Lessons from the OpenAI Litigation on Safeguarding Privileged Information
Editor’s Note: Privilege disputes are becoming increasingly complex in the age of AI—and the recent rulings in the OpenAI litigation illustrate just how challenging it can be to draw the line between legal advice and everyday business communications. This article breaks down key takeaways from the court’s analysis of AI prompts, Slack messages, and technical documentation, offering actionable guidance for legal, cybersecurity, and eDiscovery professionals. Notably, the court’s rejection of privilege claims over documents like a spreadsheet of prompts and outputs—and its reference to the “GOAT” of ridiculous privilege claims: a toilet photo—serve as cautionary reminders. In this evolving digital landscape, asserting privilege requires precision, not assumption.
Lessons from the OpenAI Litigation on Safeguarding Privileged Information
By Phil Favro, Contributing Author for HaystackID
In the age of Artificial Intelligence, lawyers are struggling to apply traditional procedural and evidentiary rules to AI-related evidence. Disputes over discovery involving such information are proliferating, with the In re OpenAI, Inc., Copyright Infringement Litigation lawsuit being the epicenter for these disputes. While OpenAI recently resolved various issues regarding the preservation and production of user prompts and AI outputs, the court just issued another order addressing the application of the attorney-client privilege to prompts and outputs.[1] That order, which rejects a claim of privilege over such information, highlights steps litigants may consider to better safeguard privileged information from disclosure in litigation. OpenAI is also instructive on whether technical issues relating to the training of AI models, along with communications exchanged with in-house lawyers over collaboration platforms like Slack, can be claimed as privileged.
The Attorney-Client Privilege and Privilege Logs
By way of background, the attorney-client privilege is a rule of evidence that typically prevents communications between clients and lawyers from being disclosed in court proceedings.[2] For a document to be privileged, it must be confidential, generally limited to the client and lawyer, and made for the purpose of seeking or providing a legal opinion or advice.
While the attorney-client privilege is a rule of evidence, procedural rules govern how parties claim the privilege in civil litigation. In federal court, parties claiming the privilege in response to written discovery requests must timely object to those requests on the basis of privilege. In addition, they must substantiate their objections by disclosing basic details about the nature of the withheld information (author, recipients, date, and subject) without divulging the privileged contents of the documents.
While this process of claiming privilege in discovery is seemingly straightforward, disputes over privilege logs abound. Requesting parties often challenge privilege logs. Their challenges generally focus on: (1) an alleged lack of information in the log regarding the withheld documents; and (2) the withheld documents are supposedly not privileged.
Courts sometimes reject these challenges, finding the privilege logs sufficient or the documents themselves privileged. And yet, there are many instances where courts agree that log entries are insufficient or that documents (after the court conducts a review in camera) are not privileged. Some courts have even catalogued instances where parties have misused the process by representing in the log that obviously non-privileged information is privileged. These instances include (among many others) communication reflecting a lawyer’s business advice or other non-privileged content, such as “[p]lease contact me with any questions. We hope you have a good weekend.” One court characterized a picture of a toilet that a litigant claimed as privileged as being the “GOAT” of “ridiculous privilege claims.”[3]
OpenAI Decisions on Disputed Content regarding Privilege Claims
Because there are so many instances in which parties’ privilege claims have lacked merit, courts routinely entertain challenges to privilege logs. It is this context in which the court in OpenAI issued its rulings regarding the application of privilege to AI-related content and other documents.
Spreadsheet Reflecting Prompts and Outputs
In OpenAI, defendant OpenAI claimed that a spreadsheet memorializing various AI prompts and outputs was privileged. OpenAI argued that its employees and counsel generated the prompts at issue after being advised by OpenAI’s in-house counsel to “collaborate and communicate regarding copyright compliance measures for product outputs.” According to OpenAI, those inputs and the corresponding AI output responses that were collectively reflected on the spreadsheet included “requests for legal advice.”
The court was not persuaded, though, and instead held that the spreadsheet was not privileged. In particular, the spreadsheet lacked any of the typical indicia confirming it was privileged. For example, the court found that the spreadsheet did not include a legend indicating it was privileged or even confidential. In addition, the spreadsheet did not reflect any “comments or entries from in-house counsel.” While there were two entries on the document suggesting “in-house counsel should be contacted,” those items (standing alone) were insufficient to demonstrate that the spreadsheet was privileged. Simply put, the spreadsheet was a business document, and the court held that the involvement of counsel in its development did not confer upon it privileged status.
Communications Discussing AI Technical Issues
OpenAI also claimed privilege over communications regarding various technical issues with AI. In one email string, OpenAI argued that it redacted content reflecting “requests for confidential legal advice” regarding the training of “ChatGPT models.” OpenAI also redacted information from particular Slack messages concerning “technical issues” and related risks for certain AI “models,” maintaining that it included legal advice from in-house lawyers. In another series of exchanges on Slack, OpenAI claimed that discussions encompassing (among other things) “model safety and training” included “prior legal advice.”
The court mostly rejected OpenAI’s arguments and ordered the majority of the withheld information to be produced in discovery. For example, one email redaction on training AI models included a “general” question between lay employees lacking any reference to legal advice. The court found similarly with various redactions in the first of the Slack exchanges regarding technical issues and risks with AI models; they were messages between “corporate employees” that didn’t “contain or reflect any prior legal advice rendered by in-house counsel or the application of legal principles to past or future conduct.” Regarding the other Slack messages on model safety and training, the court observed that they involved “OpenAI employees contemplating not listening to legal advice (without saying what that advice was) and asking whether the lawyers had an answer on a pending legal question (again, without disclosing the legal question).”
It is noteworthy that while determining that certain withheld information lacked basic privilege indicia, the court did not suggest that OpenAI could not protect as privileged legal opinions on AI technical issues. Moreover, the court did find for OpenAI on some of the documents and held that their contents were privileged. Regarding the email string above, the court indicated that a redaction was proper because it included previously issued legal advice. In addition, the court allowed two redactions to stand in the Slack exchanges because they memorialized prior legal advice from OpenAI’s counsel.
OpenAI’s “Privileged” Slack Channel
Another series of disputed privilege claims involved messages exchanged on an OpenAI Slack channel. OpenAI indicated that it established the Slack channel at the direction of its general counsel to “seek and provide legal advice regarding copyright law, legal strategy, and product legal counseling.” While concluding that certain of those Slack messages were, in fact, privileged, the court rejected the notion that all messages in the channel could be withheld simply because counsel conceived of this idea. Instead, the court evaluated each message to assess whether they satisfied privilege requirements, just as it would have done had the exchanges taken place over email. Under this more exacting standard, the court concluded that several messages were not privileged because they did not include a request for or the provision of legal advice by OpenAI’s counsel.
AI Age Lessons on Protecting Privilege Claims
The privilege rulings from OpenAI highlight several key lessons for protecting privilege claims in the age of AI. First, parties should ensure that claimed documents bear a “Privileged” legend. Just like the spreadsheet reflecting prompts and outputs in OpenAI, neglecting to include a “Privileged” label on a legitimately privileged document can lead a court to question whether the document is in fact privileged. This is particularly the case with novel AI information like the spreadsheet in question, which did not include the traditional hallmarks of a privileged communication or memorandum. Of course, employees should not try to sweep non-privileged documents under a privilege label as this tactic can lead to heightened judicial scrutiny and other issues with privilege claims.
This leads to the next lesson from OpenAI on privilege practices: consider including a brief explanation substantiating the privileged nature of certain key documents. For the disputed spreadsheet in OpenAI, either counsel or a lay employee could have included a one-sentence explanation delineating the purpose and nature of the document at the time of its creation. This would likely have been more effective in establishing the privileged character of the spreadsheet than after-the-fact explanations raised in motion practice that courts may perceive as contrived.
Another key lesson from OpenAI is what the court did not declare, i.e., that technical issues regarding the use of AI are somehow beyond the scope of the attorney-client privilege. On the contrary, the court found that communications from OpenAI’s counsel reflecting “legal concerns” regarding “model safety and training” were privileged, along with “legal advice” on “technical issues and associated risks” for AI models. All of this confirms that cutting-edge technologies like AI—which present legal risks—are proper subjects of legal advice, and courts should recognize the role of lawyers in counseling clients on these issues.
Finally, OpenAI clarifies that, in the context of collaboration platforms such as Slack, Google Workspace, and Microsoft Teams, each exchanged message may need to individually satisfy attorney-client privilege requirements. While it is perhaps advisable to establish confidential channels in which counsel may receive legal questions and share advice, organizations should anticipate that other courts may follow OpenAI and not allow blanket claims of privilege over all messages from such channels.
About Phil Favro
Phil Favro is the founder of Favro Law PLLC, where he counsels clients on ESI, AI, and discovery issues and serves as a special master, mediator, and expert witness. Phil is nationally recognized for his expertise on ESI, discovery, and information governance, with courts acknowledging his credentials. See, e.g., Oakley v. MSG Networks, Inc., No. 17-CV-6903 (RJS), 2025 WL 2061665 (S.D.N.Y. July 23, 2025). This background makes Phil particularly well-suited to counsel clients and advise courts on information-related issues. As a special master, Phil is acclaimed for his collaborative approach, working with parties to find stipulated solutions to complex issues. For disputes that require adjudication, he is renowned for the clarity and vigor of his written dispositions, which are available on legal search engines.
About HaystackID®
HaystackID® solves complex data challenges related to legal, compliance, regulatory, and cyber requirements. Core offerings include Global Advisory, Cybersecurity, Core Intelligence AI™, and ReviewRight® Global Managed Review, supported by its unified CoreFlex™ service interface. Recognized globally by industry leaders, including Chambers, Gartner, IDC, and Legaltech News, HaystackID helps corporations and legal practices manage data gravity, where information demands action, and workflow gravity, where critical requirements demand coordinated expertise, delivering innovative solutions with a continual focus on security, privacy, and integrity. Learn more at HaystackID.com.
Assisted by GAI and LLM technologies.
SOURCE: HaystackID
[1] In re OpenAI, Inc., Copyright Infringement Litigation, No. 23-CV-8292, 2025 WL 2799890 (S.D.N.Y. Oct. 1, 2025). [2] See generally Fed. R. Evid. 501; Ca. Evid. Code §§ 952, 954. [3] Dale v. Deutsche Telekom AG, No. 22 C 3189, 2024 WL 4416761, at *3, n.5 (N.D. Ill. Oct. 4, 2024).