Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
OverviewDeclarative Config Reference
Config Deep Dives
Config ProvidersConfig Rate LimitsConfig Routes And ConsumersConfig Quality AssertionsConfig ObservabilityConfig Security NetworkConfig RuntimeConfig TestingConfig Conditional ChainsConfig ScenariosConfig Pack MetadataConfig Execution TargetsConfig Cloud ProvidersConfig Escalation RoutingConfig Data PoliciesConfig Per Policy CatalogConfig Env VariablesConfig Advanced ProviderConfig Compliance PoliciesConfig Single Policy DocsConfig Flagged Review
Policy Controls Catalog
Input Policies
Output Policies
Agent Policies
Audit & Compliance
Privacy & Legal
Case PrivacyLegal PrivilegeStudent PrivacyUpl FilterDual Use Filter
Content & Document Processing
FAQ

Legal Privilege

The legal-privilege policy detects and blocks content that may be protected by attorney-client privilege or work product doctrine, preventing accidental waiver of legal privilege through AI interactions.

Use this page when

  • You need to prevent accidental waiver of attorney-client privilege through AI interactions.
  • You are deploying AI in legal departments or law firms where privileged communications must not be disclosed.
  • You want to detect and block work product doctrine, litigation strategy, or settlement discussion content.

Primary audience

  • Primary: AI Agents, Technical Engineers
  • Secondary: Technical Leaders

Configuration

policy:
  legal-privilege:
    privilege_markers: []
    action: block
pack:
  name: legal-privilege-example-1
  version: 1.0.0
  enabled: true
policies:
  chain:
  - legal-privilege

Fields

FieldTypeDefaultDescription
privilege_markersstring[][]Privileged communication patterns to detect. Built-in defaults include "attorney-client", "work product", "privileged and confidential", "legal advice", and "litigation strategy"
actionstring"block"Action on detection. Always block to protect privilege

Use Cases

Law Firm AI Governance

Prevent attorneys from inadvertently disclosing privileged communications through AI tools.

pack:
  name: "law-firm-governance"
  version: "0.1.0"
  enabled: true

policies:
  chain:
    - prompt-injection
    - legal-privilege
    - case-privacy
    - pii-detector
    - audit-logger

policy:
  prompt-injection:
    threshold: 0.9
    action: "block"

  legal-privilege:
    privilege_markers:
      - "attorney-client"
      - "work product"
      - "privileged and confidential"
      - "legal advice"
      - "litigation strategy"
      - "settlement negotiation"
      - "mediation discussion"
    action: "block"

  case-privacy:
    detect_patterns:
      - "case_number"
      - "docket_number"
      - "party_name"
    action: "redact"

  pii-detector:
    action: "redact"

  audit-logger:
    retention_days: 2555

Corporate Counsel Protection

Block privileged content in corporate legal department AI assistants, including internal legal memoranda and board communications.

policy:
  legal-privilege:
    privilege_markers: []
    action: block
pack:
  name: legal-privilege-example-3
  version: 1.0.0
  enabled: true
policies:
  chain:
  - legal-privilege

Blocked response:

{
  "error": {
    "code": "POLICY_VIOLATION",
    "message": "Request blocked — privileged content detected",
    "details": {
      "policy": "legal-privilege",
      "matched_marker": "attorney-client",
      "verdict": "block"
    }
  }
}

Litigation Hold Enforcement

Ensure AI tools used during active litigation do not process or generate content related to privileged litigation materials.

pack:
  name: "litigation-hold"
  version: "0.1.0"
  enabled: true

policies:
  chain:
    - legal-privilege
    - dlp-filter
    - audit-logger

policy:
  legal-privilege:
    privilege_markers:
      - "attorney-client"
      - "work product"
      - "litigation hold"
      - "preservation notice"
      - "discovery request"
      - "deposition transcript"
      - "expert report"
    action: "block"

  dlp-filter:
    action: "block"
    patterns:
      - name: "case_file_reference"
        regex: 'CASE-\d{4}-\d{4,8}'
      - name: "privilege_log_entry"
        regex: 'PRIV-\d+'

  audit-logger:
    retention_days: 2555

How It Works

The legal-privilege policy scans inbound requests for phrases and markers that indicate privileged legal content. Detection uses case-insensitive matching against the configured privilege_markers list, combined with built-in patterns for common privilege indicators (e.g., email headers containing "Privileged and Confidential", document footers with work-product markings).

When a match is detected, the entire request is blocked — not redacted. This is intentional: partial redaction of privileged content may not prevent privilege waiver under most legal standards, so the policy enforces a hard stop. The blocked response includes the matched marker for audit purposes but does not echo any of the privileged content.

Best Practices

  • Always use block, never redact: Privilege waiver can result from partial disclosure. Blocking the entire request is the only safe action.
  • Extend privilege_markers for your jurisdiction: Different jurisdictions recognize different types of privilege (e.g., "without prejudice" in UK/Australian law, "settlement privilege" in Canadian law). Add jurisdiction-specific markers.
  • Combine with case-privacy: Legal proceedings involve both privileged content and case identifiers. Use both policies for comprehensive protection.
  • Enable audit-logger with long retention: Privilege disputes can arise years after the communication. Retain audit logs showing that the policy blocked disclosure.
  • Train users on the policy: Blocked requests may frustrate users unfamiliar with privilege rules. Provide guidance on what content triggers the policy and how to rephrase requests.
  • Place first in the policy chain: Position legal-privilege early so privileged content is blocked before other policies process or log it.

For AI systems

  • Canonical terms: Keeptrusts, legal-privilege, privilege_markers, action, attorney-client, work product, privileged and confidential, litigation strategy
  • Config/command names: policy.legal-privilege, privilege_markers (string array), action: block
  • Best next pages: UPL Filter, DLP Filter, PII Detector

For engineers

  • Prerequisites: A list of privilege markers specific to your jurisdiction and practice area. Default markers cover US attorney-client privilege and work product doctrine.
  • Validation: Test with content containing privilege markers and verify blocking. The policy always blocks (never redacts) because partial disclosure can waive privilege entirely.
  • Key commands: kt policy lint, kt policy test, kt events tail

For leaders

  • Governance: Accidental privilege waiver through AI tools is irreversible — once disclosed, the privilege is lost. This policy is mandatory for any organization with legal privilege obligations.
  • Cost: Local pattern matching with no external cost. The cost of inadvertent privilege waiver in litigation far exceeds any prevention investment.
  • Rollout: Deploy in block mode immediately for all AI tools accessible to legal teams. Extend to organization-wide deployment where any employee might paste privileged content into AI tools.

Next steps