This is part of a series from Nelson Mullins' AI Task Force. We will continue to provide additional insight on both domestic and international matters across various industries spanning both the public and private sectors.

Businesses looking to adopt Artificial Intelligence (AI) tools are confronting the risks that accompany these tools. One such risk is the possibility that inputting information into an AI tool may imperil the confidentiality (including privilege), security, and privacy of that information.

Parties and judges involved in litigation matters are also considering the use of AI tools while taking into account various obligations to protect information and limit its use and disclosure. 

Two recent protective orders issued by U.S. Magistrate Judges identify and describe those aspects of certain AI tools that may negatively affect the confidentiality, security, and privacy of information, and establish requirements and prohibitions for parties seeking to use those tools.

These orders may help businesses 1) understand the privacy and security risks involved in the use of AI tools; and 2) ensure that the use of AI tools is consistent with legal and ethical duties to protect and manage information.

Protective Orders: Securing and Limiting the Use of Information

A protective order sets the ground rules for the disclosure and use of various types of protected information (typically labeling that protected information as “Confidential Information”) in discovery and at trial while protecting against unauthorized disclosure or misuse of that Confidential Information.

More specifically, a protective order helps ensure that Confidential Information is 1) used only for the limited purpose of the litigation; 2) maintained securely during the litigation; 3) disclosed only to those involved; and 4) returned to the disclosing party at the end of the litigation. In the contractual context, confidentiality agreements, data protection agreements (DPAs) and other business arrangements memorialize similar requirements designed to ensure the confidentiality, security, and privacy of sensitive information, including personal information. 

Similarly, a protective order also allows parties to “claw back” confidential or privileged information disclosed inadvertently. 

The Risks of Using “Public” or “Open” AI Tools When Certain Information is Involved

Jeffries v. Harcros Chemicals Inc., 2026 WL 82018 (D. Kan. March 25, 2026) (“Harcros Chemicals”) highlights the elements of certain AI tools that can be problematic for maintaining confidentiality, security, and privacy: “the way [some] AI Tools function poses a potential threat to the integrity and security of data produced in litigation.” Judge Mitchell calls these “public” or “open” AI tools. 

Because these tools may use inputted information to train and improve their models, it may not be possible to delete or “claw back” protected information from those tools. Several potential harms arise when information cannot be clawed back or deleted, and is potentially used and disclosed outside the control of the parties:

• Waiver of confidentiality or privilege
• Revealing sensitive data or personal information from the AI tool’s training datasets
• Violation of counsel’s ethical duty to safeguard client information
• Violation of data privacy laws and data protection requirements

Inputting information into an “open” or “public” AI tool limits a party’s ability to control (protect and direct) future use or disclosure of that information. The loss of control inherent in an “open” or “public” AI tool may run afoul of various legal and ethical requirements.

Mindful of these concerns, Judge Mitchell established several requirements for any party seeking to use a particular AI tool:

• Give other parties notice and an opportunity to object
• Ensure the AI tool is used in a secure environment and that Confidential Information is not used to train or improve any AI Tool except a model used exclusively in that case
• If an AI Tool is trained or improved using Confidential Information, that information is destroyed at the end of the litigation and is not made accessible to anyone not authorized to have access to Confidential Information; and 
• Ensure that all Confidential Information is deleted at the end of the litigation.

(Judge Mitchell extended the reach of the original protective order in the case covering “Confidential Information” to cover all “Discovery Material”). 

As noted by Judge Mitchell, these security requirements and use limitations effectively require parties to use only “closed or secure AI tools.” 

What is a “closed or secure AI tool”? Read on.

Identifying and Using a Secure or Closed AI Tool

In Velez v. OnePlus Tech. (Shenzhen) Co., No. 25 cv 2432, ECF No. 28 (S.D.N.Y. June 16, 2026) (“OnePlus”), Judge Ricardo picks up where Judge Mitchell left off in the discussion of the information risks of “open/public” AI tools and the confidentiality, security, and privacy controls offered by “closed or secure AI tools.” 

Specifically, OnePlus 1) defines a “Public Generative AI Platform” and prohibits the parties from providing any “Confidential Material” to any “Public Generative AI Platform”; and 2) defines “Secure or Closed AI Systems” (“closed or secure AI tools”) and the conditions under which providing “Confidential Material” to “Secure or Closed AI Systems” is acceptable.

Definition of a (Prohibited) “Public Generative AI Platform”. A “Public Generative AI Platform” is:

Any publicly accessible or commercially hosted artificial intelligence system, large language model, chatbot, document-analysis tool, image-generation tool, or similar service where information submitted by users may be retained, used for model training, used to improve services, reviewed by human personnel, disclosed to third parties, or otherwise used for the benefit of persons or entities other than the parties to this litigation.

Echoing Harcros Chemicals, this definition identifies risks inherent in using a “Public Generative AI Platform” (an “open” or “public” AI tool): the information submitted to such an AI Tool may be used by parties other than those parties to the litigation and for other purposes.  

Confidential Information Cannot Be Provided to Any Public Generative AI Program. OnePlus prohibits any party from providing any “Confidential Material” to any “Public Generative AI Platform”:

No party, attorney, expert, consultant, vendor, witness, or other person receiving Confidential Material shall upload, input, transmit, disclose, summarize, paraphrase, or otherwise provide Confidential Material to any Public Generative AI Platform.

Judge Ricardo also identifies several prohibited “Public Generative AI Platforms.” Businesses may consider consulting that list in evaluating potential AI tools. 

The Use of “Secure or Closed AI Systems” Is Permitted if Used Appropriately. Inputting Confidential Information into “Secure or Closed AI Systems” is not prohibited, as long as the platform (a “permitted system”) has certain limitations and security protections and is used appropriately:

• the platform does not use the submitted information or documents to train models for non-parties;
• the platform does not permit access to the information by unrelated third parties;
• the information remains subject to commercially reasonable administrative, technical, and physical safeguards;
• the user has a good-faith basis to believe the platform contractually prohibits use of the information for generalized model training or other benefit to non-parties; and
• use of the platform otherwise complies with the Order and all applicable privacy, data-security, and professional-responsibility obligations.

Judge Ricardo gives several examples of “permitted systems,” including:

• private enterprise implementations of AI tools, 
• self-hosted language models, 
• secure document-review platforms incorporating AI functionality, or 
• HIPAA-compliant environments configured to prevent disclosure or model training using Confidential Material.

Takeaways for Businesses Seeking to Employ AI Tools

1. Identify and manage the “protected information” in the possession or control of the business. The obligation to protect information and manage how it is used and disclosed comes from various sources (e.g. privacy and security laws and regulations, ethical rules and standards, a business’s classification of its confidential or sensitive information). Define and categorize all protected information before using any AI tool. Ensure that the privacy, security, and other business policies are updated to encompass the proper use of AI tools.
2. Know your AI tools and the applicable rules. As the orders show, businesses and their counsel must understand AI tools and the risks associated with their use to advocate for their lawful and ethical use.
3. Understand the differences between AI tools and choose a secure or closed AI system when protected information is involved. Not all AI tools are alike, particularly regarding security and privacy controls. Consider the security requirements and use limitations, as well as the “permitted systems” described in the Orders, as a starting point for the due diligence process necessary in choosing an appropriate AI tool or contracting with a vendor for AI-related services.

This article was written with the assistance of summer associate Michael Sabatello.

Follow Nelson Mullins' Idea Exchange for more thought leadership from our AI Task Force, or click here to subscribe to emails from the Nelson Mullins AI Task Force blog.