A federal court just ruled that AI prompts can be seized as evidence. Here’s what HR and business leaders need to understand about the Heppner decision — and how to protect their organizations.
If you’ve encouraged your team to use AI to think through tough situations — a tricky termination, a complaint that needs investigating, a policy that needs tightening — there’s a federal court ruling you need to understand before the next sensitive conversation hits your inbox.
In United States v. Heppner, a federal judge in the Southern District of New York ruled that documents a defendant created using a publicly available AI tool were not protected by attorney-client privilege or the work product doctrine. The prompts, the AI’s responses, and the strategy notes the defendant generated were all admissible as evidence against him.
It’s a criminal case. But the privilege principles the court applied are the same ones that govern your civil exposure — every workplace investigation, every sensitive HR decision, every conversation that might one day be reviewed by a plaintiff’s attorney.
Bradley Heppner was the target of a federal investigation into alleged securities fraud. After learning he was under investigation but before he was indicted, Heppner used a public, consumer-grade AI platform to draft roughly thirty-one documents — defense strategies, legal arguments, factual analyses. He fed the AI sensitive details about the government’s likely case theory and his own potential exposure. He did all of this on his own, without direction from an attorney. He later shared the materials with counsel.
When federal agents executed a search warrant on his property, they seized his devices — and with them, every prompt he’d typed and every response the AI had generated. His defense team tried to shield the materials under privilege. The court refused.
Judge Jed S. Rakoff’s reasoning came down to three points. First, confidentiality — the foundation of attorney-client privilege — was destroyed the moment Heppner shared sensitive information with a third-party platform whose terms of service permitted data retention and use for model training. Second, the AI didn’t function as a privileged intermediary. Heppner used it on his own initiative, not at an attorney’s direction. Third, privilege has to exist at the moment of communication. Sharing the materials with counsel later didn’t retroactively protect them.
The ruling is the first of its kind at the federal level — and as legal commentators have noted, it doesn’t create new law so much as apply long-settled privilege principles to a new technology. The result is a clear signal that consumer AI tools sit on the wrong side of the confidentiality line.
The instinct to dismiss this as someone else’s problem is exactly the wrong instinct.
Consider the situation you’re far more likely to encounter: an HR leader is investigating a discrimination complaint. They want to think through next steps carefully, so they paste their notes into a public AI tool and ask for guidance. The tool returns a thoughtful list of investigatory steps. The HR leader reads it, decides to take some of those steps but not others, and moves on.
Eighteen months later, that organization is in litigation. A plaintiff’s attorney subpoenas devices, recovers the AI prompts and responses, and now has a written record showing the company was advised — by a tool the HR leader chose to consult — to take specific actions, and didn’t.
That’s not hypothetical. That’s the predictable consequence of Heppner applied to the workplace.
“Many people assume that the tools function like internal systems, but legally, they’re third parties.”
— Burt Garland, Shareholder, Ogletree Deakins
The risk isn’t limited to investigations. It extends to any moment a leader uses AI to think through something sensitive — a performance issue, a policy gap, a difficult employee situation, a compliance question. The prompts you write are evidence. The responses you receive are evidence. And the actions you take, or fail to take, after receiving that information can later be measured against what the AI told you.
Consider a scenario every operations and safety leader should think through carefully.
An employee in a manufacturing facility notices a machine with a missing guard. They snap a photo with their phone, upload it to a public AI tool, and ask if it’s a safety hazard. The tool responds: yes, this is an immediate danger, OSHA’s machine guarding standard applies, you should cease operation of the machine immediately. The employee shows it to a supervisor. The supervisor hesitates. The machine keeps running. An injury follows.
The legal exposure isn’t just the injury. It’s the documented evidence that the employer was on notice — that someone in the organization asked the question, got an answer, and the answer made its way up the chain. The legal standard for harassment and discrimination is that the employer “knew or should have known.” A “should have known” standard is, in practice, a negligence standard. AI prompts and responses can establish exactly the kind of constructive knowledge that converts an accident into negligence — or negligence into something worse.
This applies broadly. Any time an employee uses an AI tool to flag a potential issue and the organization doesn’t act on it, the question becomes: did you know, or should you have known? The AI’s response may answer that question for you.
The takeaway from Heppner isn’t “stop using AI.” These tools are powerful, and organizations that use them well will outperform organizations that don’t. The takeaway is that AI use needs to be governed by the same discipline you already apply to any other channel that creates a record.
A few practical principles:
Treat public AI tools the way you’d treat email to an outside party. If you wouldn’t put the information in an email to someone outside the organization, don’t put it in a public AI prompt. The legal exposure is the same. A simpler version of the rule: if you wouldn’t CC a stranger on an email to your lawyer, don’t put it into AI.
Distinguish between public tools and enterprise-grade tools. Consumer platforms — the free version of ChatGPT, the standard subscription tier, public-facing tools — are third parties. Enterprise tools with contractual confidentiality protections, data isolation, and policies that prevent your inputs from being used to train external models are a different category. Some law firms, including Ogletree Deakins, use AI tools housed on their own servers, where the data stays internal and the model can’t apply what it learns from internal data anywhere else. That’s a meaningfully different risk profile — and one worth understanding when your organization evaluates which tools to deploy.
Direct sensitive AI use through counsel. When the question is genuinely sensitive — an investigation, a potential legal exposure, a regulatory question — the path that preserves privilege runs through your attorney. AI used at counsel’s direction, with appropriate tools, sits in different legal territory than AI used independently by an employee acting on their own.
Train your people on the framework, not just the features. Most AI training focuses on productivity — how to write better prompts, how to draft faster, how to summarize meetings. The Heppner ruling makes clear that organizations also need to train people on when not to use a public tool, what categories of information should never go into one, and what to do when an AI response surfaces a potential issue that requires action.
If you’re going to ask the question, be prepared to act on the answer. Asking AI to evaluate your handbook, audit your policies, or review a situation creates a record of what you were told. Ignoring the response — or acting on part of it and not the rest — is a record of its own.
“The court did not say AI is bad. It said the individual used it without legal direction — and shared information with a third party that stores your data and learns from it.”
— Burt Garland, Shareholder, Ogletree Deakins
Technology will always outpace policy. AI is powerful, but it’s not neutral — it amplifies whatever system you already have. If your organization’s systems are disciplined, intentional, and aligned, AI will accelerate good outcomes. If they’re not, AI will scale the gaps.
Heppner is one ruling, in one district, on a specific set of facts. Future cases will refine, narrow, or extend its reasoning. But the underlying principle isn’t going anywhere: when leaders use a tool that creates a record, the discipline behind the use matters as much as the tool itself. The organizations that get this right will use AI confidently and protect themselves while doing it. The organizations that don’t will discover the gap the way Bradley Heppner did — when someone else is reading their prompts.
For a deeper legal analysis of the ruling, Burt Garland’s full write-up is available at Ogletree Deakins: The Intersection of AI and Attorney-Client Privilege—A Cautionary Tale. It’s the most comprehensive breakdown of Heppner available right now and worth bookmarking if your organization is serious about getting AI governance right.
If your organization has been encouraging AI adoption — and most are, for good reason — Heppner is the moment to pair that encouragement with structure. Define what AI tools your people can use for what kinds of work. Draw a clear line around sensitive matters. Train your team on the difference between public and enterprise platforms. And make sure the people most likely to encounter a sensitive situation know to route the question through counsel before they route it through ChatGPT.
AAIM members navigating these questions can connect with the Solutions Team at solutions.team@aaimea.org for guidance on AI policy frameworks, training, and adoption strategy. We’ve been working with employers across the region on exactly these questions — how to capture the upside of AI without scaling the risk.
This topic is also explored in conversation between Phil Brandt and Burt Garland on the latest episode of This Week at Work. If you prefer to take it in that format, you can watch the full episode here.
Want to Hear the Full Conversation?
In this episode of This Week at Work, Phil Brandt and Burt Garland also walked through a recent FTC action on non-competes and a new Department of Labor proposed rule on joint employer status — both worth understanding if you use independent contractors or staffing agencies.
SHRM Greater Orlando Annual Conference
April 8, 2026
AAIM’s 12th Annual
Leadership Conference
May 15, 2026
Headquarters
12851 Manchester Rd
Suite 150
St. Louis, MO 63131
Toll-Free: 800.948.5700
This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.
AcceptLearn moreDo not accept cookiesWe may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
