Part One of a Five-Article Series on AI and the Law
The short answer: AI does not change the fundamental dynamics of managing liability and discoverability. The duties of confidentiality, the rules of attorney-client privilege, and the work product doctrine all operate on the principles they always have. What AI changes is the surface area and the speed of exposure. Beyond questions about the validity of AI outputs, four issues drive most of the practical risk:
One: AI prompts and outputs are now substantial categories of discoverable electronic information;
Two: The contractual architecture of the platform in use is more important than the marketing label, and the actual analysis turns on training, retention, and access terms;
Three: AI tools that record or summarize multi-party meetings often capture communications that were never privileged in the first place; and
Four: Internal AI policy, and conformance with that policy, increasingly determine whether AI-related materials will be discoverable, protected, or subject to sanctions.
I. The Threshold Point – AI Doesn’t Change the Law (yet)
AI does not generate a new body of law governing confidentiality, privilege, and work product. The ABA’s formal opinion on generative AI concludes explicitly that the traditional rules apply; AI is an object of the duties, not a reason to revise them. What has changed is the operational environment. Companies and counsel now use tools that can generate, capture, or summarize large volumes of material quickly, under contractual arrangements that differ materially across vendors and product configurations. The discipline is to ensure that the tools chosen, and the manner of their use, are consistent with the obligations already in place.[1]
One additional caution: the regulatory and rule-making environment is developing alongside the doctrine, sometimes faster. Courts and agencies are issuing standing orders, disclosure requirements, and use restrictions on AI, sometimes with categorical language that does not differentiate among the kinds of AI use the doctrine actually distinguishes. Practitioners should track both layers: the doctrinal analysis that determines whether protection attaches, and the rule-compliance analysis that determines what must be disclosed, certified, or restricted in a given forum. The two analyses do not always produce the same answer.
II. Discoverability of AI Content: The Framing Question
Privilege and work product are protections against discovery. Their scope is defined by what would otherwise be discoverable. The operational questions therefore begin with what AI materials are discoverable, not with whether they are protected.
AI Materials Are Discoverable Electronic Information
AI prompts, outputs, system prompts, custom instructions, uploaded files, and conversation metadata are electronically stored information (ESI) within the meaning of the Federal Rules of Civil Procedure. ESI is the term the 2006 Rules amendments adopted for any information created, stored, or used in digital form, treated as a discoverable category requiring its own preservation, search, and production protocols.[2]
When litigation is reasonably anticipated, AI materials are subject to the duty to preserve, and when requested they are subject to production to the extent that they are relevant and not privileged. The corporate legal department’s diligence obligation includes identifying the AI tools the company and its custodians have used and ensuring that the associated materials are preserved. The technical mechanisms differ across product configurations, and litigation hold practice should reflect those differences: free or default-setting accounts often have shorter retention windows and limited export capabilities, while paid subscriptions and commercial deployments typically support fuller export with audit trails.
Attorney Involvement as the Threshold Fact
The level of attorney involvement in the creation of AI materials is the threshold fact for whether any protection can attach. Work product doctrine protects materials prepared in anticipation of litigation at the direction of or by counsel; attorney-client privilege protects communications for the purpose of obtaining or providing legal advice. In both cases, the attorney’s role in creation defines whether the protective doctrine is available at all. An employee or executive who, on their own initiative, uses AI to analyze potential legal exposure and later shares the analysis with counsel does not create work product through the sharing. The first federal ruling on AI privilege so held: documents generated by a client through a publicly available AI platform were not work product because counsel had not directed their creation, and they were not transformed into work product by transfer to counsel.[3]
The practical implication is that when work product protection is needed for AI-assisted analysis, counsel must direct the AI use contemporaneously and document the direction. Retrospective characterization will not work. If an executive runs an analysis through ChatGPT before involving the legal team, the analysis is not work product, and pulling the legal team in afterward does not retroactively transform it. The operational practice that follows: when sensitive analysis is anticipated, route the work through legal at the front end, not the back end.
Employee or Executive Use of AI Outside Counsel’s Direction
Where an employee or executive has used AI on their own initiative to analyze a matter, the prompts and outputs exist as discoverable material. They may have been retained by the vendor under terms the user did not negotiate, and may be subject to third-party preservation orders the company cannot override. The legal department’s diligence includes inquiring about AI use early in any matter, advising on the discoverability consequences, and suspending further consumer-tier or default-setting AI use for the duration of the matter. Article 3 develops the operational mechanics of this inquiry as part of standard intake practice.
III. Privilege in the Context of AI
Privilege attaches to communications between a client and an attorney, intended to be kept confidential, for the purpose of obtaining or providing legal advice. Heppner applied the three elements to AI and held that communications with a publicly available consumer AI platform fail all three: the AI is not an attorney; the consumer privacy policy defeats reasonable expectation of confidentiality; and the communication is not for the purpose of obtaining legal advice from a lawyer.[4]
The first and third elements would decide the case alone. The confidentiality analysis is the contested element, and it is also where the Heppner court did the least careful work.
Your AI Tool – The Terms and Conditions Matter
Confidentiality analysis has always turned on the contractual architecture governing a vendor relationship rather than on the marketing label the vendor applies to a particular subscription. The legally meaningful questions are three: (1) does the platform contractually prohibit training on user data, or does it merely permit opt-out under terms the vendor can change; (2) does the platform commit to retention terms the user can rely on, or does it reserve broader retention rights; and (3) does the platform reserve only administrative access to user content (system administration, security, abuse prevention, legal process), or does it reserve substantive-content access for the vendor’s own product development. A platform that meets all three tests can be appropriate for confidential work even if sold under a consumer-style subscription. A platform that fails one or more is risky for confidential work even if marketed as enterprise.
This distinction matters because the major AI vendors no longer offer a simple binary. Across Claude, ChatGPT, Gemini, and Perplexity, paid subscriptions typically permit training opt-out, with the default in flux. Anthropic shifted to opt-out-by-default training on Claude Free, Pro, and Max in August 2025. OpenAI’s Plus and Pro subscriptions offer training opt-out controls but remain governed by the consumer privacy policy. Google’s consumer Gemini Advanced operates under a 72-hour retention floor with Activity off; Workspace Business Plus and Enterprise editions add no-training commitments and BAA availability. Perplexity Pro offers an AI Data Retention disable setting; Enterprise Pro adds SOC 2 and SSO. The contractual architecture varies within product families; it varies across vendors; and it varies based on user-selected settings. The privilege analysis has to follow the contract, not the brochure.
The Heppner Court Did Not Engage With the Contract
Judge Rakoff read Anthropic’s consumer privacy policy for its broadest reserved rights and concluded that no reasonable expectation of confidentiality could survive those terms. Applied consistently, that reading would defeat privilege for communications passing through Gmail, Microsoft 365, Westlaw, Lexis, Dropbox, and essentially every cloud service in modern business use. No court has reached that conclusion, because the analysis turns on what the vendor is contractually permitted to do with the content, not on the broadest theoretical right the vendor’s terms reserve. Traditional cloud services reserve access for narrow operational purposes; the access is bounded and not directed to the vendor’s own use of the content. Consumer AI terms historically reserved the right to use user inputs as training data for the vendor’s own product development, which is active, purposive use of the substantive content, and which differs in kind from administrative-access reservation.[5]
But the Heppner court did less work than the analysis required. The opinion treated Anthropic’s consumer terms as a single, uniform thing, reading them for the broadest reserved rights without examining what subscription tier the defendant actually used, whether training opt-out was engaged, what version of the policy was in force at the time, or whether the August 2025 policy shift would have changed the analysis. The court cited an archived February 2025 version of the policy. Heppner used Claude in 2025 before his November arrest, meaning either the pre-August or post-August terms could have governed depending on when the conversations occurred. The court never asked which version applied, what tier Heppner had subscribed to, or what training-opt-out posture his account reflected. The defense did not develop the record on these points, and the parties did not press them. The court accepted a generic consumer-policy argument and ruled accordingly.[6]
The consequence is that Heppner does not reach paid subscriptions with training opt-out engaged, no-training commitments in force, retention controls documented, or BAAs in place, because the Heppner court never analyzed the actual contractual posture of any specific configuration. The case decided what the parties presented. Future cases involving Claude Pro or Max with training opt-out engaged, ChatGPT Plus or Pro under similar settings, Gemini Advanced or Workspace, Perplexity Pro or Enterprise Pro, or any of the team and enterprise tiers under their respective post-2025 default settings will present a meaningfully different question that Heppner did not resolve. The defensible posture for a corporate legal department is to operate as if Heppner applies until a court engages with the contractual architecture of a specific paid configuration, while preserving the contractual-architecture argument for any setting where it matters and documenting the specific settings and policy version in force.
Court Rules and Regulator Requirements May Not Match the Doctrine
The Heppner court’s failure to differentiate among AI configurations is the case-law version of a broader pattern. Some courts have issued standing orders requiring disclosure of “any use of AI” in court filings, sometimes with no further definition. Some agencies have issued AI guidance with categorical language. Where a categorical rule covers conduct that the underlying doctrine would treat differently, the practitioner has two analyses to manage: the doctrinal posture (which may support privilege or work product claims) and the rule-compliance posture (which may require disclosure or restriction regardless). Comply with the rule as written, document the contractual architecture, and preserve the doctrinal arguments for the settings where they matter.
IV. Work Product, Prompts, and Outputs – What is Protectable?
Several federal decisions now provide useful guidance on AI and work product. Read together, they establish that the analysis turns on attorney direction, the presence of mental impressions, the adequacy of the confidentiality architecture, and whether the party has waived protection by putting the substance at issue.
Heppner rejected work product on two independent grounds: the documents were prepared by the client on his own volition rather than at counsel’s direction, and they did not reflect counsel’s mental impressions or litigation strategy. Warner v. Gilbarco, decided a week earlier, reached the opposite conclusion for a pro se litigant’s ChatGPT use, reasoning that waiver requires disclosure to an adversary or in a way likely to reach an adversary, and that ChatGPT is a tool rather than a person. Tremblay v. OpenAI held that prompts crafted by counsel during pre-suit investigation constituted opinion work product because they contained counsel’s mental impressions about how to interrogate the AI. Concord Music Group v. Anthropic reached the same conclusion on the baseline rule, holding that attorney-crafted prompts and outputs are opinion work product and “virtually undiscoverable” under Rule 26.[7]
Concord Music added a practical waiver point. Work product protection, even for opinion work product, is not absolute; the sword-and-shield doctrine permits waiver where a party puts the substance of the AI-assisted investigation at issue. The publishers in Concord Music intended to present testimony that their investigators could elicit infringing outputs using simple prompts. The court ordered production of the prompts and outputs the testifying witnesses had relied on, but the waiver was limited to that material; the court preserved opinion work product protection for pre-suit investigation prompts, attorney-crafted prompts that were never used at trial, and other attorney-developed materials whose substance the publishers had not placed at issue. The operational rule: attorney prompts used to develop a litigation theory remain protected when kept in a secure (non-trainable) environment, and the waiver doctrine reaches only the prompts and outputs the party affirmatively relies on, not the broader investigative record.[8]
The cases are consistent. Heppner addressed a client-produced document where counsel had no role; Warner addressed a litigant-user whose use was an extension of litigation preparation; Tremblay and Concord Music addressed attorney-crafted prompts reflecting litigation strategy. The operational rule for corporate legal departments: work product protection for AI-assisted materials depends on documented attorney direction in anticipation of litigation, combined with appropriate confidentiality architecture, and is subject to waiver under sword-and-shield principles where the party places the substance at issue.
V. Meeting and Discussion Capture – Avoid the Landmines
AI tools that process voice raise distinct issues that current commentary has largely missed. The doctrinal shape turns on whether the tool is performing dictation or recording, on who is participating in the captured communication, and on what counsel does with the resulting material.
Dictation
A dictation tool transcribes the speech of a single user into text. Wispr Flow, SuperWhisper, and on-device transcription tools fall in this category. The user is the sole speaker; the tool is an input method. The resulting material is the user’s work product, generated through mechanical conversion of speech to text. The privilege and work product analysis tracks typed work product. Confidentiality is preserved if the tool’s contractual architecture is sufficient: on-device transcription that never leaves the device presents the cleanest posture, followed by tools with no-training commitments and zero-retention configurations.
Recording and Multi-Party Capture
A recording tool captures a conversation among multiple speakers. Otter, Fireflies, Zoom AI Companion, Microsoft Copilot Meeting Notes, Granola, and Read AI fall in this category. The risk profile is materially different from dictation. Attorney-client privilege does not attach to communications involving third parties outside the attorney-client relationship unless the third party qualifies as an agent under Kovel or as a participant in a properly structured joint defense or common interest arrangement. When the captured meeting includes opposing counsel, regulators, witnesses, journalists, non-privileged company employees, or representatives of non-aligned parties, the underlying communication is not privileged in the first place, and the AI is creating a record of fully discoverable material.[9]
Two practical points follow. First, the identity of the meeting participants controls the privilege analysis, not the identity of the person operating the recording tool. Whether the attorney records, the client records, the client’s IT department records, or a third-party meeting platform records on behalf of the host, the question is the same: did the meeting include anyone outside the attorney-client relationship? If so, the communication was not privileged, and the recording is not a recording of privileged material. Second, even meetings that include only attorney and client may produce mixed material. Communications that are not for the purpose of legal advice (general business discussions, factual exchanges, scheduling, social conversation) are not privileged even within an otherwise privileged meeting. A verbatim AI transcript captures all of it, the privileged and the non-privileged, undifferentiated.
Layered on the privilege analysis are the consent-law problem in two-party states, the weaker work product analysis for verbatim transcripts, and the hallucination problem under Federal Rule of Evidence 1002.[10]
The Transcript-Versus-Summary Distinction
A point worth surfacing because it shapes the operational practice: a verbatim AI transcript of a conversation is, at best, fact work product rather than opinion work product. The Second Circuit’s treatment of verbatim recordings of witness interviews applies. A verbatim record contains the conversation, not the attorney’s mental impressions of it, and receives only the lower tier of protection subject to the substantial need exception. An attorney’s review, edit, summary, or reworking of the transcript is what creates opinion work product. The summary reflects selective attorney judgment about what matters; the verbatim transcript reflects no judgment at all. This is the same principle that applies to AI-generated content generally: AI-created material becomes the user’s own through meaningful human creation, selection, and arrangement, not through the act of generation.
The default operational rule follows from these doctrinal points. AI recording tools should not be used on multi-party communications that include any participant outside the attorney-client relationship, absent a properly structured joint defense or common interest arrangement. Where transcription is needed, route it through tools with adequate contractual architecture for the sensitivity of the conversation. Have counsel review and edit transcripts before they are committed to retention; the resulting summary or memorandum reflects mental impressions and is more defensible as opinion work product than the raw transcript ever could be. Beyond these defaults, the operative variable is internal policy compliance. A company whose policy specifies how AI transcripts are reviewed, edited, and retained, and whose actual practice matches the policy, has a substantially stronger position in any subsequent dispute over discoverability. Conformance with internal policy is likely to be the most important factor in determining whether unedited AI-generated transcripts will be discoverable, because ad hoc retention and inconsistent enforcement weaken privilege and work product claims.
VI. Developing a Solid AI Policy to Protect your Enterprise
The doctrinal framework above generates operational obligations for internal AI policy. The specific requirements:
Document Retention for Prompts and Outputs
AI prompts and outputs are discoverable ESI and must be addressed by document retention policies. The policy should identify AI materials as a retention category, establish retention periods matched to the matter and applicable regulatory requirements, and establish suspension procedures for litigation holds. Retention for tools used on confidential matter work should match the company’s matter-file retention schedule, not the default retention windows of the underlying platform.
Tool Selection and Contractual Architecture
The policy must specify permitted tools by category of use, applying the three contractual-architecture tests (training, retention, access) to each. At minimum: prohibit submission of company-confidential or matter-related information to platforms that lack training opt-out commitments; require BAA coverage for PHI and other regulated data; and identify approved tools rather than leaving selection to individuals. Vendor terms change, so periodic verification is required. The policy should specify who bears responsibility for verifying training-opt-out status, retention settings, and policy version on an ongoing basis. Procurement and legal must coordinate; tool selection cannot be made unilaterally by IT.
Employee Handbook Coverage
AI use policies live in multiple places, and the employee handbook is one of them. The handbook should address AI use as part of acceptable use, confidentiality, and information security obligations, and should cross-reference the more detailed AI policy or standard operating procedure for specifics. The handbook treatment matters for two reasons. First, employees read the handbook; they do not read the standalone IT policy. Second, the handbook is the document from which an employee’s contractual and notice-based obligations are typically construed. Failure to address AI use in the handbook leaves the company arguing about whether the standalone policy was effectively communicated to and accepted by the employee. The handbook should also address the consequences of submitting confidential or matter-related information to unapproved AI tools, framed in the same terms as other unauthorized disclosure conduct.
Centralized Management of AI Materials
Workgroup and project-level features in the major platforms (Claude Team and Enterprise, ChatGPT Team and Enterprise with Projects, Gemini for Workspace, Perplexity Spaces) centralize what would otherwise be distributed across individual user accounts. They allow administrators to manage retention, access, custom instructions, and shared assets at the workspace level, and they support export and audit functions that single-user accounts often do not. Where the volume of confidential AI use is significant, upgrading to a workgroup tier is usually the right call from a confidentiality and litigation-readiness standpoint.
Where single-user accounts are the operational reality (most small firms and many middle-market companies), centralized management is harder but workable. Three approaches operate together. First, standardize on tools that support export of conversation history, prompts, and outputs in a usable format, and require periodic export into the company’s document management system where standard retention, search, and litigation-hold procedures apply. Second, treat the AI account as a workspace, not as a vault: substantive work product (research memoranda, draft documents, analytical summaries) leaves the AI tool and lives in the DMS. The conversation history is a working artifact, not the deliverable. Third, where central management of the conversation history itself is required for litigation-hold purposes, schedule the exports under firm policy rather than ad hoc. The policy should make explicit when export is required, who is responsible for executing it, and where the exported materials are stored.
Prompt Storage and Preservation
Attorney-drafted prompts reflecting mental impressions can be opinion work product. The policy should specify where prompts are stored, how they are associated with the matter, and how they are preserved when litigation is reasonably anticipated. Export mechanisms for approved tools should be tested before they are needed; export tooling that fails on the day a litigation hold issues is not a defensible posture.
Supervision and Training
Opinion 512 applies the Model Rule 5.1 and 5.3 supervisory duties to AI use. Training should cover the contractual-architecture tests (training, retention, access), the third-party problem for recorded communications, the documentation requirements for attorney direction, and litigation hold procedures for AI materials. Training should reach the legal department, the executives and employees who interact with legal, and the IT function.[11]
Articles 2 and 3 develop the broader integration of AI policy with existing contractual and regulatory commitments. The internal AI policy described here should coordinate with the company’s general technology use, document retention, and incident response policies rather than operate as a parallel compliance track.
VII. Common Questions
Does Heppner mean my paid subscription defeats privilege?
It depends. Heppner did not engage with the contractual architecture of any specific paid subscription, so the case does not categorically answer the question. The defensible posture for a paid subscription with training opt-out engaged, the no-training default in force, and a documented retention setting is materially stronger than Heppner addressed. Demonstrable security measures matched with no-training options probably preserve privilege under a fair reading of the doctrine, but no court has yet ruled on those facts directly, and a contrary view holds that retention of disclosure rights under legal process means a paid subscription does not buy meaningful confidentiality protection. Until a court engages the question, treat Heppner as the cautious baseline, document the specific settings and policy version in force, and preserve the contractual-architecture argument for any setting where it matters.
Our privilege analysis says we’re fine. Why is the court asking us to disclose AI use anyway?
Because some courts have adopted categorical rules that do not differentiate among AI uses. A standing order requiring disclosure of “any use of AI” in a filing may sweep in tools and uses that the underlying privilege and work product doctrine would treat very differently. The doctrinal posture and the rule-compliance posture are separate questions. Comply with the rule as written, document what you did and why, and preserve the doctrinal arguments for any setting where they matter. The mismatch between rules and doctrine is itself a reason to maintain documentation that supports both analyses.
Does workgroup or project-level use allow centralized management of AI materials?
Yes, and this is one of the meaningful advantages of workgroup tiers across the major platforms. Claude Team and Enterprise, ChatGPT Team and Enterprise with Projects, Gemini for Workspace, and Perplexity Spaces all centralize retention, access, and shared-asset management at the workspace level, and they support export and audit functions that single-user accounts often do not. For companies with significant confidential AI use, the workgroup tier produces a substantially stronger litigation-readiness posture than distributed individual accounts.
What if we use single-user accounts? How can we manage materials centrally?
This is addressed in the policy section above. The short answer: standardize on tools that support export, treat AI accounts as workspaces rather than vaults, and schedule periodic exports into the company’s document management system under firm policy. The longer answer is that single-user accounts produce real management burden, and where the volume of confidential AI use is significant, upgrading to a workgroup tier is usually the right call.
What if an employee already submitted confidential information to ChatGPT?
Treat it as a containment matter. Identify what was submitted, to what tool, and under what account. Suspend further use. Document the submission and the response. Evaluate whether the submission triggered any contractual breach (with customers, partners, or regulators), regulatory notification obligation (HIPAA, GLBA, state breach notification), or trade secret implication. Article 2 develops the operational response in detail.
What about AI tools that summarize meetings that include non-clients?
The underlying communication is generally not privileged because it includes third parties. The AI is capturing and retaining fully discoverable material. Joint defense and common interest doctrines can preserve privilege in narrow circumstances, but they must be structured in advance. The default rule: AI meeting-capture tools should not be used on multi-party conversations that include participants outside the attorney-client relationship.
Should we ban personal AI accounts for work use?
Yes, for any work that involves company-confidential or matter-related information. Personal accounts operate under terms the company has not negotiated and produce records that the company has no efficient way to preserve, export, or control. The combination of policy and technical enforcement (DLP, network blocks for unapproved AI domains, and SSO for approved tools) is what makes the rule effective.
How does our AI policy interact with our litigation hold practice?
Closely. AI prompts and outputs are ESI subject to preservation when litigation is reasonably anticipated. The litigation hold should identify the AI tools the company has authorized, suspend default auto-deletion settings on those tools for affected custodians, and address known unapproved AI use by individual employees. The hold practice cannot reach AI use the company has not identified, which is why the approved-tools list and the prohibition on personal accounts matter operationally.
Footnotes:
[1]ABA Comm. on Ethics & Prof'l Responsibility, Formal Op. 512, Generative Artificial Intelligence Tools (July 29, 2024) (applying the traditional Model Rules to AI use without creating AI-specific standards). [2]Fed. R. Civ. P. 34(a)(1)(A) (defining the scope of ESI subject to production); Fed. R. Civ. P. 26(b)(2)(B) (limiting discovery of ESI not reasonably accessible because of undue burden or cost); Fed. R. Civ. P. 37(e) (sanctions framework for lost ESI). See also Zubulake v. UBS Warburg LLC, 220 F.R.D. 212 (S.D.N.Y. 2003) (Scheindlin, J.). [3]United States v. Heppner, No. 25 Cr. 503 (JSR), 2026 WL 436479 (S.D.N.Y. Feb. 17, 2026). See also Gould, Inc. v. Mitsui Mining & Smelting Co., 825 F.2d 676, 679-80 (2d Cir. 1987) (preexisting, non-privileged materials do not acquire protection by transfer to counsel). [4]Heppner, 2026 WL 436479, at *3-5. The court held that an AI platform holds no law license, owes no fiduciary duty, and cannot form an attorney-client relationship; that Anthropic's consumer privacy policy reserved rights to retain, train on, and disclose user inputs; and that Claude's terms disclaim the provision of legal advice. [5]On the administrative-versus-substantive-access distinction, see David S. Kemp, The First Federal AI Privilege Ruling Gets the Right Result for the Wrong Reasons, Justia Verdict (Mar. 30, 2026). [6]Kemp, supra, observes that “the court treated Anthropic's broadest contractual reserved rights as dispositive without examining the specific terms, product tier, or training preferences that actually governed Heppner's use,” and warns that “this overbroad reasoning, rather than the uncontroversial holdings, is what future courts will most likely cite.” Several other commentators have noted the same gap. See, e.g., Gibson, Dunn & Crutcher LLP, AI Privilege Waivers: SDNY Rules Against Privilege Protection for Consumer AI Outputs (Feb. 20, 2026) (the Heppner holding was “fact-specific and grounded in conventional privilege and work product legal principles, applied to a factual scenario shaped by the distinct contractual and technological features of the specific consumer AI platform in use”); Venable LLP, AI, Privilege, and the Heppner Ruling (Feb. 23, 2026) (“Although the court did not address enterprise Gen AI specifically, its reasoning suggests that confidentiality, attorney direction, and vendor structure may be decisive in future cases.”); Proskauer Tax Talks (Feb. 20, 2026) (the decision “leaves open whether enterprise-level products . . . might support a different expectation-of-confidentiality analysis”). [7]Warner v. Gilbarco, Inc., No. 2:24-cv-12333, 2026 WL 373043 (E.D. Mich. Feb. 10, 2026); Tremblay v. OpenAI, Inc., No. 23-cv-03223-AMO, 2024 WL 3748003 (N.D. Cal. Aug. 8, 2024); Concord Music Grp., Inc. v. Anthropic PBC, No. 24-cv-03811-EKL, 2025 WL 1482734, at *2 (N.D. Cal. May 23, 2025). Opinion work product receives near-absolute protection under Fed. R. Civ. P. 26(b)(3)(B). [8]Concord Music, 2025 WL 1482734, at *3-4 (applying sword-and-shield doctrine). [9]United States v. Kovel, 296 F.2d 918 (2d Cir. 1961) (agency doctrine for privilege); Restatement (Third) of the Law Governing Lawyers § 76. Joint defense and common interest doctrines vary by jurisdiction. See, e.g., Ambac Assurance Corp. v. Countrywide Home Loans, Inc., 27 N.Y.3d 616 (2016) (New York common interest requires anticipated litigation). [10]Federal law permits one-party consent recording under 18 U.S.C. § 2511(2)(d), but at least twelve states require all-party consent, including California (Cal. Penal Code § 632), Florida (Fla. Stat. § 934.03), Illinois (720 ILCS 5/14-2), Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania, Washington, and Connecticut. California applies its rule to cross-border calls with California participants. Kearney v. Salomon Smith Barney, Inc., 39 Cal. 4th 95 (2006). See also ABA Formal Op. 01-422 (June 24, 2001); Koenecke et al., Careless Whisper: Speech-to-Text Hallucination Harms, ACM FAccT (2024); Fed. R. Evid. 1002. [11]Formal Op. 512 at 13-14; Model Rules 5.1 and 5.3; see also ABA Formal Op. 08-451 (Aug. 5, 2008); ABA Formal Op. 477R (May 22, 2017).