By Kim Xi Harris Founder & Platform Architect, Lex Arca™ Legal Vault  |  Calculate your firm’s billing leakage  |  legalvault@lex-arca.com

According to Clio’s 2026 Legal Trends Report for Solo and Small Law Firms (May 2026, https://www.clio.com/about/press/2026-solo-small-firm-report/), 71% of solo practitioners and 75% of small firms are now using AI to complete legal work — yet fewer than 33% have seen any revenue increase from it, compared to nearly 60% of enterprise firms. The gap between AI adoption and AI compliance is not a policy problem. It is an architecture problem.

A 2026 federal ruling in United States v. Heppner established that conversations conducted on public AI platforms — ChatGPT, Gemini, Claude.ai, and similar tools — are potentially discoverable in litigation. The court’s reasoning turns on a specific architectural fact: when you type privileged case information into a cloud-based AI platform, you are voluntarily disclosing it to a third-party commercial vendor. That disclosure, under established privilege doctrine, can waive the protections you assumed were intact. The brand of the platform does not change the analysis. The architecture does.

What Did the Heppner Ruling Actually Decide — and Who Does It Affect?

United States v. Heppner held that communications input into a public AI platform fail the confidentiality element of privilege analysis because the platform — a third-party commercial entity — retains those queries. Any attorney or client using a public AI tool to process case-specific information in a federal matter faces meaningful exposure under this reasoning. The ruling applies in criminal and civil contexts, and a developing circuit split means uncertainty will persist until appellate courts weigh in.

The exposure window is not limited to the obvious case. An attorney conducting deposition prep in ChatGPT, a client typing their divorce strategy into a consumer AI tool, or a paralegal running document summaries through a cloud-based AI platform — each of these actions produces a log on a third-party server that can receive a subpoena. The Heppner court declined to extend privilege protection to what it characterized as voluntary disclosure to a commercial vendor with its own data retention policies.

As of 2026, over 300 federal and state courts have issued standing orders governing AI use in filings. Florida Administrative Order 26-04 requires personal attorney certification on every AI-assisted filing. Texas requires attorneys to personally certify they reviewed every AI-assisted statement. ABA Formal Opinion 512 makes these obligations enforceable under Model Rules 1.1, 1.4, and 1.5. The Heppner discoverability question adds a new compliance layer that existing court orders do not yet fully address.

Does Using a ‘Legal-Specific’ AI Platform Solve the Discoverability Problem?

Not automatically — and this distinction matters more than most legal AI vendors are willing to say clearly. A platform built for legal use is not the same as a platform built on local-first architecture. The relevant question under Heppner is not what the platform is marketed for. It is where the inference runs and who controls the compute layer.

Several legal AI tools now market “data isolation” or “secure processing” as a feature response to the post-Heppner landscape. These claims deserve scrutiny. “Data isolation” in SaaS marketing typically means your data is not mixed with other users’ data in the same database partition — not that your queries never transit the vendor’s infrastructure. Those are architecturally different claims with different legal consequences. A vendor’s privacy policy and a vendor’s subpoena exposure are not the same document.

The privilege analysis that Heppner applies turns on whether a third party received the disclosure. If your AI query passes through a vendor’s cloud infrastructure — even momentarily, even encrypted in transit — the vendor is the third party. Contractual promises about data handling do not change that architectural reality.

The question is not whether the platform is labeled ‘legal AI.’ The question is whether a subpoena to the vendor would produce your client’s case strategy. If the answer is anything other than an architectural ‘no,’ the risk is real.

What Does Local-First Architecture Actually Mean for Attorney-Client Privilege?

A local-first private vault architecture addresses the Heppner risk at the structural level by ensuring that AI inference runs inside the attorney’s own provisioned environment — not on the vendor’s shared cloud infrastructure. When inference is local, the vendor never receives the query. There is no third-party log. There is no server that can be subpoenaed. The third-party disclosure problem that Heppner identifies does not arise because there is no third-party disclosure.

Lex Arca™ Legal Vault is built on a local-first private vault architecture. Lex Arca™ is architecturally excluded from client data. When an attorney runs a strategy query against their case vault, that query never leaves their environment. The AI-native litigation intelligence platform for solo and small-firm litigators handles document retrieval, case strategy modeling, and billing capture inside the vault — not on shared infrastructure.

This is not an incremental privacy improvement over standard cloud AI tools. It is a different architectural answer to a different legal question. The local-first private vault changes what a subpoena to the vendor can produce: nothing, because the vendor never had it.

What Should Attorneys Do Right Now If They Have Case Queries in Public AI Platforms?

Attorneys who have been conducting case-related queries in Claude.ai, ChatGPT, Gemini, or any cloud-based AI platform should treat this as an immediate compliance matter, not a future consideration. The Heppner reasoning applies retroactively to stored conversation logs. The following steps are not legal advice for your specific situation — they are the practical actions that the architecture of the risk demands.

First, export your conversation history from any public AI platform you have used for case-related queries. Most platforms — including Claude.ai — provide a data export function in account settings. Export before deleting; you may need the record of what was disclosed.

Second, delete the sensitive conversations. Deletion removes them from the platform’s active storage, though vendor backup retention policies vary and should be reviewed. Pay particular attention to any Project-style features on these platforms, where uploaded case documents and associated conversations may be stored together.

Third, consult your professional liability counsel about disclosure obligations if client-privileged materials were processed through a public AI platform in an active matter. This is not a hypothetical risk — it is a documented architectural exposure in federal litigation context.

Fourth, migrate your active case research and strategy workflows to a local-first private vault architecture before continuing AI-assisted case work. The ABA Formal Opinion 512 compliance workflow for AI verification requires a documented activity trail that begins at the point of AI use — and that trail should not run through a third-party cloud platform in a matter where privilege is at stake.

From Kim’s Chair: The Questions I Would Have Asked

I did not build Lex Arca™ from a whiteboard. I built it from a chair — the client’s chair — where I watched case strategy move through systems that neither I nor my attorney fully understood. When I read about the Heppner ruling and its implications for AI-assisted legal work, I do not see a cautionary tale about an attorney. I see the client who had no idea their case information was transiting a vendor’s cloud infrastructure, who had no way to ask the right questions, and who found out what ‘third-party disclosure’ means only when it mattered most.

If I were in that courtroom as the client, here is what I would ask the room:

  1. How many attorneys in this room conducted case strategy conversations on a public AI platform in the past twelve months and never disclosed that to their clients?
  2. If a subpoena to your AI vendor would produce your client’s case strategy, at what point does that become something the client had a right to know before you used the tool?
  3. When the legal industry says ‘data isolation,’ and the platform’s terms of service say ‘we process your data on our infrastructure,’ whose definition of isolation applies in a privilege motion?
  4. Is the legal tech industry selling attorneys a compliance story, or a compliance architecture?

And if I were your client — sitting across from you before you walked into that courtroom — here is what I would have asked you:

  1. Did you tell me you were using an AI platform to work on my case, and did you explain where my case information was being stored when you used it?
  2. If opposing counsel subpoenas the AI platform you used, what would they find — and how would you explain it?
  3. Is there any record I can see that shows what AI tools touched my case, when, and what they processed?
  4. When you chose the AI tool you used, was discoverability part of the evaluation — or just speed and price?

These are not hostile questions. They are the questions that documentation answers — and the silence where documentation does not exist.

Key Takeaways

  1. The 2026 federal ruling in United States v. Heppner established that case-related queries input into public AI platforms are potentially discoverable because the vendor is a third party who received voluntary disclosure of the information.
  2. Using a platform marketed as ‘legal AI’ does not resolve the discoverability risk unless that platform’s architecture ensures inference runs inside the attorney’s own environment — not on the vendor’s shared cloud infrastructure.
  3. Attorneys with active case-related queries stored in public AI platforms should export that history, delete sensitive conversations, consult professional liability counsel, and migrate to a local-first architecture before continuing AI-assisted case work.
  4. Lex Arca™ Legal Vault provides a local-first private vault with an append-only, tamper-evident audit trail designed to support attorney compliance workflows — Lex Arca is architecturally excluded from client data.
  5. Calculate your firm’s billing leakage and get early platform access at https://calculator.lex-arca.com.

About the Author: Kim Xi Harris is the Founder and Platform Architect of Lex Arca™ Legal Vault, an AI-native litigation intelligence and compliance platform for solo and small-firm attorneys. She is a Cornell Women’s Entrepreneur Program graduate, SBA Women in Business Champion Award recipient, WOSB certified, and holds five Google AI certifications. Calculate your firm’s billing leakage and join the VIP waitlist at https://calculator.lex-arca.com — or reach us at legalvault@lex-arca.com.