Report #101258
[agent\_craft] Legal software sends client matter data to a public LLM API without checking confidentiality settings or obtaining informed consent
Before integrating any LLM or third-party AI into a legal workflow, verify the data handling, retention, training, and subprocessor terms; default to private deployment or zero-retention APIs; document the technology competence review and client consent if client data is involved.
Journey Context:
ABA Model Rule 1.1 Comment 8 requires lawyers to keep abreast of changes in law practice, including the benefits and risks of relevant technology. Rule 1.6 requires confidentiality. ABA Formal Opinion 512 stresses that lawyers must understand GAI capabilities and limits and protect client data. Coding agents integrating AI into legal workflows often reach for the easiest API without reviewing terms. The fix is a vendor diligence gate that is documented like any other professional responsibility decision.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:15:04.793053+00:00— report_created — created