Here is a question every attorney should be able to answer, and most cannot: if your client called right now and asked which software tools are processing their confidential information, could you give them an honest and complete answer?
For most firms, the honest answer is no. Not because anyone was careless, but because artificial intelligence is already inside the practice, already touching client data, and for most lawyers it arrived without anyone ever making a deliberate decision to bring it in. This is the phenomenon I call hidden AI, and it is the governance blind spot that opposing counsel, regulators, and malpractice carriers are beginning to probe with real precision.
Hidden AI arrives through two doors. Understanding the difference between them is the first step toward governing either one.
The Two Doors
The first door is invisible AI: the AI you did not choose. These are features that were switched on inside tools you already trust and already pay for. The summarize button that quietly appeared in your legal research platform. The writing assistant your browser added in an update. Microsoft 365 Copilot activated across your whole tenant during routine IT maintenance. Nobody at the firm sat down and decided to start routing client material through an artificial intelligence model. A vendor made that decision, or an administrator setting did, and the feature simply turned on. The defining characteristic of invisible AI is the absence of a decision.
The second door is shadow AI: the AI your people did choose. This is the associate drafting a motion section in a personal ChatGPT account. The paralegal dropping a deposition transcript into a personal Gemini account to get a summary before lunch. The partner researching an unfamiliar area of law and pasting the client's specific facts directly into the prompt. Here is the point that determines whether your response works or backfires: these are not bad actors. They are your most productive people solving real problems with the best tool they could find. Research consistently shows that senior partners and high performers lead AI adoption, not juniors. Your rainmaker is more likely to be doing this than your newest associate.
The two doors feel very different. One is something done to you. The other is something done by your people. But look where they both lead. In each case, the same privileged, confidential client information leaves your control and lands inside a third party system you never vetted. And the Rules of Professional Conduct do not ask which door it went through. They ask what reasonable steps you took.
Why the Numbers Should Stop a Managing Partner Cold
Consider the data rather than the adjectives. In one of the largest workplace studies of its kind, covering roughly 31,000 people across 31 countries, Microsoft and LinkedIn found that 78 percent of workers using AI are bringing their own tools, on personal accounts, outside any company program. At small and mid-size organizations, the number runs higher. Fifty-two percent of those users say they are reluctant to admit to a manager that they used AI on their most important tasks. Across professional workplaces generally, estimates of unauthorized AI use run between 40 and 75 percent of workers.
Translate that into a law firm. A large share of your people are already using AI tools you have never evaluated, and a clear majority are motivated to keep quiet about it. That is not a technology problem. It is a governance and supervision problem, which is to say it is an ethics problem.
Why It Is Your Problem: Five Kinds of Exposure
Confidentiality and competence. Rule 1.1 requires lawyers to keep abreast of the benefits and risks of relevant technology. In July 2024, ABA Formal Opinion 512, the first formal ethics opinion devoted to generative AI, sharpened that duty: competence now means understanding a tool's capabilities and its limitations, and updating that understanding as the technology changes. Rule 1.6(c) requires reasonable efforts to prevent the unauthorized disclosure of client information. ABA Formal Opinion 477R established that meeting this standard in the digital world requires due diligence on your vendors and an understanding of how client information is transmitted and stored. When consumer AI is used with client data, with no vendor evaluation and no informed consent, the reasonable efforts standard has not been met. That failure is the violation, and it does not depend on what the employee intended.
Privilege and disclosure. Formal Opinion 512 is direct on a point many firms get wrong: before client confidences go into a generative AI tool, you generally need the client's informed consent, and boilerplate language buried in a standard engagement letter does not satisfy that duty. Feeding privileged material into an ungoverned consumer tool, under terms that may permit retention and model training, is exactly the kind of act that later becomes a contested question about whether privilege was preserved at all.
Malpractice and candor to the tribunal. When AI generated content reaches a filing, that content is your certification under Rule 11, not the machine's. The sanctions pathway is no longer hypothetical. In Mata v. Avianca, 678 F. Supp. 3d 443 (S.D.N.Y. 2023), a court imposed a 5,000 dollar sanction after lawyers filed a brief full of cases ChatGPT had fabricated. In Park v. Kim, 91 F.4th 610 (2d Cir. 2024), the Second Circuit referred an attorney to its grievance panel over a fabricated citation. In United States v. Cohen, 724 F. Supp. 3d 251 (S.D.N.Y. 2024), the court declined to sanction because it credited the attorney's good faith, but only after intense and very public scrutiny. Three attorneys, three reputations on the line, and the shared denominator was AI used in an ungoverned way with no verification step between the tool and the filing.
Supervision. Rules 5.1 and 5.3 place an affirmative duty on partners and managers to make reasonable efforts to ensure that lawyers and staff comply with the rules, and in 2025 that unavoidably includes how they use AI and the AI features baked into firm tools. Here is the trap: a policy that sits in a binder, that nobody is trained on and nobody audits, is not a reasonable supervisory measure. Writing the policy is not the safe harbor. Training it and auditing it is.
Regulatory and contractual exposure. This is where the risk stops being only about bar discipline and becomes about money. Three data protection regimes can each be triggered by a single ungoverned AI use, and several offer no good faith defense. If client protected health information is processed by embedded AI with no Business Associate Agreement, that is a per se violation of the HIPAA Security Rule (45 C.F.R. Parts 160 and 164), with tiered civil penalties that reach into the millions for uncorrected willful neglect. If a matter touches EU data subjects and no written processor agreement is in place, GDPR Article 28 exposure runs up to 4 percent of a client's global annual turnover. Closest to home, the Montana Consumer Data Privacy Act (Mont. Code Ann. Section 30-14-2813) requires a written processor agreement before any processor handles a Montana consumer's personal data. Consumer AI used without that agreement is a per se violation, and Senate Bill 297, effective October 1, 2025, removed the cure period, exposing firms to civil penalties of up to 7,500 dollars per violation. The common mechanism in all three is a missing contract, because the AI processing was added after the original agreement was signed. And a fourth consequence rides along: when personal information reaches a consumer AI vendor without authorization, state breach notification obligations can turn a quiet shortcut into a public disclosure.
The Pattern, and Why It Is Good News
Every verified incident shares the same shape. When Samsung lifted an internal restriction in 2023, engineers pasted proprietary source code and internal meeting recordings into personal ChatGPT accounts three times within about 20 days, and a company wide ban followed. When organizations enable Microsoft 365 Copilot without first auditing document permissions, the tool operates inside each user's existing access and can surface sensitive files that were overshared, so a closed matter's confidential files can become discoverable to the whole firm through a single plain English prompt. The sanctions trilogy tells the same story in a courtroom.
Look at the common thread. In every case, three things were true. There was no malicious act; a capable professional used a tool for its stated purpose. The AI processing was either undisclosed, buried in fine print, or added after the adoption decision was made. And the organization either did not know the processing was happening or did not understand what it meant for their data and their duties.
That pattern is a gift, because it means you do not have to predict every new tool that appears next quarter. You have to govern the pattern.
A Practical Framework: Know, Govern, Supervise, Disclose
Know. You cannot govern what you have not named. Inventory both the embedded AI inside your tools and the shadow AI running on your people's screens. The on-ramp is a single anonymous question at your next staff meeting: list every AI tool you have used for work in the last 30 days, approved or not. Run it anonymously, because the people most worth hearing from are the ones least likely to attach their name. Then inventory the AI features in your three most used platforms.
Govern. The real lesson from Samsung was not "ban AI." It was "provide a governed alternative." People reach for shadow tools when there is no sanctioned option that does the job. Approve one tool, and confirm that the agreement behind it, a Business Associate Agreement where HIPAA applies or a data processing agreement where the privacy statutes apply, actually addresses the AI processing. A better tool displaces consumer tools naturally.
Supervise. Train the policy and audit it, because an untrained, unaudited policy is not a reasonable supervisory effort. Name one person responsible for AI governance. Add an AI verification step to brief review and deposition prep. Add a matter intake question about whether an approved AI tool was used.
Disclose. Get informed client consent before client confidences go into an AI tool, and remember that boilerplate does not satisfy that duty.
The Questions Courts and Opposing Counsel Now Ask
The reason this matters beyond good hygiene is that hidden AI is becoming a litigated question. Increasingly, the discovery and cross-examination questions are pointed: Which tools processed this data? Was AI used to generate this filing, and who verified it? Did the firm have a governance framework, and was it trained and audited? Did the vendor's terms permit model training on the client's confidential material? When these questions arrive in a deposition, in a malpractice claim, or in a motion for sanctions, the firm that governed the pattern has a defensible record, and the firm that did not is left explaining why "I did not know it was doing that" should excuse the exposure. It does not, and the rules do not recognize it.
Where to Start
Hidden AI is not a future problem you can address later. At a 40 to 75 percent usage rate, it is in your firm today. The only open question is whether you find out through your own governance program or through a malpractice claim or a bar grievance. You can begin this week, with the people and tools you already have: run the anonymous audit question, inventory the AI in your top three platforms, and approve one governed tool with the right agreement behind it. That alone puts you ahead of most firms in the state.
Jacob Rebo is the Founder and CEO of Cullis AI, LLC, a Montana firm providing AI governance consulting, expert witness services, and accredited continuing legal education. He holds a JD and an MBA, is an IAPP Certified Artificial Intelligence Governance Professional (AIGP) and a Six Sigma Master Black Belt, and is a decorated U.S. Army veteran. This article is for general educational purposes and is not legal advice.