverned ones — automatically.

In-House Counsel: A Different Angle on the Same Risk

In-house counsel face the firm's risks and their own. They are not just AI users, but are becoming the function that manages AI for the business. The same in-house counsel who is concerned about an associate pasting a contract into ChatGPT is also being asked to approve the company's customer facing AI, vendor AI clauses and AI governance policy. Two jobs, one team.

The In-House Double Duty

In-house counsel have to (1) preserve privilege and work product in their own AI use – legal advice drafted with AI assistance still has to be privilege – and (2) own enterprise AI governance: vendor contracts with proper AI and data-processing terms, the company's acceptable-use policy, regulatory mapping (EU AI Act, state laws, sector rules) and incident response. The tooling that protects the legal team's data is often the same tooling that shows enterprise-wide governance to regulators and the board.

Lawyers' duty of confidentiality is not privilege and the verification duty is not delegable. AI does not lower those fences but it increases the stakes of passing them. The firms that manage AI well see it as a client-protection discipline and not an IT project.

— Polygraf AI, on AI risk in legal practice
Free Tool · Polygraf AI Risk Calculator

Quantify your firm's AI confidentiality exposure

How is your firm or legal department's position on AI data risk? Polygraf's AI Risk Calculator models your exposure – breach, regulatory and litigation – and shows which obligations apply, from confidentiality duties to state privacy laws and the EU AI Act, based on your practice areas, tools and existing controls.

  • Quantified exposure across breach, regulatory, and litigation risk
  • A tailored read on which duties and regulations apply to your practice
  • Gaps surfaced: tool approval, consent workflow, verification, and supervision
  • Modeled reduction from adding inline detection and governance controls
Run the free AI Risk Assessment →
Sample result
Total Potential Exposure
$49.8M
Data breach
Regulatory
Litigation
Reputational

The Implementation Playbook

Closing the gap in governance is a process, not a policy memo. Here's the order that works for firms and in-house teams alike.

1
Write a realistic policy — not a ban
Blanket bans don't work, lawyers use AI anyway, but invisibly. Adopt a clear red/yellow/green policy that names approved tools, prohibits client data in consumer tools, and requires verification. The ABA's six duties are the foundation of your policy.
2
Approve specific tools with the right contracts
Vet and approve tools that are contractually prohibited from training on your data, that isolate your data and that sign the required agreements (DPA and a BAA if medical records are involved). Provide lawyers with a sanctioned path that is actually usable so they do not go around it.
3
Deploy technical controls at the point of use
A policy without enforcement is a document that no one follows. The inspection layer that detects client data and blocks/redacts it before it gets to an unmanaged tool is what makes the policy real – and what satisfies the supervisory duty technically and not just on paper.
4
Mandate verification and train everyone
Make citation verification a mandatory, logged step in the filing process. Train all lawyers and non-lawyers on approved tools and the lack thereof in over half of firms – and that is a supervisory gap in itself.
5
Log, audit, and maintain
Track AI use, approval, and verification – the record that shows diligence to a malpractice carrier, disciplinary investigator or court. Return to the tool list and policy as models, court rules and state bar opinions change.
How Polygraf AI Protects Legal Data

Polygraf AI is the technical enforcement layer that turns an AI policy into protection for law firms and in-house teams. It is at the point where lawyers and staff use AI – identifying client identifiers, privileged content, financial terms and (for PI and mass-tort work) PHI in real time, and blocking or redacting them before they are sent to a consumer AI tool that is trained on inputs. It sends data to your approved, governed tools and keeps it out of ungoverned ones, and logs every interaction for the audit trail your supervisory and confidentiality duties require. It is on-premise with zero data egress and sub-100ms latency – so the protection itself never becomes a new place client data lives. In a profession where one careless paste can waive a privilege, that point-of-use control is the difference between a policy and a safeguard.

Not legal advice. This is a general educational overview prepared by Polygraf AI, not legal or ethics advice and does not create an attorney-client relationship. ABA Formal Opinion 512 is advisory; Model Rules are binding only as adopted by each jurisdiction and state bar opinions have additional or different requirements. Check your jurisdiction's rules, applicable ethics opinions and qualified counsel before relying on anything here.
Polygraf AI

Protect Privilege at the Point of Use

Polygraf AI identifies client data, privileged content, and PHI before it gets to a consumer AI tool, routes it to your governed tools and blocks the rest with a full audit trail. On-premise, sub-100ms, zero data egress.

Request a Demo →
Air-gap ready · HIPAA · SOC 2
Deploys in under an hour

NEWS & More

Insights & Updates from Polygraf.

Blog Posts

AI tools that process cardholder data may fall under PCI-DSS scope. Polygraf AI explains what finance teams need to know about PCI-DSS compliance for AI.

To learn more about Polygraf, please get in touch.

At Polygraf, we envision a future where AI augments human capabilities without compromising safety, privacy, or ethical standards. Trust in our commitment to building this future with you.

Products

thank you

Your download will start now.

Thank you!

Please provide information below and
we will send you a link to download the white paper.