Join us for an AI-powered deep dive into the ethical challenges facing legal professionals in the age of generative AI. 🤖 We unpack the February 23, 2026, editorial AI may not be your co‑counsel—and a recent SDNY decision just made that painfully clear. ⚖️🤖. Our Google Notebook LLM hostsbreaks down why a single click on a public AI tool’s Terms of Use can trigger a privilege waiver, and what “tech competence” really means in 2026—especially after United States v. Hoeppner and Judge Jed Rakoff’s wake-up-call analysis of confidentiality and third-party disclosure risk.

🔗 Read the full editorial on The Tech-Savvy Lawyer.Page and share this episode with a colleague who is experimenting with AI in client matters.

In our conversation, we cover the following

00:00 — The “superhuman assistant” promise, and the procedural nightmare risk. 🧠⚖️
00:01 — The core warning: AI use can “blow a hole” in privilege.
00:02 — Editorial overview: “The AI Privilege Trap” by Michael D.J. Eisenberg.
00:02 — The case: United States v. Hoeppner (SDNY) and why it matters.
00:03 — Why Judge Jed Rakoff’s opinion gets attention (tech-literate, influential).
00:03 — The facts: defendant drafts with a public AI tool, then sends outputs to counsel.
00:04 — The court’s conclusion: no attorney-client privilege, no work product protection.
00:05 — Privilege basics applied to AI: “confidential + lawyer” and why AI fails that test.
00:06 — The Terms-of-Use problem: inputs/outputs may be collected and shared. 🧾
00:07 — The “stranger on the street” analogy: you can’t retroactively make it confidential.
00:08 — PII and client facts: why pasting sensitive data into public AI is high-risk.
00:08 — ABA Model Rule 1.1: competence includes understanding tech risks.
00:09 — ABA Model Rule 1.6: confidentiality and waiver risk with public AI.
00:10 — “Reasonable safeguards”: read policies, adjust settings, and know training/logging.
00:11 — Public vs. enterprise AI: why contracts and “walled gardens” matter.
00:11 — Legal research AI examples discussed: Lexis/Westlaw-style AI offerings.
00:12 — ABA Model Rules 5.1 & 5.3: supervise AI like a nonlawyer assistant/vendor.
00:13 — Redefining “tech-savvy lawyer” in 2026: judgment and restraint. 🧭
00:14 — The “straight-face test”: could you defend confidentiality after a judge reads the policy?
00:15 — Client-side risk: clients can sabotage privilege before contacting counsel.
00:16 — Practical takeaway: check settings, read the fine print, keep true secrets offline (for now). 🔒

RESOURCES

Mentioned in the episode

ABA Model Rules of Professional Conduct (Rules 1.1, 1.4, 1.6, 5.1, 5.3)

Software & Cloud Services mentioned in the conversation

Lexis (Lexis+ AI category mentioned) — https://www.lexisnexis.com/
Microsoft Word — https://www.microsoft.com/microsoft-365/word
Public generative AI “chatbot” tools (general category) — https://en.wikipedia.org/wiki/Chatbot
Westlaw (Westlaw AI category mentioned) — https://legal.thomsonreuters.com/en/products/westlaw

LAWYERS NEED TO BE BOTH TECH-SAVVY AND Cyber-SavvY!

On December 25, 2024, LexisNexis Risk Solutions (LNRS)—a major data broker and subsidiary of LexisNexis—suffered a significant data breach that exposed the personal information of over 364,000 individuals. This incident, which went undetected until April 2025, highlights urgent concerns for legal professionals who rely on LexisNexis and its related products for research, analytics, and client management.

What Happened in the LexisNexis Breach?

Attackers accessed sensitive data through a third-party software development platform (GitHub), not LexisNexis’s internal systems. The compromised information includes names, contact details, Social Security numbers, driver’s license numbers, and dates of birth. Although LexisNexis asserts that no financial or credit card data was involved and that its main systems remain secure, the breach raises red flags about the security of data handled across all Lexis-branded platforms.

Why Should You Worry About Other Lexis Products?

LexisNexis Risk Solutions is just one division under the LexisNexis and RELX umbrella, which offers a suite of legal, analytics, and data products widely used by law firms, courts, and corporate legal departments. The breach demonstrates that vulnerabilities may not be limited to one product or platform; third-party integrations, development tools, and shared infrastructure can all present risks. If you use LexisNexis for legal research, client intake, or case management, your clients’ confidential data could be at risk—even if the breach did not directly affect your specific product.

Ethical Implications: ABA Model Rules of Professional Conduct

ALL LawyerS NEED TO BE PREPARED TO FighT Data LeakS!

The American Bar Association’s Model Rules of Professional Conduct require lawyers to safeguard client information and maintain competence in technology. Rule 1.6(c) mandates that attorneys “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Rule 1.1 further obligates lawyers to keep abreast of changes in law and its practice, including the benefits and risks associated with relevant technology.

In light of the LexisNexis breach, lawyers must:

Assess the security of all third-party vendors, including legal research and data analytics providers.
Promptly notify clients if their data may have been compromised, as required by ethical and sometimes statutory obligations.
Implement additional safeguards, such as multi-factor authentication and regular vendor risk assessments.
Stay informed about ongoing investigations and legal actions stemming from the breach.

What Should Legal Professionals Do Next?

Review your firm’s use of LexisNexis and related products.
Ask vendors for updated security protocols and breach response plans.
Consider offering affected clients identity protection services.
Update internal policies to reflect heightened risks associated with third-party platforms.

The Bottom Line

The LexisNexis breach is a wake-up call for the legal profession. Even if your primary Lexis product was not directly affected, the interconnected nature of modern legal technology means your clients’ data could still be at risk. Proactive risk management and ethical vigilance are now more critical than ever.

Disclaimer

The Tech‑Savvy Lawyer.Page blog and podcast are for informational and educational purposes only. The content reflects the insights and opinions of a legal professional with extensive experience in law and technology. Nothing published on this site or shared through the podcast should be construed as legal advice, nor does it create any attorney‑client relationship.

Readers and listeners should consult a licensed attorney for legal advice tailored to their specific circumstances. References to software, services, or products are provided for discussion purposes only and do not constitute endorsements, guarantees, or warranties.

Blog

TSL Labs 🧪 Initiative: Attorney-Client Privilege vs. Public AI: The Hoeppner Decision Lawyers Need to Understand in 2026 ⚖️🤖

BOLO: LexisNexis Data Breach: What Legal Professionals Need to Know Now—and Why All Lexis Products Deserve Scrutiny!

The Tech Savvy Lawyer

Disclaimer

Disclosure