EXECUTIVE SUMMARY

On February 10, 2026, Judge Jed S. Rakoﬀ of the United States District Court for the Southern District of New York issued a bench ruling—memorialized in a February 17, 2026 written opinion—holding that 31 documents a defendant generated using the consumer version of Anthropic’s Claude were not protected by attorney-client privilege or the work product doctrine. United States v. Heppner, 2026 WL 436479 (S.D.N.Y. Feb. 17, 2026). [1]

This was not a revolution in privilege law. It was a precise application of settled doctrine to a fact pattern shaped by one decisive variable: the defendant acted alone, without counsel’s direction, on a platform whose consumer privacy policy expressly permits disclosure to governmental regulatory authorities.

This article provides the complete legal analysis and factual context of Heppner; corrections to misreadings circulating in bar publications; a medical-legal analogy illuminating HIPAA risks attorneys are missing; a platform-by-platform conﬁdentiality analysis with veriﬁed pricing data for seven major AI platforms; integration of the TOLFPC Agentic Fidelity (AgFi) framework as a privilege predicate; comparative analysis of general versus specialized legal AI platforms; a comprehensive survey of the 2026 regulatory landscape; a full Practical Roadmap for the safe adoption of agentic Al; and the complete TOLFPC Three-Part Anti-Hallucination Protocol-the minimum standard of competence for Al-assisted legal work.

Top-Line Conclusion: If an attorney uses an Al platform that provides genuine, contractually enforceable privacy, confidentiality, and non-retention protections, then-under the Kovel doctrine, the functional equivalent exception, and the prevailing jurisprudence in the Sixth, Seventh, Eighth, and Ninth Circuits-the attorney’s prompts are likely protected by attorney-client privilege and the work-product doctrine. The key determinant is whether the Al provider is treated as a functional agent of the attorney, not a third-party recipient. The 2026 Michigan case (Warner v. Gilbarco) strongly supports protection when confidentiality safeguards are in place, while the competing SDNY Heppner decision shows the opposite outcome when such safeguards are absent

The Central Thesis: The legal profession is currently operating under a dangerous misconception that the attorney-client privilege automatically extends to generative Al platforms simply because they are used for legal work. This article argues that under the Heppner precedent, the privilege does not survive contact with an Al platform unless the attorney proactively constructs a specific, verifiable Heppner Protective Shield (HPS). The HPS Doctrine posits that an Al platform is legally indistinguishable from a third-party human consultant under the Kovel and Bieter doctrines. Therefore, privilege is preserved only when the Al is deployed under strict attorney direction, governed by an enterprise-grade Zero Data Retention (ZDR) architecture, and utilized as a necessary conduit for legal advice rather than an independent source of expertise. Without this architecture, the use of Al constitutes a voluntary disclosure to a third party, resulting in an absolute waiver of privilege. The HPS Doctrine is designed to be operational rather than merely aspirational. It provides a testable, litigation-ready standard that courts can apply today, using existing doctrinal tools, to resolve the most consequential privilege question of the digital age.