Generative AI systems handle sensitive data in at least three distinct ways — and each one carries different confidentiality risks that most legal professionals have not fully grasped.
A paper published on arXiv identifies those three modes as model training and memorization, the live context window, and retrieval-augmented generation (RAG) databases. Each creates separate and often non-obvious exposure risks. The authors ground their analysis in the first decisions from English and American courts to address privilege in the context of generative AI — UK and Munir v Secretary of State for the Home Department and United States v Heppner — reading those rulings against existing privilege doctrine and recent computer science research.
Why this matters: the standard of care for legal professionals is moving. Regulators and courts are now starting to define what responsible AI deployment looks like when client data is involved. A solicitor who does not understand how a RAG database differs from a context window in terms of data retention is operating below a benchmark that is quietly rising.
The paper targets SRA-regulated practitioners in England and Wales but frames its data-governance analysis for any jurisdiction where privilege or professional secrecy turns on demonstrable confidentiality — which is most of them. The uncomfortable read is that "we used a cloud AI tool" is not a governance policy, and courts are beginning to agree.