ProductResourcesSupportPricing
Log InTry for Free

AI Isn't the Risk for Lawyers. Choosing the Wrong AI Is.

July 1, 2026
Two AI notetakers can produce identical summaries while treating privilege and client data completely differently. The deciding factor is architecture, not features — here's how attorneys can tell them apart.
In Summary

For attorneys, the biggest risk of AI in client conversations isn't using AI — it's adopting a tool whose underlying architecture stores recordings, retains verbatim transcripts, or trains on client data. Two AI tools can produce nearly identical meeting summaries while handling privilege, confidentiality, and security in completely different ways. The deciding factor is architecture, not features.

The legal industry has moved past the question of whether attorneys should use AI. A more useful question has taken its place: Which AI deserves a seat at the client meeting?

For years, legal technology focused on what happened after a client conversation — drafting documents, conducting research, generating bills, managing matters. But the most valuable work has always happened during the conversation itself. That's where attorneys earn trust, where risks surface, where opportunities are discovered. And increasingly, it's where AI wants to participate.

The trap is assuming that all AI notetaking tools work roughly the same way. They don't. The differences that matter most are invisible on a feature list.

Why The Feature Checklist The Wrong Way To Evaluate Legal AI

A feature checklist tells you what a tool does, not how it handles client data — and for attorneys, the second question is the one that carries professional risk.

 

When firms evaluate AI products, they tend to compare surface capabilities: Does it transcribe? Does it summarize? Does it integrate with Zoom? Does it work with Microsoft Teams? These questions matter, but they don't determine whether a tool aligns with an attorney's ethical obligations. The questions that do live beneath the interface:

  • Is audio retained after the meeting?
  • Are verbatim transcripts stored, and for how long?
  • Can conversation data be used to train future AI models?
  • Is client consent built into the workflow?
  • How is privileged information protected from disclosure?
  • What happens to the data once the meeting ends?

Two tools can generate nearly identical summaries while taking opposite approaches to privacy, security, and privilege. The summary is what you see. The data handling is what you're accountable for.

Why Does AI Architecture Matter More Than Security Promises?

Architecture determines how much risk exists before any security policy is applied. A privacy policy governs what a company says it will do with data; the architecture governs what data exists to be governed in the first place.

 

Every AI vendor claims to care about security. Many claim they don't train on customer data. Some highlight encryption or compliance certifications. Those statements matter — but they're only part of the story. Consider the difference in design philosophy:

 

A tool that requires storing complete recordings and verbatim transcripts indefinitely is built on an architecture that accumulates sensitive data by default. Every stored recording is a potential exposure point in a breach, a subpoena, or a discovery request.

A tool designed around ephemeral processing and minimal retention — removing PII before analysis, avoiding full transcripts, deleting data on a defined schedule — carries far less risk before a single policy is written.

 

Marketing copy can't change technical design. When evaluating legal AI, the most revealing question is not "What does your privacy policy say?" but "What data does your system create and keep, and why?"

Definition

Architecture-first privacy

An approach in which data risk is minimized through technical design — what data is created, processed, and retained — rather than through policy alone. The goal is to ensure sensitive data is never stored in the first place, rather than promising to protect it after it accumulates.

Is Using An AI Notetaker A Breach Of Attorney-Client Privilege?

Not necessarily. Whether an AI notetaker risks privilege depends on the safeguards built into the platform — not on the use of AI itself.

 

The profession has navigated this question before. When attorneys adopted email, cloud storage, and virtual meeting platforms, ethics authorities concluded that these technologies did not waive privilege so long as attorneys had a reasonable expectation of privacy and adequate security safeguards were in place. The same logic applies to AI used for notetaking. The safeguards that support a reasonable expectation of privacy typically include:

  • Not creating or retaining a full audio file or transcript of the conversation
  • Removing personally identifiable information from transcribed text before analysis
  • Using privately hosted AI models so client data never touches a public model
  • Operating within an independently certified secure environment, such as SOC 2 Type II
  • Encrypting data end to end, in transit and at rest

 

Attorneys should always review the ethics guidance applicable in their own jurisdiction. But the broad pattern is clear: privilege turns on safeguards and reasonable expectations of privacy, and a tool engineered around those principles can be used without waiving it.

 

This is general information about how privilege analysis tends to work, not legal advice for a specific matter.

Is Technology Competence Now Part Of Professional Competence?

 

Yes. Ethics guidance across jurisdictions increasingly treats an attorney's duty of competence as including a reasonable understanding of the technology they use — the benefits and the risks.

 

This doesn't mean every attorney needs to become a software engineer. It means attorneys are expected to understand, at a working level, how a tool handles confidential information and whether its use is appropriate for a given matter. In practice, that's the difference between asking "Does it write a good summary?" and asking "Where does the recording go, and who can access it?"

 

The American Bar Association's Model Rule 1.1 comment on keeping abreast of "the benefits and risks associated with relevant technology" has been adopted, in some form, by a large majority of U.S. states. Technology competence is no longer optional or advanced — it's becoming a baseline part of professional competence.

What Is Legal Conversational Intelligence, And How Is It Different From A General AI Notetaker?

 

Legal Conversational IntelligenceTM refers to AI that is purpose-built to support attorneys during live client conversations — surfacing relevant legal issues, follow-up questions, and content cues in real time — rather than simply recording and summarizing a meeting after the fact.

 

Built for attorneys, not adapted for them

General AI notetaker

Built for business meetings
Primary job
Record and summarize after the meeting
Typical data model
Stores full audio and verbatim transcripts
Built for
General business meetings
Privilege posture
Privilege is an afterthought

Legal Conversational Intelligence™

Purpose-built for attorneys
Primary job
Assist the attorney during the meeting
Typical data model
Minimizes retention; often no full audio or transcript
Built for
Attorney workflows and ethical obligations
Privilege posture
Privilege and confidentiality are design requirements

  

How Should Law Firms Approach AI Adoption — Neither Fear Nor Hype?

 

The most durable approach sits between two extremes. Some attorneys remain skeptical of AI altogether; others adopt every new product that appears. Neither posture serves clients well. Firms that succeed with AI won't simply be the ones using it. They'll be the ones that understand:

  • When AI should be used in a given matter or conversation
  • Which tools are appropriate for privileged, confidential work
  • Why the underlying architecture — not the marketing — determines the real risk

AI isn't replacing attorney judgment. By raising the stakes on which tools earn a seat at the table, it's making attorney judgment even more important. The goal isn't to avoid AI. The goal is to adopt it responsibly.

Frequently asked questions

Does using AI in client meetings waive attorney-client privilege?

It depends on the tool's safeguards. Courts and ethics authorities have generally held that technologies like email, cloud storage, and video conferencing do not waive privilege when attorneys maintain a reasonable expectation of privacy and adequate security. An AI tool that avoids retaining full audio or transcripts, removes PII, uses privately hosted models, and is independently certified is designed to meet that same standard. Always confirm the guidance in your jurisdiction.

What's the most important question to ask an AI vendor?

Ask what data the system creates and keeps, and for how long. Retention is the root of most privilege and security risk. A vendor that stores full recordings and verbatim transcripts indefinitely carries fundamentally more risk than one built around minimal retention and de-identification — regardless of what either privacy policy says.

Do AI notetakers train on my client data?

Some do, and some don't — and the answer is often buried in the terms of service. For legal work, the safest standard is a tool that contractually and architecturally guarantees client data is never used to train any AI model, and that processes data through privately hosted models rather than public ones.

What does SOC 2 Type II certification mean for legal AI?

SOC 2 Type II is an independent audit confirming that a company's controls for security, availability, and confidentiality operated effectively over a period of time — not just at a single moment. For attorneys, it provides third-party evidence that a vendor's data-protection practices are real and tested, supporting the "reasonable security safeguards" expected under ethics rules.

Is technology competence actually required for lawyers?

In most U.S. jurisdictions, yes. A large majority of states have adopted some version of the ABA's guidance that the duty of competence includes understanding the benefits and risks of relevant technology, including how an AI tool handles confidential client information.

How do I evaluate two AI tools that produce similar summaries?

Look past the output to the data handling. Compare retention periods, training practices, hosting (private vs. public models), PII removal, encryption, security certifications, and how easily you can delete data. Two tools with identical summaries can carry very different levels of professional risk.

Choosing the right AI isn't about avoiding risk — it's about protecting what makes your client relationships valuable in the first place. That's exactly what Querious is built to do.

See it in your first client conversation

Try Querious free for two weeks — unlimited conversations, no credit card required.

Try for Free →

Two weeks. Unlimited conversations.
No credit card required.

See what happens at the end of your first conversation. Your clients will notice the difference.