By Robert Bergman, CEO Southwest Management Technology & Next Level Mediation
Artificial intelligence tools, particularly large foundation AI models, are rapidly becoming part of everyday legal practice. Attorneys use them to draft documents, summarize discovery, analyze arguments, and prepare client communications. Mediators and arbitrators increasingly rely on AI-assisted tools to manage complex records and streamline decision-making.
These uses promise efficiency. They also create a growing and often misunderstood risk: the loss or exposure of personally identifiable information (PII) and confidential material, even when AI providers assure users that their data is not used to train models.
For legal professionals whose ethical duties are anchored in confidentiality, privilege, and trust, this distinction matters far less than many assume.
The False Comfort of “No Training”
AI providers commonly emphasize that user prompts and documents are excluded from model training. While this may be accurate, it addresses only one narrow aspect of risk.
Information submitted to foundation AI models typically passes through multiple systems: cloud infrastructure, logging and monitoring tools, analytics environments, and, sometimes, human review processes. Even when not incorporated into training datasets, user inputs may be kept temporarily or longer, accessed by provider personnel, or exposed during security incidents.
From a professional responsibility perspective, the question is not whether data improves the model. The question is whether confidential information remains fully within the lawyer’s control. In many AI deployments, it does not.
How Confidential Information Can Be Exposed
Confidentiality risks arise through several common mechanisms.
First, most AI platforms log prompts and outputs for operational purposes, including abuse detection, debugging, and performance monitoring. These logs may persist for extended periods and may be accessible to internal teams or subject to lawful disclosure.
Second, many providers use human reviewers to evaluate flagged interactions. Even limited review can reveal sensitive factual narratives, personal data, or legal strategies, an uncomfortable reality for attorneys handling privileged communications or neutrals overseeing confidential proceedings.
Third, the broader cybersecurity environment has changed. AI platforms are now high-value targets for attackers. Recent threat analyses show increasing attacks on AI applications, cloud infrastructure, and software supply chains. A compromise of the provider can expose data across multiple customers simultaneously, regardless of individual user precautions.
In short, confidentiality can be lost without any misuse, bad faith, or training activity, simply through exposure.
PII, Privacy Laws, and Professional Responsibility
Legal professionals routinely handle PII: names, addresses, financial records, health information, employment histories, and family details. When such data is entered into an AI system, privacy laws may be implicated, including state privacy statutes, sector-specific regulations, and international data protection regimes.
Crucially, responsibility remains with the professional. Terms of service do not shift ethical duties to technology vendors. If confidential or regulated data is mishandled, it is the attorney, mediator, or arbitrator, not the AI provider, who must answer to clients, courts, regulators, or disciplinary bodies.
Competence today includes understanding these risks. Technological convenience does not excuse ethical blind spots.
Special Concerns in Mediation and Arbitration
The risks are particularly acute in dispute resolution.
Mediation depends on candor grounded in strict confidentiality. Arbitration relies on controlled evidence, deliberation, and procedural fairness. When AI tools are used to summarize briefs, analyze positions, or draft awards, sensitive information may be processed outside the parties’ reasonable expectations.
A simple question highlights the issue: would the parties have disclosed the information if they knew it might pass through third-party systems beyond the proceeding? If the answer is no, the use of AI deserves careful reconsideration.
A Targeted Solution: PII Anomalyzer and Confidentiality-Safe AI Use
One emerging response to the confidentiality risks posed by foundation AI models is the use of tools designed to identify and control the presence of personally identifiable information before content is ever shared with an AI system. PII Anomalyzer is one such solution, developed specifically to give professionals meaningful control over sensitive data at the point of use.
PII Anomalyzer provides local, on-device detection of more than fifty categories of sensitive information, including personal identifiers, financial data, health information, and international identifiers. Built on a proven detection framework and enhanced with modern machine learning models, it allows users to balance speed and depth of analysis depending on the task at hand. Importantly for legal and dispute resolution professionals, all analysis occurs entirely on the user’s own machine, without transmitting documents to external servers or cloud-based platforms.
This “privacy by design” architecture directly addresses a central weakness of many AI workflows. By operating offline, collecting no telemetry, and retaining no data beyond the active session, PII Anomalyzer eliminates the risk that confidential materials will be logged, reviewed, or exposed outside the professional’s control. For attorneys, mediators, and arbitrators working under confidentiality obligations or privacy regimes such as HIPAA, GDPR, or state privacy laws, this approach materially reduces compliance and exposure risk.
Beyond detection, PII Anomalyzer supports flexible handling of sensitive information. Users may choose to redact content entirely, replace identifiers with consistent placeholders to preserve document readability, partially mask data, or simply highlight detections for manual review. This flexibility allows professionals to adapt the tool to a wide range of workflows, from preparing documents for external review to sanitizing materials before using foundation AI models.
The application is designed for real-world legal documents. It supports common formats such as Word files, PDFs, spreadsheets, and plain text, and can automatically process scanned or image-based documents using integrated optical character recognition. Batch processing and detailed export reports further support auditability and defensible privacy practices.
In an environment where AI tools are increasingly unavoidable but confidentiality remains non-negotiable, PII Anomalyzer offers a practical bridge between innovation and professional responsibility. By helping ensure that AI systems never receive data they do not need, it enables legal professionals to benefit from AI-assisted workflows while maintaining control over PII and confidential information, without relying on downstream assurances or opaque vendor policies.
PII Anomalyzer from Southwest Management Technology
https://azdecisionscience.com/pii-anomalyzer
A Windows and MacOS desktop application for secure, context-preserving anonymization and re-identification.
Everything you need to prepare and restore sensitive documents:
In my seminars on interpersonal negotiation skills, communication, conflict management and mediation skills, we often speak about cultural and gender differences. Do Hispanics really make less eye contact than non-Hispanics?...
By Gregorio BillikopfJAMS ADR Blog by Chris PooleIn a recent podcast produced by the National Association of Women Judges (NAWJ), Richard Birke, executive director of the JAMS Institute, and JAMS neutrals Hon. Frank Maas...
By Richard BirkeChoosing mediation to resolve long and complicated legal wrangles is encouraged across the legal sector and yet, in some cases, there can be a reluctance to take this route to...
By Dakota Murphey
