The problem with putting privileged work into a cloud chatbot
A partner pastes a draft settlement into a public chatbot to tighten the language. That text now sits on a third party's servers, processed under terms the firm never negotiated.
For most matters, that is the moment privilege and the duty of confidentiality stop being something you control.
ABA Model Rule 1.6 requires reasonable efforts to prevent unauthorized disclosure of client information. "We sent it to a vendor that promised not to look" is a weak answer in a malpractice claim or a bar inquiry.
The tools getting the most attention in legal AI — Harvey, CoCounsel, and the consumer versions of ChatGPT and Claude — are cloud services. Your documents leave your network to be processed. Vendor assurances help, but they are assurances, not architecture.
What air-gapped and on-premise actually mean here
Air-gapped means the system runs with no path to the public internet. On-premise means it runs on hardware the firm controls, whether in your own server room or a private cloud tenant you own. In both cases, the matter never leaves your boundary.
That is the difference between a policy and a guarantee. A cloud vendor can promise not to train on your data. An air-gapped deployment makes the question moot, because there is nowhere for the data to go.
Open models have closed most of the quality gap. Llama, Mistral, and similar models now handle contract analysis, summarization, and research drafting at a level that was cloud-only two years ago. You no longer trade capability for control.
What attorneys actually use it for
- Case research grounded in your own briefs, memos, and prior work product, with citations back to the source document.
- Contract review that flags non-standard clauses against your firm's playbook, not a generic template.
- Discovery and review across large document sets, with the corpus staying inside the review environment.
- Knowledge management so a first-year can ask what the firm has argued before, instead of emailing six partners.
The agent reaches these systems through connectors to your document management and research tools — iManage, NetDocuments, Westlaw, LexisNexis, Relativity — rather than a separate copy of your data living somewhere else.
Ownership is the part that matters in five years
A per-seat SaaS contract means your firm's AI capability is rented. Prices change, terms change, and the model behind the product can be swapped without your say. The work product and the workflows you build sit on someone else's roadmap.
Owning the deployment means the opposite. You hold the code, the model weights you chose, and the integrations. Adding the whole firm doesn't multiply the bill, and nothing about your practice depends on a vendor's pricing committee.
This is the model behind air-gapped AI for law firms that you own: agents that run on your infrastructure, with client data that never leaves it, and full code ownership so the capability is yours to keep.
Where to start
Pick one workflow with clear value and low risk — internal knowledge search is a common first step — and run it air-gapped against a single practice group. Prove the security model and the quality on real matters before expanding.
The point is not to adopt AI everywhere at once. It is to adopt it on terms that survive a privilege challenge.
Frequently Asked Questions
Why can't law firms use cloud AI chatbots?
Because privileged matter cannot leave the firm's control; putting it into a third-party cloud raises confidentiality and chain-of-custody concerns under professional-responsibility rules.
What is air-gapped AI for law firms?
AI agents that run on-premise with no external network connection, so attorneys can use them for research, review, and discovery without data ever leaving the firm.
Can attorneys still use modern models?
Yes. Any model — including self-hosted open-weight models — runs behind the firm's boundary, so capability does not require the cloud.
Do you own the platform?
Yes, with the full source code, self-hosted inside the firm, model-agnostic, with matter- and field-scoped access and audit trails.