On February 17, 2026, Judge Jed S. Rakoff of the Southern District of New York held that a criminal defendant's written exchanges with a generative AI platform were not protected by attorney-client privilege or the work product doctrine. The case was United States v. Heppner. The ruling was first-impression and nationwide in effect, and it gave every practicing lawyer a concrete answer to a question the profession had been dodging for two years: what happens when you paste privileged facts into ChatGPT. The answer is that the other side can read them.
If you are a practicing lawyer who has used ChatGPT for anything client-adjacent, Heppner changed your risk calculus, whether your firm has said so yet or not.
GC AI is the legal AI platform for in-house counsel, built by Cecilia Ziniti, a three-time General Counsel, and used by 1,500+ in-house legal teams including 80+ public companies and 20 unicorns.
We wrote this piece because our customers ask us the ChatGPT question quite often, and because Heppner rewrote the answer. GC AI is SOC 2 Type II and SOC 3 certified, GDPR compliant, with zero data retention agreements with OpenAI and Anthropic, and AES-256 encryption. That posture is the specific one Rakoff's three-part test asks for, and it is the reason in-house teams at regulated companies run their AI work through GC AI rather than a consumer-tier chat window.
Can Lawyers Use ChatGPT at All?
Yes, with caveats. ABA Formal Opinion 512, issued July 2024, confirmed that generative AI use by lawyers is permissible under existing ethics rules, so long as counsel maintains three duties: competence, supervision, and confidentiality. State bars have since echoed the framework. California, New York, Florida, and the D.C. Bar have all published guidance built on the same three pillars.
The duties are where the risk lives. Competence means understanding what the model can and cannot do, including hallucination patterns and jurisdictional blind spots. Supervision means treating AI output like a first-year associate's draft that has to be checked before it gets signed. Confidentiality means knowing what happens to the text you paste, where it lives, who can read it, and whether the platform trains on it.
Every high-profile sanction since 2023, and every privilege ruling since Heppner, traces back to a failure in one of those three duties. Lawyers are allowed to use ChatGPT. Lawyers who skip the duties get sanctioned.
What United States v. Heppner Changed
Heppner is the single most important 2026 update for any lawyer using generative AI. Here is the specific holding:
Bradley Heppner was indicted in October 2025 on securities and wire fraud, conspiracy, false statements to auditors, and falsifying corporate records. After indictment, and after retaining counsel, Heppner used Anthropic's Claude to prepare reports outlining his defense strategy and potential legal arguments. The government moved to compel production of those AI chat exchanges. Judge Rakoff held oral argument on February 10, 2026, and ruled on February 17, 2026, that the exchanges were neither privileged nor protected work product.
Rakoff's reasoning ran on three tracks.
First, the AI is not an attorney. Communications with a non-attorney generally cannot be privileged attorney-client communications.
Second, the confidentiality prong failed on the Terms of Service. Anthropic's privacy policy at the relevant time stated that user data and prompts could be used for model training and disclosed to third parties, which meant Heppner had disclosed his defense theory to a party outside the attorney-client relationship.
Third, Heppner's counsel had not directed him to use Claude. Self-directed use by a client is not a counsel-directed channel, and the court declined to extend privilege to it.
The court left one door open. Under the Kovel doctrine, which extends privilege to accountants, translators, and other agents retained by counsel to help render legal advice, Rakoff acknowledged that counsel-directed use of AI on a platform with contractual confidentiality might preserve privilege.
Three elements matter for the Kovel workaround to hold: the tool has to be retained by counsel, used under attorney supervision, and bound by contractual confidentiality obligations. A consumer-grade AI tool a client picks up on their own satisfies none of the three.
That is the operational workaround, and it is the posture purpose-built legal AI platforms like GC AI are designed to meet.
Heppner did not hold that all AI use is unprivileged. It held that this use, by this defendant, on this platform, under those Terms of Service, was not. Read the full opinion before drawing broader conclusions. Our own analysis of the Heppner ruling walks through what it means for in-house teams using AI day to day.
The Harvard Law Review's blog analysis of Heppner is a useful starting point, and Perkins Coie covers Heppner alongside Warner v. Gilbarco, a contrasting ruling from the Eastern District of Michigan that granted work-product protection to a pro se plaintiff's AI exchanges in February 2026.
If your AI use does not satisfy all three Rakoff prongs, assume the chat is discoverable.
The Pattern in Every Sanction Story
Read the sanction cases and a pattern emerges. In nearly every case, the offense is the workflow itself.
Mata v. Avianca (SDNY 2023) produced the original cautionary tale. Attorney Steven Schwartz submitted a brief citing six cases that did not exist, all fabricated by ChatGPT. Judge Castel sanctioned Schwartz and his partner Peter LoDuca for $5,000 and required a letter to every judge falsely cited.
Park v. Kim (2nd Circuit, 2024) ended the same way. The Second Circuit referred attorney Jae S. Lee to the grievance committee after she filed a brief with nonexistent citations generated by ChatGPT.
Wadsworth v. Walmart Inc. (D. Wyoming, February 2025) extended the pattern beyond ChatGPT. Judge Kelly H. Rankin fined Morgan & Morgan attorney Rudwin Ayala $3,000 and revoked his pro hac vice admission, and fined supervising attorney T. Michael Morgan and local counsel Taly Goody of the Goody Law Group $1,000 each, after they filed motions citing eight cases that did not exist. The hallucinated citations came from Morgan & Morgan's legal AI platform, MX2.law, not ChatGPT.
Three cases, three different firms, three different underlying disputes, and one identical failure mode: unverified citations relied on in a filing. Every sanctioned lawyer was penalized for the same thing: signing a filing without opening Westlaw, LexisNexis, or Casetext to confirm the cases existed.
Every sanction case is a workflow case. The AI gives you a draft, the bar rules say you sign what you verify, and the gap between the two is where the sanctions happen.
What ChatGPT Does Well for Legal Work
Cecilia Ziniti, GC AI's founder and a three-time General Counsel, has argued since 2023 that ChatGPT's limits for legal work live mostly in how lawyers use it. The model itself is more capable than the surface suggests. The core insight has held up across model generations.
ChatGPT's legal disclaimers are default system prompt behavior. The reasoning underneath them is much stronger.
Ask ChatGPT to "draft a notice to a tenant under a residential lease" without context, and you will get a hedged response. Tell it you are a licensed attorney acting for the landlord, give it the lease, and ask for a draft that addresses the specific breach, and you get a usable first pass. The disclaimers are reflexive. The reasoning underneath is substantive.
Think of ChatGPT as a smart, eager intern: useful for first drafts, dangerous for final filings. A competent lawyer working with a well-structured prompt can turn a four-hour trademark office action draft into a 45-minute task. The draft is the head start, and a competent lawyer turns it into the finished product.
Michael A. Jacobs, a former Morrison & Foerster partner who led IP litigation in Oracle v. Google and Apple v. Samsung, put it in sharper terms on the CZ and Friends podcast:
"The AI tool is a good second or third year associate right now. And so whatever you would do with a second or third year associate if you're the partner is what you should do with the AI tool, except you have to be doubly worried about hallucinations." —Michael A. Jacobs, Former Partner, Morrison & Foerster
Where ChatGPT earns its keep in 2026 legal work, used safely:
Summarizing a long research memo into a three-bullet executive version
Drafting a first pass at a client email that explains a regulatory update in plain English
Issue spotting in a contract, as a second set of eyes on a clause you have already reviewed
Outlining a brief before you fill in the citations
Converting dense statutory text (GDPR Article 28, DGCL 203) into a client-readable summary
Generating interview questions, training outlines, or framework sketches for internal education
What unites these use cases is that a competent human lawyer reviews the output before anything leaves the building. GC AI customers run the same categories of work, with one structural difference: GC AI is counsel-directed and confidential by contract, so the supervision layer is built into the workflow rather than bolted on after the fact.
What ChatGPT Should Never Touch
Client-identifying data. Names, company identifiers, matter-specific facts, deal terms, regulatory findings. Pasting any of these into ChatGPT Free or ChatGPT Plus is disclosure to a party outside the attorney-client relationship, which is Heppner point 2 cleanly applied. This is the category where GC AI's zero data retention architecture, logically isolated per-tenant databases, and ZDR agreements with the underlying LLM providers make a material difference.
Privileged material. Strategy memos, draft pleadings, internal legal analysis, anything you would claim as work product. Same logic. If opposing counsel can subpoena the chat record, you have waived privilege by typing.
Jurisdiction-specific analysis without secondary verification. Niche state statutes, recent case law, unsettled areas, anything where the model's training cutoff matters. The bigger risk is confident, plausible-sounding outputs that miss a 2024 amendment.
Final filings without a human citation check. This is the sanction line. Every case Westlaw, LexisNexis, or Casetext would not return is a case that does not exist. Check every citation before you sign.
These four categories are Heppner's three-part test, translated into daily workflow.
Four Rules for Using ChatGPT in Legal Work
Four rules keep ChatGPT inside ethical bounds while getting substantive legal work done, post-Heppner.
Prompt well. A structured base prompt (role, context, task, constraints, format) produces meaningfully better legal output than a one-line ask. Give it the statute, give it your position, give it the audience, give it the format. "Draft a two-paragraph summary of California AB 2013 for our engineering leads, neutral tone, no legalese" outperforms "Tell me about AB 2013" every time.
Stay in the loop. Verify every citation against Westlaw, LexisNexis, or Casetext before relying on it. Verify every statute against the official code. Verify every factual claim against a primary source. GC AI builds verification into the workflow through Exact Quote, which pulls character-level verbatim text from the documents you upload, and Research, which returns source links alongside the answer. The responsibility to check still sits with the lawyer, and no shortcut exists.
Know its bounds. Widely documented law fares better than niche jurisdictional statutes. GDPR, Delaware DGCL, federal securities law, major IP doctrines, the FRCP are in the training set ten thousand times over. A 2025 amendment to a state employment statute in Iowa is not. Match the tool to the task.
Practice. The skill ceiling on legal prompting is higher than most lawyers realize, and the gap between a first-week user and a six-month user is not small. GC AI's free CLE-certified classes, taught by former general counsels, are built for that curve, and the Skill Library lets in-house teams save and share the prompts that actually work so the learning compounds across the team. Invest the hours.
You can watch our full demo below:
The Compliance Gap: ZDR, SOC 2, and Why ChatGPT Enterprise Still Is Not Enough
This is where the engineering meets the ethics rules, and where most law firms get the answer half right.
ChatGPT Free and ChatGPT Plus use prompts for model training by default. OpenAI's consumer-tier terms are clear: your inputs can be used to improve the models. That fails Heppner point 2 on its face. Any lawyer pasting client data into either tier is, in Rakoff's framing, disclosing to a party outside the attorney-client relationship.
ChatGPT Enterprise and ChatGPT Team are different. Both tiers offer zero data retention options and contractual confidentiality, and OpenAI publishes SOC 2 Type 2 reports for the Enterprise product.
The practical question is scope. What is certified, who issued the report, what sub-processors are covered, what indemnities do the enterprise contracts actually provide for a privilege breach?
Most law firms evaluating ChatGPT Enterprise confuse "enterprise-grade" marketing with "appropriate for privileged work." The first is a security posture. The second is a legal conclusion that depends on contract terms, jurisdiction, and the specific matter.
Tricia Kinney, General Counsel at BlueLinx, put the distinction on the CZ and Friends podcast:
"I am a huge fan of using legal specific AI tools as opposed to consumer specific AI tools. You want them training in the same context that we're operating in. Legal language is very different. Legal context is very different than it often is in the wider world."
Encryption matters and is now table stakes. AES-256 at rest and TLS in transit ship on every serious AI platform. The harder questions are where the data lives under subpoena, who can compel disclosure, and whether the provider's indemnities cover a privilege breach or only a direct data leak.
GC AI's posture is specific. GC AI is SOC 2 Type II and SOC 3 certified, GDPR compliant, with zero data retention agreements with OpenAI and Anthropic, and AES-256 encryption. Each customer's data lives in a logically isolated database. GC AI does not train on customer data. That posture is built specifically to map to Rakoff's three-part test: counsel-directed deployment, contractual confidentiality, and a platform that functions as an agent of the legal team rather than a counterparty with rights to the text.
This is the line every in-house counsel evaluating general-purpose AI should copy into their due diligence checklist.
What GC AI Does That ChatGPT Cannot
The question in-house teams actually ask is not which chat window has better wording. It is what a purpose-built legal AI platform gives them that a general-purpose one cannot.
Citations you can trust. ChatGPT generates plausible-looking citations that may or may not exist, which is the Mata v. Avianca failure mode built into the product. GC AI surfaces verified sources through its Exact Quote feature, which pulls character-level verbatim text from the documents you upload, and through Research, which biases toward authoritative databases, primary law, and government sites and returns the source link alongside the answer. You can open the underlying document and check it in one click.
Ritesh Patel, Chief Legal Officer at Viant Technology, used to Google HR and privacy questions or call outside counsel by the hour for a generic answer. Now he runs them through GC AI first.
"I describe the setup, get an answer with citations, and use that to brief my team or our business partners. Having sources and links right there builds trust. You can check the law yourself, and that trust drives adoption across the team."
Your company's context, anchored locally. ChatGPT is trained on general internet data. It does not know your MSA template, your NDA playbook, your redline defaults, your prior matters, or your jurisdictional footprint. GC AI connects to all of that through Files, Projects, and custom instructions, so the answers you get are anchored to how your company actually operates.
"With other tools, you need a perfectly polished prompt for it to work well. With GC AI, I don't."
Contract review inside Microsoft Word. ChatGPT lives in a browser tab you have to context-switch to. GC AI lives inside Word through its Word Add-In, with surgical redlining, issue spotting, drafting, and comment summarization available directly in the document you are already editing.
For contract review in particular, that integration is the difference between a tool you try and a tool you keep open.
"GC AI's Word Add-in is in a class of its own compared to other legal AI tools I have evaluated." —Laura Knight, Secure Code Warrior
Playbooks that scale your judgment. ChatGPT cannot hold a structured review framework across a hundred NDAs, DPAs, or SaaS MSAs. GC AI's Playbooks turn your review standards into repeatable workflows that any member of the team, including junior counsel, can run with consistent results. The senior lawyer's judgment gets encoded once, and the team applies it at scale.
A privilege posture the court recognizes. This is the Heppner point. ChatGPT Free and Plus fail all three of Rakoff's prongs on their face. ChatGPT Enterprise can satisfy prong 2 if configured correctly. GC AI is designed from the ground up to satisfy all three: counsel-directed deployment, contractual confidentiality with zero data retention, and use as an agent of the legal team rather than a public counterparty with rights to the text.
"I go straight to GC AI for everything from research requests to litigation responses. I've compared against ChatGPT, GC AI gives more comprehensive responses appropriate for a lawyer to use. After six months of use, I'm sure I've saved hundreds of hours." —Trisha Mauer, VP of Legal at Tonal
"What would be really helpful is if there was an entire universe that was like ChatGPT, but built for and made for the legal world and the compliance world. GCAI." —Danielle Sheer, Chief Trust Officer at Commvault, on the CZ and Friends podcast
Joys Choi, Senior Director of Legal at Tipalti, saved 609 hours in a single year using GC AI, the equivalent of 76 full working days. Her lean corporate legal team covers governance, employment, and litigation globally, and without GC AI she estimates she would need two more attorneys to keep pace.
"Out of all the AI tools I've used, GC AI delivers the most impact for attorneys, confidential, reliable, and efficient." —Joys Choi, Senior Director of Legal at Tipalti
When to switch from ChatGPT to a purpose-built legal AI platform, based on what we see with GC AI customers: when your in-house team grows past three lawyers, when privileged work becomes a regular rather than occasional output, when client data falls under a regulated framework (HIPAA, GDPR, CCPA, GLBA), or when you need the AI to carry matter context across conversations rather than starting every session cold.
For a full side-by-side, see the forthcoming GC AI vs. ChatGPT comparison page. For readers weighing Claude instead, see the GC AI vs. Claude comparison.
See GC AI Under the Same Prompts
See how GC AI handles the same prompts under SOC 2 Type II and zero data retention.
Frequently Asked Questions
Have Any Lawyers Been Disbarred for Using ChatGPT?
Multiple lawyers have been sanctioned for ChatGPT-related filings, though none have been disbarred as of April 2026. Steven Schwartz and Peter LoDuca were fined $5,000 in Mata v. Avianca. Jae S. Lee was referred to the Second Circuit grievance committee in Park v. Kim. Three lawyers at Morgan & Morgan and Goody Law Group were fined a combined $5,000 in Wadsworth v. Walmart (February 2025) for citing cases hallucinated by the firm's in-house AI, not ChatGPT. The common thread in every case is unverified citations in a filed document. The workflow is the offense.
Is ChatGPT 4 or ChatGPT 5 Safer Than the Free Version?
Model version does not change the privilege analysis. What changes safety is the tier and the contract. ChatGPT Enterprise and ChatGPT Team offer zero data retention and contractual confidentiality that the Free and Plus tiers do not. The Kovel carve-out in Heppner also matters: counsel-directed use on a platform with enforceable confidentiality is treated differently from self-directed use on a consumer tier, regardless of which model powers the chat.
Claude vs. ChatGPT for Lawyers: Which Is Better?
Both are general-purpose large language models with strong reasoning. Claude holds longer contexts in a single session, and ChatGPT has broader third-party integrations. Neither is designed for legal work specifically. If you are comparing them head-to-head for legal use, the more productive question is whether either belongs in your workflow compared to a purpose-built legal AI platform. See our GC AI vs. Claude Cowork comparison.
What Are the Best Free ChatGPT Alternatives for Lawyers in 2026?
No free option satisfies post-Heppner privilege requirements. Free Claude, free Gemini, and free ChatGPT all train on user prompts by default. For privileged work, you need either a paid enterprise tier with zero data retention and appropriate contract terms, or a purpose-built legal AI platform designed around the three Rakoff prongs. "Free" and "privileged" do not coexist in this category.
Can I Use ChatGPT for Client Work With a Paid Subscription?
ChatGPT Enterprise or Team, configured with zero data retention and, where applicable, a Business Associate Agreement, is materially safer than Free or Plus. It remains a general-purpose platform. For privileged, regulated, or matter-specific work, a legal-specific platform provides the controls Heppner's three-part test asks for: counsel-directed deployment, contractual confidentiality, and an agent-of-counsel posture.
Is It Legal for Lawyers to Use ChatGPT?
Yes, under ABA Formal Opinion 512 (July 2024) and state bar guidance in California, New York, Florida, and the D.C. Bar, lawyers can use ChatGPT if they maintain three duties: competence, supervision, and confidentiality. Legality depends on how you use it. ChatGPT Free and Plus fail the confidentiality duty for client data because consumer-tier inputs train the models. ChatGPT Enterprise, ChatGPT Team, or a purpose-built legal AI platform with zero data retention and counsel-directed deployment is the safer path.
Does ChatGPT Protect Attorney-Client Privilege?
Under United States v. Heppner (SDNY, February 2026), written exchanges with a consumer-grade generative AI platform are not protected by attorney-client privilege. Judge Rakoff's three-part test requires that the AI is directed by counsel, the platform offers contractual confidentiality, and the use is tied to legal advice. ChatGPT Free and Plus satisfy none of the three on their face.
Can ChatGPT Chat History Be Subpoenaed?
Yes. Under Heppner, written exchanges with consumer-grade AI platforms are treated as disclosure to a third party, which waives attorney-client privilege and work product protection. If the provider's Terms of Service permit training on user inputs or sharing with third parties, the chat is discoverable. Zero data retention agreements with the underlying model provider and counsel-directed deployment on a privileged-safe platform are the operational workaround.
How Do Lawyers Use ChatGPT Safely?
Four rules: write structured prompts that include role, context, task, and format; verify every citation against Westlaw, LexisNexis, or Casetext before signing anything; stay off niche jurisdictional statutes unless you double-check against primary law; never paste client-identifying data, privileged material, or draft filings into ChatGPT Free or Plus. For privileged work, use a purpose-built legal AI platform with zero data retention and counsel-directed deployment.
