Confidentiality and the Solo's AI Stack

The first question I get from other lawyers when they see the AI team I run is usually some version of how I handle confidentiality. The framing is almost always wrong. They picture a single AI assistant doing everything, including reading client files, and they cannot reconcile that picture with the duty of confidentiality. So they conclude AI is not safe for legal practice and they walk away.

The picture is not the picture. Most of the AI I run never touches a client file. The work being done by AI in my practice is the business-of-law work that lives entirely outside the client representation. That distinction is the precondition for using AI at all in a small practice. This article walks through how I draw the line and why getting it right is the first step.

I am a Florida trial lawyer. I am not a legal-ethics scholar. The substance below is general professional reflection, not legal advice for another lawyer's practice.

The two layers of work in any small practice

Every solo's practice splits cleanly into two layers.

The first layer is the legal representation. Client communications. Case strategy. Document review. Drafts of motions and briefs. Discovery responses. Notes on witness interviews. Anything that is part of representing a particular client on a particular matter. This layer is governed by the duty of confidentiality and by every related rule on competence, supervision, and candor. The legal-representation layer is where the bar's attention is, and where it should be.

The second layer is the business of running a law practice. Marketing. SEO. Content. Website maintenance. Brand consistency. Audience research. Bookkeeping-adjacent organization. Image generation for the website. None of this work touches a particular client matter. None of it requires confidential information. It is the infrastructure that surrounds the legal practice.

Most of what AI is genuinely good at, in the context of a solo, lives in the second layer. The first layer is where caution belongs. Conflating the two is what produces the “AI is not safe for legal practice” conclusion.

Why the second layer is the right starting point

Three reasons.

It is structurally lower-risk. There is no client confidence at stake when an agent drafts an SEO article on a public legal topic. The work product is meant to be public. There is no information leaking from a confidential file because no confidential information went into the agent's prompt.

It is a larger gap than most lawyers realize. The business-of-law work in a solo practice is enormous and chronically neglected because solos cannot afford to staff for it. Filling that gap is where AI delivers most of its real-world value to a small practice. Spending the early AI energy on the second layer pays off faster and more obviously than spending it on the first.

It builds the discipline that the first layer requires. Running an AI team well on the second layer teaches the lawyer how to brief, supervise, and verify AI output. Those are the skills the first layer would also require. Lawyers who develop the discipline on the second layer are better positioned to think clearly about the first.

How to draw the line in practice

The test I use is direct. Does this prompt include any information that came from a client file or from a privileged communication. If yes, that work does not go to the agents I run for business-of-law tasks. If no, it is fair game.

A few concrete applications.

A marketing agent drafting an article about a generally applicable consumer protection topic. No client information involved. Public legal topic. Fine.

A content agent producing an SEO summary on debt collection law. No client information involved. Fine.

A brand agent reviewing the public-facing bio paragraph for voice consistency. No client information involved. Fine.

An image agent generating a hero image for a published article. No client information involved. Fine.

A draft of a motion in a particular case. Client information involved. Not the work I send to the business-of-law agents. Different stack, different controls, different analysis entirely.

A research memo on the law applicable to a particular client situation, written in a way that does not identify the client or include client facts. Closer call. Often the safer move is to abstract the legal question to general terms, run the research at the general level, and then apply the result to the client matter manually.

The line is not always obvious. When it is not, the safer side is the right one. The premise of using AI for the business-of-law layer is that the layer is genuinely separable from the representation layer. If a particular task does not separate cleanly, it does not get sent.

What the bar rules actually require

The relevant duties are the ones every lawyer has always had. Competence. Supervision. Candor. Confidentiality. Avoidance of unauthorized practice. AI does not relax any of those duties.

The duty of competence requires understanding the tools used in a representation well enough to use them responsibly. For the business-of-law layer, the tools are not part of the representation, but the lawyer's competence still requires understanding what the agent is doing well enough to supervise it.

The duty of supervision requires the lawyer to remain responsible for the work. AI agents are not associates with their own bar cards. The lawyer is on the hook for the output. That is a feature, not a bug. It is what keeps the lawyer engaged in the review pass that the work needs anyway.

The duty of confidentiality is the one most directly relevant to the line drawn above. As long as confidential information is not flowing into the agent, the duty is not implicated by the agent at all. As soon as confidential information starts to flow, the analysis shifts and the safeguards have to be different.

The duty of candor is mostly downstream. If the agent produces work that is going to a court or a client, the lawyer has to verify the substance the same way the lawyer would verify a junior's draft.

None of those duties prohibits the second-layer use of AI. All of them require the kind of careful management the second layer already calls for.

The setup question

Lawyers who decide to start with the second layer ask whether the technical setup matters. Some short observations.

For purely public, non-confidential work, the choice of model and provider is mostly a quality-and-cost question, not a confidentiality question. The information going in is meant to be public. The information coming out is meant to be public. The transmission does not implicate client confidences because there are no client confidences in the loop.

For any work that drifts toward client information, the setup question becomes load-bearing, and the lawyer has to do the analysis the bar already requires for any tool that handles confidential data. That analysis is not the subject of this article. The point of this article is that most of the value lives in the layer where that analysis is not necessary because the work was never confidential to begin with.

For lawyers who want to eventually move some legal-representation work to AI as well, doing it in the right order matters. Develop the discipline on the second layer. Then think carefully about whether and how to apply the same approach, with appropriate safeguards, to the first.

Why this framing matters

I think a lot of lawyers have walked away from AI because they pictured the wrong starting point. A single all-purpose assistant doing everything, including the case file, was never the right picture for a small practice. The right picture is a layered system where the recurring business-of-law work runs on AI and the legal-representation work runs the way it always has, with whatever cautious experimentation the bar rules and the lawyer's judgment permit.

That layered picture is not exotic. Big firms have had it for years. Their marketing department was always separate from their case files. What is new is that solos can now have the same separation, run by software, on a budget that solos can carry. The first step is recognizing that the separation exists and that the second layer is where the early returns live.

The lawyer's confidentiality duty is not the obstacle most lawyers think it is. Drawn cleanly, the duty applies to the layer it has always applied to, and the other layer is open for the kind of business work that has been chronically under-resourced in small practice for as long as small practice has existed.

Frequently Asked Questions

Does this mean AI is unsafe for case work?

That is a separate question with its own analysis. This article is about the layer where the analysis is simplest because no client information is in play. The case-work analysis depends on the specific tool, the specific information, the specific client, and the specific bar's interpretation, and is not what I am addressing here.

What about general legal research?

General legal research that does not involve client facts can usually run through the same business-of-law layer because the inputs are not confidential. As soon as the research is being applied to a particular client situation, the analysis tightens, and the lawyer has to make the call about how to keep client information out of the prompt.

How do you handle accidental disclosure?

The discipline is the same as in any other context. If confidential information slipped into a prompt, the lawyer has to address the slip the same way the lawyer would address any inadvertent disclosure. The best protection is structural separation: agents that run on the business-of-law layer are not even supposed to see client information, which makes accidental inclusion unlikely.

Is there a checklist for the business-of-law layer?

The short version is the test in this article. Does the prompt include client information. If no, fine. If yes or unclear, the work does not go to the business-of-law agents.

What about email drafting?

Drafts of client emails are part of the representation layer and get the representation-layer analysis. Drafts of marketing emails or general public communications are part of the business-of-law layer and run cleanly through it.