MTC: When Your CEO Asks ChatGPT How to Take Over: Lessons for Lawyers on Public AI, Ethics, and Confidentiality 🧠⚖️

Lawyers need to evaluate public AI chatbot against ABA confidentiality and privilege rules

In March 2026, the Delaware Court of Chancery in Fortis Advisors, LLC v. Krafton, Inc. handed lawyers one of the clearest cautionary tales yet about public AI chatbots, corporate governance, and the limits of “move fast and break things.” A South Korean gaming conglomerate, Krafton Inc., used an artificial intelligence chatbot to help devise an internal “Project X” takeover plan against its own studio, Unknown Worlds Entertainment, and then tried to defend the fallout in court. The result: a detailed opinion reinstating the studio’s CEO, extending a $250 million earnout period, and spotlighting how AI misuse can become Exhibit A when things go wrong.

If you’re a solo, a small-firm lawyer, or an AI‑curious practitioner dabbling with ChatGPT or similar tools, this case is your wake‑up call. The message is not “don’t use AI.” The message is: treat public chatbots the same way you treat email, cloud storage, or texting — through the lens of ABA ethics, client confidentiality, and privilege. 😬

In this editorial, I’ll unpack what happened, how the court framed the misuse of a chatbot, and what you should do in your own practice to stay on the right side of the rules.

The Case in a Nutshell: AI as a Takeover Co‑Pilot

Krafton bought Unknown Worlds — the studio behind Subnautica — for $500 million upfront plus up to $250 million in contingent earnout payments, with a contractually guaranteed structure: the founders and CEO (the “Key Employees”) retained operational control and could only be fired for defined “Cause.”  As Subnautica 2 approached early‑access launch, internal projections showed the game would easily trigger a massive earnout.

The CEO of Krafton grew concerned he looked like a “pushover” under the deal and turned to a public AI chatbot for advice on how to avoid paying the earnout and seize control of the studio. The chatbot’s “response strategy” included:

  • Locking down publishing rights and code access.

  • Crafting messaging to “secure public support” and undermine the “large corporation vs. indie” narrative.

  • Preparing a “takeover” path that blended hardball legal tactics with PR framing. 

Krafton’s internal team implemented much of that plan — cutting off the studio’s access to its Steam publishing console, posting unilateral public statements, and ultimately terminating the founders and CEO on a pretext of “premature release” risk.  When sued, Krafton tried to pivot to new justifications, including the executives’ role changes and their defensive downloads of company data. 

The court was having none of it. Vice Chancellor Will held that:

  • The terminations were not “for Cause” under the negotiated contract.

  • The “Project X” takeover guided by the chatbot was a pretext to avoid the earnout.

  • The studio’s CEO, Ted Gill, must be reinstated with full operational control, and the earnout period equitably extended by the length of his ouster. 

In other words, the AI‑assisted takeover strategy became part of the factual narrative of bad faith and breach — not a clever workaround.

Public Chatbots and ABA Model Rules: Three Pressure Points ⚖️

Attorneys must consider ethical AI chatbot use for confidential client case analysis

Even though this is a corporate earnout case, the opinion gives lawyers a concrete frame for thinking about public AI tools under the ABA Model Rules.

1. Confidentiality — Model Rule 1.6

Rule 1.6 requires lawyers to keep “information relating to the representation of a client” confidential, absent informed consent or a specific exception. Public chatbots are not your firm’s Document Management System (DMS) — they’re third‑party services that typically ingest prompts for training, quality, and logging. When Krafton’s CEO ran “Project X” through a chatbot, he was effectively outsourcing high‑stakes strategy to a non‑privileged third‑party system that could store and learn from those prompts. 

For lawyers, the parallels are obvious:

  • Dropping fact patterns, names, or deal structures into a public chatbot can mean you’ve disclosed client information to a non‑controlled vendor.

  • Even “sanitized” prompts can be re‑identified when combined with other data.

Under 1.6, that’s a potential confidentiality breach unless you’ve vetted the tool, negotiated appropriate terms (including data handling and retention), and obtained informed client consent for that mode of assistance. Emojis and “it’s just drafting help” don’t change that. 😉

2. Privilege — Model Rules 1.1 and 1.4 (Competence and Communication)

Privilege isn’t framed in the Model Rules, but Rule 1.1 (competence) and 1.4 (communication) require you to understand how your technology choices affect the protection of client communications. When you route strategy discussions through a public chatbot:

  • You may jeopardize attorney–client privilege by involving a third‑party with no need‑to‑know and no formal role in the representation.

  • You may create discoverable records that live outside your control, just as Krafton’s CEO created chat logs he then tried to delete. 

The court noted that relevant chatbot logs were deleted, which did not play well in evaluating Krafton’s narrative.  Privilege analysis is already complex with cloud tools; adding public AI as a “secret co‑counsel” without protections only compounds that risk. 

Competent use of technology now includes understanding whether your AI stack is preserving or eroding privilege and communicating those risks to clients when you propose AI‑assisted workflows.

3. Candor and Misrepresentation — Model Rule 4.1 and 8.4(c) 🚨

Although this case turns on contractual “Cause” and good faith, the court’s language about “pretextual” justifications and manufactured defenses should resonate with litigators. Model Rule 4.1 prohibits knowingly making false statements of material fact to third parties; Rule 8.4(c) bars conduct involving dishonesty, fraud, deceit, or misrepresentation. 

When you:

  • Use a chatbot to generate strategic messaging designed to mislead stakeholders.

  • Craft public statements or demand letters that you know are pretextual, but you’ve optimized with AI for tone and impact.

… you’re still responsible for the truthfulness of that content. The court saw through Krafton’s attempt to re‑frame events after the fact, and its internal AI‑assisted playbooks did not help. 

For lawyers, the lesson is simple: AI‑generated output is yours once you sign or speak it. If it’s misleading, you own the ethics problem — not “the algorithm.”

Practical Takeaways for Solo and Small‑Firm Lawyers 🧩

So what do you do if you’re a tech‑savvy lawyer who likes AI, but doesn’t want your prompts quoted in an opinion like this?

Here are grounded, practice‑ready steps.

1. Establish an AI Use Policy

Even if you’re a solo, write down what you will and won’t do with public chatbots.

lawyers need to build practical, ethical AI policies for practice.

  • No client names, exact fact patterns, or identifiable deal terms in public tools.

  • Use AI for structure and language, not for strategy or confidential analysis.

  • Prefer client‑specific, non‑logging enterprise tools when handling sensitive material.

Treat this like you treat your cloud storage or remote‑work policy — it’s part of your competence under Model Rule 1.1 and your supervisory obligations under 5.1/5.3 if you have staff.

2. Separate “Public Prompting” from “Privileged Thinking” 🧠

Use public chatbots for:

  • Headline and meta description drafting.

  • Blog outlines, post ideas, or simple explainer language for non‑client scenarios.

  • Rough templates for standard documents that you will heavily edit.

Avoid using them for:

  • Fact‑specific case assessments.

  • Litigation strategy, negotiation plans, or internal “playbooks” like Krafton’s “Project X.” 

  • Anything that feels like the kind of conversation you’d normally have only with a colleague behind closed doors.

This separation keeps your privileged work product inside tools and workflows you control.

3. Vet Vendors Like You Vet e‑Discovery Platforms

If you move beyond public chatbots to paid AI tools, evaluate them as you would any major legaltech vendor:

  • Where is data stored?

  • Is training on your material disabled by default?

  • Can you get a Business Associate Agreement or Data Processing Agreement / Data Protection Impact Assessment that aligns with your jurisdiction’s expectations?

The ABA’s Formal Opinion 477R on secure communications and cloud ethics opinions from state bars all provide analogies: reasonable steps, not perfection, are required — but “type client memo into random website” is not reasonable. 😄

4. Document Client Consent When AI Is Material to the Representation

If you expect to use AI in a way that materially affects how you deliver legal services, communicate that to clients under Rule 1.4:

  • Explain benefits (efficiency, faster drafting).

  • Explain risks (data handling, reliability, hallucinations).

  • Offer an AI‑free option.

Written engagement terms that address AI use can save hard conversations later if something goes sideways.

5. Revisit Your “Bad Facts” Mindset

Reading this Delaware opinion, you see how internal strategy — including AI‑assisted plotting — can become a litigation exhibit.  For lawyers, that’s an invitation to ask: 

“If this prompt or chatbot conversation showed up in an opinion, would I be comfortable defending it under the Model Rules?”

If the answer is no, don’t send it. That simple heuristic scales across tools and platforms.

What This Case Signals for the Next Wave of Legal Tech 🌊

There can be significant legal consequences for AI chatbot misuse in legal disputes.

The opinion in Fortis Advisors v. Krafton is not an ethics decision aimed at lawyers, but it shows courts will:

  • Scrutinize AI‑assisted strategies as part of broader narratives about good faith, bad faith, and pretext.

  • Expect parties — and by extension, counsel — to maintain and produce AI‑related records where relevant.

  • Be unimpressed by attempts to retroactively justify decisions made for economic reasons with thin “quality” or “readiness” arguments. 

As public models get more powerful and more embedded in practice, ABA Model Rules on competence, confidentiality, supervision, and candor apply just as they did when lawyers moved to email, smartphones, and the cloud. AI is just the next tool — but it’s a tool that makes it very easy to generate sophisticated bad ideas quickly.

Your job is to keep your ethical compass steady, even when the chatbot is very persuasive. 🧭

MTC

🎙️ Ep. #137 - How Lawyers Can Protect Kids Online: COPPA 2.0, Age Assurance, and AI Chatbots with FOSI’s Andrew Zach 👨‍⚖️🔐

My next guest is Andrew Zach, Senior Policy Counsel at the Family Online Safety Institute (FOSI), where he works at the intersection of technology, privacy law, and child online safety policy in Washington, DC. In this Tech‑Savvy Lawyer.Page episode, we unpack what family‑centered online safety really means for practicing attorneys, from intake forms and client portals to law practice management systems, social media, and rapidly evolving AI chatbots. Andrew explains COPPA and the proposed COPPA 2.0, explores how states and countries are experimenting with age assurance, and offers practical guidance for lawyers who handle sensitive images, minors’ data, and AI‑driven tools while staying compliant and supporting parents. If you are an attorney, legal professional, or a tech‑curious parent, this conversation will help you make smarter, safer choices about how you use technology in and around your law practice.

Join Andrew and me as we discuss the following three questions and more! ⚖️💻

  1. What are the top three practical steps every lawyer should take to bake in family‑centered online safety when designing client‑facing tech, websites, portals, intake forms, messaging, and social media?

  2. What are the top three technology tools or configurations law firms should implement to better protect children and teens who may be affected by legal technology, whether they are direct clients in a family matter or simply sharing devices with adult clients?

  3. If you were advising bar associations and practice‑area leaders, what would be the top three CLE or policy priorities to ensure lawyers responsibly use AI, client portals, and other digital tools while supporting parents and caregivers in keeping families safe online?

In our conversation, we cover the following ⏱️

  • 00:00 – Welcoming Andrew and his current tech setup: MacBook Pro, external monitor, iPhones, and wired Bose headphones 🎧

  • 01:00 – What is FOSI and how it works across policy, digital parenting, and industry best practices to keep families safer online 🌐

  • 02:00 – COPPA basics: verifiable parental consent for under‑13 data, why COPPA is dated, and the patchwork of state privacy laws filling the federal gap 📜

  • 03:00 – California privacy leadership, international regimes (like Europe), and why the US needs a comprehensive data privacy law with limits on collection, use, storage, and sale of personal data 🧩

  • 04:00 – HIPAA, SOC 2, agentic AI chatbots on legal websites, and why notice, consent, and data minimization matter for law firms adopting AI‑driven intake and support tools 🤖

  • 05:00 – Data minimization as a safeguard when storage or breaches go wrong; retention and disclosure issues in worst‑case scenarios 📂

  • 05:30 – Handling sensitive images in legal practice (family photos, abuse evidence) and why state‑by‑state rules make it hard to manage online safety and data privacy consistently 🧾

  • 06:00 – Why a stronger federal law is needed, and what COPPA 2.0 (Children and Teens Online Privacy Protection Act) could change, including raising the age of digital consent and protecting teens from targeted advertising 🎯

  • 07:00 – Everyday scenarios: sharing kids’ photos with family, private messaging vs social media, and why limiting audience and avoiding “questionable” content is critical 👨‍👩‍👧‍👦

  • 08:00 – Why “private” Facebook accounts with many friends still are not private enough for potentially risky images and what safer sharing looks like 🔒

  • 09:00 – Keeping audiences limited in litigation and family law contexts while complying with legal guidelines for highly sensitive evidence 📁

  • 10:00 – Defining age assurance vs age verification, and how tools like facial age estimation, IDs, and self‑declaration fit into online safety compliance 🧑‍💻

  • 11:00 – International and US examples: UK social media age checks, Australia’s age assurance trials, and Texas cases on adult sites and app‑store‑level verification ⚖️

  • 12:00 – Free Speech Coalition v. Paxton upholding age verification for adult sites versus the App Store Accountability Act’s broader mandate and why it was enjoined 🏛️

  • 13:00 – Financial harm to parents from kids’ unsupervised app purchases and concerns about access to “harmful content” through apps and social media 💳

  • 14:00 – Is there such a thing as “age insurance”? Exploring liability, coverage, and why Andrew is not aware of a product like that 🧾

  • 15:00 – Apple vs Facebook on data tracking: long terms of service, Apple’s “Ask App Not to Track” pop‑up, and “arms race” messaging around personalization and privacy 📲

  • 16:00 – Communicating data practices clearly to users and kids; age‑appropriate disclosures and the role of legislation in requiring plain‑language privacy notices 🧠

  • 17:00 – “Kids’ accounts” on platforms like Instagram, retrofitting protections vs safety by design, and what private‑by‑default, constrained communication can look like for teens 🧒

  • 18:00 – Culture of responsibility: six entities in online safety (industry, policymakers, law enforcement, educators, kids, and families) and FOSI’s free digital parenting resources 📚

  • 19:00 – Why expecting parents to customize every app setting is unrealistic and how safety‑by‑design and data‑minimization can reduce that burden 🛠️

  • 20:00 – Parental responsibility vs platform responsibility, and how making parental controls easier (e.g., YouTube teen account setup time) can encourage meaningful engagement 👪

  • 21:00 – Recent cases in New Mexico and California: addiction, mental health, platform design, and new legal strategies targeting harms beyond specific content 🧑‍⚖️

  • 22:00 – The Joe Camel analogy, marketing to kids, and why FOSI avoids equating social media directly with tobacco while still pushing for better design safeguards 🚭

  • 23:00 – Features like “take a break” and limits on infinite scroll; designing for vulnerable users and younger audiences from the outset 🧱

  • 24:00 – AI chatbots in legal practice: risks of emotional dependence, mental health harms, and why unregulated bots should not replace trained professionals in sensitive contexts 🧩

  • 26:00 – How often teens and families are using generative AI, and the emerging theme of stricter rules or disclosures for legal, medical, and financial advice from chatbots 🧮

  • 27:00 – Disclaimers and transparency for client‑facing chatbots on law firm sites; state‑by‑state experimentation and potential new duties for lawyers using AI in practice 💬

  • 28:00 – The White House’s national AI policy framework, its child‑safety focus, and the need for congressional action, preemption questions, and national standards 🇺🇸

  • 29:00 – Why bar associations and lawyers should track AI policy developments closely as they intersect with ethics, confidentiality, and family online safety 🔍

  • 30:00 – FOSI’s “good digital parenting” resources, device agreements, and practical scripts for setting expectations with kids about devices and online behavior 📄

  • 31:00 – Where to find Andrew online, including FOSI’s website and his “Andrew the Policy Guy” content on LinkedIn and TikTok 📲

RESOURCES

Connect with Andrew 🌐

Mentioned in the episode 📝

Hardware mentioned in the conversation 🖥️

Software & Cloud Services mentioned in the conversation ☁️