Artificial intelligence tools such as public chatbots and document analysis platforms are now part of everyday life. Many clients understandably use these tools to summarise documents, draft emails or explore issues before speaking to their advisers. While AI can be helpful, using open source or publicly available AI tools can carry serious legal risks if sensitive information is uploaded.
A recent case, R on the application of Munir v Secretary of State for the Home Department [2026] UKUT 81 (IAC), highlights why caution is essential.
Why clients should be careful with open source AI
Open source or public AI tools are typically operated by third party providers on standard terms. In many cases, any information uploaded is stored, processed or reused in ways that the user cannot fully control. Even where providers say they do not actively read material, the key issue is that the information is no longer confidential in a legal sense.
This matters because legal professional privilege and confidentiality rely on information being kept private. If privileged or sensitive documents are uploaded to an open source AI platform, there is a real risk that privilege is lost permanently.
The Munir case, although arising in the immigration context, reinforces a well established principle. Information placed into an environment that is not confidential is unlikely to be protected. The decision comes from the UK Upper Tribunal, so it is not strictly binding on higher courts. However, it is difficult to see how any court could realistically reach a different conclusion. From a practical point of view, any documentation or information uploaded to an open source AI tool should be treated as exposed. Once uploaded, it is effectively out there and potentially accessible to anyone, including an opponent in a dispute.
Reassurance for Wolferstans clients
Clients are often concerned that the same risks apply when their lawyers use AI. At Wolferstans, that is not the case.
Wolferstans uses a proprietary AI solution within a controlled and secure environment. This means:
- Client data is not shared with the public
- Information is not used to train open or external AI models
- Confidentiality and privilege are preserved
- Use of AI is governed by strict internal policies and professional obligations
AI at Wolferstans is used as a support tool, not a replacement for legal judgment, and always within the firm’s duty to protect client confidentiality and act in clients’ best interests.
Practical tips for clients to protect their data
To reduce risk when using AI tools outside your legal team, clients should consider the following practical steps – K A R E
K – Keep privileged documents out – Avoid uploading legal advice, draft witness statements, contracts, settlement proposals or internal strategy documents to open source AI tools.
A – Assume everything uploaded may be shared – If you would not be comfortable handing a document to an opponent or regulator, do not upload it to a public AI platform.
R – Remove identifying details – If you use AI for general guidance, strip out names, dates, addresses and any facts that could identify you, your business or a dispute.
E – Engage your lawyer first – If you are unsure whether it is safe to use AI in relation to a legal issue, speak to your lawyer before doing so.
The key message
AI is here to stay and can be a useful tool when used carefully. However, open source AI platforms are not private, secure spaces for sensitive legal information. Once confidentiality is lost, it cannot be recovered.
Wolferstans’ use of proprietary AI is designed to protect clients, not expose them to risk. Clients can play their part by being cautious with their own use of public AI tools and by seeking advice before sharing information that matters.
If you have any questions about data security, confidentiality or the safe use of AI, your usual Wolferstans contact will be happy to help.