Every firm wants the speed of AI. Almost every firm has the same hesitation before turning it on: we cannot risk client confidentiality. It is the right instinct. With the wrong tool, putting client documents near AI can breach confidentiality, waive privilege, and expose matters that even some people inside the firm are not meant to see. This article looks at where that risk is real, why an outright ban does not hold, and what it takes to use AI that respects who is allowed to see what, so a law firm can keep client files confidential while using AI.
Public AI can quietly strip away confidentiality and privilege
The clearest guidance for firms in this country comes from the regulator itself. The New Zealand Law Society's generative AI guidance states plainly that inputting client details and legally privileged material into a publicly accessible or external generative AI tool may give rise to a breach of privilege and confidentiality obligations.1 Its practical advice is just as direct: do not use real client information to test or build AI systems, use fictional data instead, and have a clear firm policy covering confidentiality, unauthorised use, and quality assurance.
The risk is not hypothetical, and the courts have started to make the consequences concrete. In 2026 a United States federal court considered documents that a party had created with a public chatbot and then shared with his lawyer. The court held they were not protected by privilege. One reason was decisive for any lawyer to understand: the platform's own terms allowed it to collect the inputs and disclose them to third parties, so the communications were never confidential in the first place.2 Confidentiality you have already given away to a vendor is not something a court can hand back.
Put those together and the picture is clear. The moment privileged or client information goes into a public AI tool, a firm can lose both confidentiality and privilege, and no amount of careful drafting afterwards repairs it.
Banning AI does not hold, so the real job is to control it
The tempting response is to forbid AI entirely. In practice that rarely works. People use the tools anyway, on personal devices and unsanctioned accounts, which is the worst of both worlds: the risk without any oversight.
The deeper reason a ban fails is the way most firms hold their documents in the first place. Files live as loose Word documents scattered across email attachments, shared drives, and personal machines. In that setup there is no central control over who can open a given file, no oversight of what an AI tool does once it has one, and no practical way to enforce either. Point a public chatbot at a pile of loose .docx files and you have multiplied the exposure, not contained it.
So the fix is not a rule, it is a system. The Law Society's principle holds, the duties of competence and confidentiality apply no matter which tool you use, but a principle needs somewhere to live. That means keeping documents in one place under one access model, with security granular enough that both the person and the AI working for them must obey it. The question is not whether your firm uses AI. It is whether your documents sit in a system that can enforce who sees what, for people and for the AI alike. That is what separates an AI you can trust with client files from one you cannot.
The fix: an AI that only sees what each user is allowed to see
The principle that makes AI safe for confidential work is simple to state. The AI should inherit the signed-in user's access exactly, and never see more. Ask the same question as three different people and you can get three different answers, because each person's assistant is limited to that person's documents. The assistant is not a side door around your access controls. It is bound by them.
To make that real, a firm needs access controls that mirror how it actually works. In Juravie that starts with roles. You build roles that match your structure, starting from system roles such as Viewer, Editor, Reviewer and Publisher, and clone or tune them as needed. When one person needs an exception, you grant or revoke a single permission for that one user rather than bending the whole model. The result is that every person, and every person's AI, operates inside a defined boundary. See how access management works.
How the roles map to the way a firm actually works
These roles are not abstract. They map to who does what with a real document. Take a firm standardising an employment agreement:
- 1
Editor: the junior associate drafts
The associate holds an Editor role and drafts the agreement. The AI proposes changes as tracked redlines, working only across documents that associate is allowed to see. The associate then submits it for approval.
- 2
Reviewer: a senior lawyer approves or requests changes
A senior lawyer holds a Reviewer role, sees the draft in the review queue, and approves it or requests changes. When changes are requested, it goes back to the author. Review is a step the workflow can require, not a courtesy that gets skipped under deadline.
- 3
Viewer: read-only access
A user assigned the Viewer role can open and read documents and templates, and ask the AI about them, but cannot edit them. Restricted files are the exception: they carry their own granular per-file permissions, so a Viewer sees a restricted file only if they have been granted access to it.
The same structure that protects confidentiality also enforces review. Whether an edit started with a person or with AI, nothing reaches final without the right people seeing it. The companion problem of AI inventing facts is covered in our piece on using AI without hallucinated citations, and the workflow itself is described under approval workflows.
Per-file restrictions for the matters that need a wall
Roles cover the everyday. Some matters need a tighter boundary even inside the firm: a dispute involving a colleague, a confidential settlement, a partner-only matter. For these, a single file can be restricted to named people, with the exact modes you choose. A junior can read but not download. A peer can edit but not delete. A reviewer can view but not change.
The important part for AI is what happens to everyone else. A restricted file does not appear in the file manager or in AI search for people who were not granted access, and the AI will not open or edit it for them, because it inherits their view of the firm and that file is not in it. Lift the restriction and the file returns to standard role-based access, and both the restriction and its removal are recorded permanently. This is how a firm gets the productivity of AI across its library without exposing the one matter that must stay sealed. See per-file restrictions in detail.
The record: who saw what, and who decided
Control is only half of confidentiality. The other half is being able to show it. Every AI action, every access grant, every review round and every publish should be recorded and exportable, so if anyone ever asks who relied on what and who signed off, the answer is already written down. That record is also what keeps people careful in the first place. See the sessions and audit trail.
A short checklist for confidential AI
Before you let an AI tool near client files, ask whether it can:
- Limit the AI to exactly what the signed-in user is allowed to see, and never more.
- Hide a restricted matter from both people and the AI, not just from a menu.
- Enforce review so nothing is published without the right people seeing it.
- Keep a complete, exportable record of who accessed what, and who decided.
If a tool cannot do these things, confidentiality rests on everyone remembering the rules every time. That is not a control. It is a hope.
The bottom line
Keeping client files confidential and using AI are not in conflict. They are in conflict only when the AI sits outside your access controls. Put it inside them, so the assistant inherits each user's permissions, sensitive matters stay sealed, review is enforced, and every action is on the record, and the hesitation goes away. That is the approach Juravie is built around: AI inside, control around it.
See AI that respects who can see what
Roles that mirror your firm, per-file restrictions for sensitive matters, an AI that inherits each user's access, and a permanent audit trail. Try it on your own documents.
Start your free trialFrequently asked questions
Is it safe to use AI with confidential client files?
It depends entirely on the tool. Putting client or privileged material into a public, consumer AI tool can breach confidentiality and waive privilege, because the provider can see and retain what you enter. The New Zealand Law Society warns against this directly. It is safe when the AI runs inside a system that keeps client data confidential and limits the AI to exactly what each user is allowed to see.
Can AI see documents a lawyer is not allowed to access?
It should not. In a properly governed system the AI inherits the signed-in user's permissions and can never see more than that person can. If a matter is restricted to named partners, the AI will not surface or act on those files for anyone else, because it has no more access than the user it is working for.
How do law firms control which files AI can use?
With a role model that mirrors the firm, per-user overrides for exceptions, and per-file restrictions for sensitive matters. Each user gets a role such as Viewer, Editor, Reviewer or Publisher, and individual files can be locked to named people. The AI then works within those same limits, and every access and decision is recorded in an audit trail.
Sources
- New Zealand Law Society, "Generative AI guidance for lawyers." lawsociety.org.nz
- DLA Piper, "Are AI-generated documents privileged? Key takeaways from Heppner" (United States District Court for the Southern District of New York), February 2026. dlapiper.com