Your AI Activity Can Be Used Against You In Court

What a Federal Court Just Told Us About AI and Confidentiality

Most people treat AI chatbots like private notebooks. Type your thoughts, get a response, move on.

That assumption just got tested in federal court. It didn't hold up.

In United States v. Hepner, a judge ruled that documents a criminal defendant created using the free version of Anthropic's Claude were not protected by attorney-client privilege or the work product doctrine. The government can use them. This appears to be one of the first judicial decisions on this exact question, and the reasoning reaches well beyond legal practice.

If you're a business leader using AI tools to think through sensitive situations, this case is a direct warning.

What actually happened?

The defendant in Hepner was indicted on securities fraud, wire fraud, conspiracy, false statements to auditors, and falsifying corporate records. After his arrest, the FBI seized documents and devices from his home, including 31 documents containing his queries to Claude's free tier and the AI-generated responses.

Here's the critical sequence. The defendant had already spoken with his attorney about defense strategy. Then, on his own and without his attorney's direction, he went to Claude. He uploaded information reflecting those private conversations with counsel. His stated goal was to prepare reports outlining defense strategies and consolidate his thinking for future discussions with his lawyer.

His attorney argued all 31 documents should be protected. The court disagreed on every count.

Why didn't privilege protect him?

The court's reasoning was straightforward. Anyone using consumer AI tools for sensitive work should read it carefully.

On attorney-client privilege: The interactions were between the defendant and an AI tool. Claude is not an attorney. No attorney-client relationship exists. The communications weren't made for the purpose of obtaining legal advice from a lawyer.

On confidentiality: This is where it gets pointed. The free version of Claude's privacy policy explicitly allows Anthropic to use prompts for model training and to disclose data to third parties, including the government. The court found that once you upload information under those terms, you've voluntarily disclosed it. No reasonable expectation of privacy survives that.

On work product: The work product doctrine protects materials prepared by or at the direction of counsel. The defendant acted independently. His attorney didn't ask him to use Claude. The documents didn't reflect his attorney's mental impressions or legal strategy. They reflected the defendant's own thinking, run through a public tool.

The court did note one thing worth flagging: the outcome might have been different if the attorney had directed the defendant to use the AI tool, potentially establishing it as the lawyer's agent. That wasn't the case here. But it tells you where the line sits.

What does the privacy policy actually say?

Most people skip this part. It's the part that decided the case.

The free version of Claude lacks what the court described as enterprise-grade protections. No prohibition on using data for training. No contractual limits on access. No strict privacy commitments. When you use a free consumer AI tool, you're agreeing to terms that give the provider broad rights over your inputs. The court treated this exactly as it would treat any voluntary disclosure to a third party. Share it under those terms, and the confidentiality is gone.

Could AI-assisted work ever receive protection? The court suggested yes, under much more controlled conditions. Enterprise agreements with strict data handling provisions, no training on user data, real contractual privacy commitments. The free tier doesn't come close to that bar.

Why does this matter outside the courtroom?

I've spent three decades watching people underestimate the gap between what a tool feels like and what it actually does.

AI chatbots feel private. The interface is personal. You're typing into a box and getting responses that feel like a conversation. But the infrastructure behind that interface operates under terms you agreed to and probably didn't read.

This isn't just a legal problem. It's an operational one.

Think about what flows through AI tools in a typical company. Strategy discussions. Employee issues. Financial projections. M&A considerations. Customer data. If any of that touches a consumer-grade AI tool, you've potentially created a record that isn't protected and isn't private.

The Hepner ruling applied existing legal principles to a new context. As attorney Pamela Langham wrote for the Maryland State Bar Association, this is "not a radical departure from precedent, but a firm application of long-standing attorney-client privilege and work product principles to AI technologies." The law didn't change. The tools changed. People haven't caught up.

What should leaders actually do about this?

Most organizations adopt AI tools quickly because the productivity gains are obvious. The information governance implications don't get thought through until something goes wrong. That's the pattern I keep seeing.

A few things that matter right now:

Know what tier you're on. Free and consumer AI tools almost universally reserve the right to train on your data and share it with third parties. Enterprise agreements can include strict data handling, no-training clauses, and contractual privacy protections. The difference isn't cosmetic. As Hepner shows, it can be dispositive.

Set clear policy about what goes into AI tools. This isn't about banning AI. It's about knowing which tools are approved for which types of information. Confidential strategy, legal matters, personnel issues, financial data: none of this should touch a tool without enterprise-grade protections in place.

Educate your team, not just your lawyers. The risk in Hepner came from a defendant acting on his own. In a company, the same risk comes from employees at every level who use AI tools daily without thinking about what they're feeding into them. One person pasting a sensitive contract into a free chatbot can waive protections the legal team spent months building.

Treat AI tool selection as an information security decision. Because that's what it is. The privacy policy of your AI provider is now part of your confidentiality posture. If you haven't reviewed it, you don't actually know what's protected.

At Holm Intelligence Partners, this is the kind of operational question we work through with leadership teams. Not the hype about what AI can do, but the practical reality of how it intersects with your existing obligations, risks, and decision-making. Our AI Operating Review exists precisely because these issues don't surface until they become problems.

Is this the beginning of a bigger shift?

Hepner was an interlocutory ruling, issued during ongoing litigation, not as a final judgment. The full opinion ran approximately 40 pages. One case, one federal court. But it's well-reasoned and applies established principles cleanly to a question that will keep coming up.

Every week, more people use AI tools to think through sensitive situations. Legal exposure. Business strategy. Personnel decisions. Competitive intelligence. Each of those interactions creates a record, stored under terms most users never examined, on infrastructure they don't control.

Will more courts face this issue? Absolutely. The question is whether your organization has a clear position on how AI tools fit into your confidentiality framework before a court forces the question for you.

The tools are useful. I'm not arguing otherwise. But useful and private are not the same thing. Hepner made that distinction concrete, and the organizations that take it seriously now will be in a far better position than those who learn about it the hard way.