For all the knowledge that AI provides access to, there’s one glaring and ironic blind spot: for all we’ve learned, we still haven’t learned how to use AI responsibly.

According to an UpGuard study, while 40% of employees recall AI training, 40% of them still use unapproved tools on a daily basis. Training was linked to the inability to prevent high-frequency risk and can ultimately lead to overconfidence in AI. Free chatbots also carry the risk of weakened security, data leak exposures, unreliable outputs, and compliance gaps.

What’s the bottom line? Free AI agents come with a cost.

Unauthorized AI Use Is Already Widespread

Unauthorized AI Use Is Already Widespread

As featured in our AI Maturity in the Legal Industry whitepaper, several recent surveys show how common unauthorized or risky AI use has become:

  • Anagram survey of 500 full-time employees: 58% have pasted sensitive information into large language models, including client records, financial data, and internal documents; 45% have used banned AI tools at work; and 40% said they would knowingly violate company policy to finish a task faster.

  • Intapp survey of 800 fee-earners: 50% said they used AI tools without knowing whether they were allowed, while 50% used AI tools for work that were not authorized.

  • KPMG global survey of more than 48,000 people: 44% knowingly use AI tools improperly at work, and 58% of U.S. workers rely on AI to complete work without properly evaluating outcomes.

  • Axiom survey of 300 in-house counsel: More than 80% of legal teams admitted to using AI tools not provided by their company or not formally approved.

Red Flags: Data Usage, Ethics, and Misuse

The survey figures we’ve seen highlight a crisis within “shadow” (unauthorized) AI, according to Camilo Artiga-Purcell, general counsel at Kiteworks, in an opinion piece for Corporate Compliance Insights.

The numbers involved suggest these aren’t junior employees casually testing new technologies; these are seasoned legal professionals at major corporations, entrusted with some of the most sensitive data imaginable — M&A strategies, litigation tactics, intellectual property, and trade secrets — using tools that offer little to no control over where that data goes or how it’s used.

Camilo Artiga-Purcell
General Counsel, Kiteworks

From proprietary information to personal data subject to GDPR, CCPA, and other privacy laws, there are many costly risks involved. And Artiga-Purcell argued that legal departments are even more vulnerable to this shadow AI crisis. This could be for a number of reasons:

  • Extreme time pressure that drives lawyers to use whatever tools they can to meet non-negotiable deadlines

  • The individual nature of work that allows lawyers to use AI without detection

  • A generational divide that enables young lawyers, who may be more comfortable with AI tools, to utilize the tools without fully appreciating the risks to client confidentiality

Earlier, we looked to Axiom’s 2025 AI report to show the difference between adoption of enterprise-grade tools and unauthorized AI agents. According to that same report, “free chatbots rival enterprise tools, at a cost.”

Dual AI strategies — using generalized chatbots alongside enterprise-grade AI tools — undermines governance, security, privacy, and AI maturity.

Axiom

General chatbots offer no control over data retention, model training, or access, and the risks involved are quite dangerous.

Consumer Tools vs. Enterprise Tools vs. A Fully Integrated AI Environment

In the Heppner Ruling, former CEO Bradley Heppner faces federal fraud charges in an alleged $150 million scheme for using the consumer version of Claude AI to generate 31 documents analyzing his legal exposure, potential defense theories, and strategic options.

This led to the first-of-its-kind written federal court opinion about AI-generated materials and legal privilege. The court decided that by sharing privileged information with the AI platform (and by extension, with the platform’s operator under its privacy policy), Heppner waived the privilege over that information, just as if he had shared it with any other third party.

This shows how using free AI tools can create significant risk for legal, regulatory, and audit requirements. In order to better understand how enterprise tools differ from these kinds of consumer tools, let’s take a look into the multi-tiered system of organizational AI usage.

Consumer Tools vs. Enterprise Tools vs. A Fully Integrated AI Environment

  1. Tier 1: Consumer AI tools.

    This is the type that Heppner used. Standard terms allow data collection of inputs and outputs, model training, and disclosure to third parties including government authorities. AI-related errors have already led to withdrawn judicial opinions and flawed filings and courts are beginning to penalize improper AI use.

  2. Tier 2: Enterprise AI with negotiated agreements.

    Many organizations use enterprise licenses for platforms like ChatGPT Enterprise, Claude for Enterprise, or Microsoft Copilot with negotiated terms that include contractual confidentiality obligations, no training on customer data, and no right to disclose inputs to third parties. While these features do address the confidentiality gaps found in consumer AI tools, privilege protection is still untested in court. Besides regulatory compliance, enterprise tools provide greater reliability and accuracy through validation layers and integration with internal systems, reducing risks like hallucinations or inconsistent outputs. They also allow for better centralized oversight and scalability, allowing organizations to monitor usage and enforce policy in a way that is difficult — and often impossible — with consumer-grade tools.

  3. Tier 3: AI integrated into legal workflow platforms.

    A dedicated AI environment goes beyond typical enterprise AI tools by offering a legal-specific environment where data ingestion, eDiscovery, legal holds, review, and analytics all exist in one system, eliminating the fragmentation that even many enterprise solutions still struggle with. Unlike both enterprise and consumer-grade tools, it is purpose-built for legal workflows, meaning it delivers higher accuracy, defensibility, and compliance aligned with requirements like privilege protection, audit trails, and court-ready outputs. This combination of end-to-end integration and legal-grade governance reduces risk, lowers operational complexity, and enables teams to manage the full litigation or investigation lifecycle within a single, secure platform.

Choosing the Right Tool

It’s not that leaders don’t recognize the risk that consumer-grade AI poses. It’s just that many leaders haven’t done the research necessary to find a more secure platform. Don’t make that same mistake in your organization.

Casepoint’s AI-powered end-to-end platform offers an AI environment that reduces regulatory risk and strengthens security at the highest level for legal and government agencies. Instead of allowing high-risk AI usage in your workplace, train your staff on a platform that offers stronger governance, better records management, and clear defensibility standards.

Free Chatbots: The Risks of Using Unauthorized AI Alongside Enterprise-Grade Tools
Kevin Albert

Author

Kevin Albert

Director of Sales Engineering

Kevin Albert serves as Director of Sales Engineering at Casepoint. He leads the sales engineering function, aligning technical strategy, resources, and solution design with customer requirements and contractual obligations. He partners closely with sales, product, and operations to guide complex engagements, support demos and evaluations, and serve…

Categories: