The Case for Local AI in Texas Law Firms

Texas Opinion 705 does not prohibit lawyers from using artificial intelligence. It gives them a harder assignment: use AI without surrendering control over confidential client information.

That is the real problem for law firm partners. The question is not whether AI can help lawyers draft, summarize, review, or analyze documents. It can. The question is whether the firm can obtain those benefits without creating a new channel for confidential client data to leave the firm.

Cloud AI can be appropriate in some circumstances. Major cloud providers have invested heavily in security, and private cloud architectures are often far safer than consumer AI tools. But cloud systems still require lawyers to trust outside vendors, contractual promises, retention policies, access controls, and countless implementation decisions made by both the provider and the law firm.

The stakes are concrete. A confidentiality lapse is not merely a technology problem. It can become a disciplinary issue, a malpractice issue, or a privilege-waiver dispute. Opinion 705 asks lawyers to make "reasonable efforts" to prevent that, not to achieve the impossible. Reasonable efforts can include using a cloud vendor under appropriate terms. But for some workflows, there is a simpler answer: do not send the client information outside the firm in the first place.

A local-first AI application keeps the interface, documents, and AI model under the firm’s control. The application can run as a desktop tool, an intranet application, or a secure internal workflow connected to the firm’s own document systems. The goal is not to chase the newest AI feature. The goal is to build useful AI tools around the oldest professional duty: keeping client confidences.

This article explains three approaches to legal AI: Consumer AI, Private Cloud AI, and Local-First AI. It also explains why Texas law firms that take Opinion 705 seriously should consider whether some AI workflows belong inside the firm’s own walls.

Level 1: Consumer AI

When most lawyers think of AI, they think of general-purpose tools such as ChatGPT, Claude, or Gemini. These tools are remarkable. They can answer questions, summarize documents, draft correspondence, and analyze complex information. They are also designed for the general public, not for law firms.

The primary risk is not that these systems are inherently insecure. Major AI vendors invest heavily in security. The real problem is that they place responsibility for confidentiality entirely on the lawyer. A lawyer using ChatGPT must decide which documents to upload, which information to disclose, which conversations belong to which client matter, and whether confidential information from one matter is being mixed with another. The software does not understand the firm's ethical obligations. It simply accepts whatever information the user provides.

This creates a structural problem. General-purpose AI tools are designed to encourage broad conversations across many topics. A lawyer may discuss one client matter in the morning, another in the afternoon, and an internal firm issue later that same day. The burden of keeping those matters properly separated falls entirely on the user.

Enterprise editions, such as ChatGPT Enterprise edition, improve the situation considerably. They typically disable model training, provide access controls, support auditing, and offer configurable retention policies. These features address many of the concerns associated with personal AI accounts.

However, even enterprise AI products remain general-purpose chat systems. They provide behavioral safeguards rather than structural safeguards. The software still relies on lawyers and staff members to consistently follow the firm's confidentiality procedures.

For many firms, the better question is not whether ChatGPT Enterprise or Claude Enterprise is secure enough. The better question is whether lawyers should be using a general-purpose chatbot at all.

A purpose-built legal AI application can enforce matter separation, restrict access to approved documents, limit what information may be uploaded, and create workflows specifically designed around the firm's confidentiality obligations. Instead of asking lawyers to remember the rules, the software itself can help enforce them.

Level 2: Private Cloud AI

A better approach is to build a purpose-built application that reaches an AI model through an API, rather than sending lawyers into an open chat interface. OpenAI, Anthropic, Google, AWS, and Microsoft all offer API access. The important difference is not merely contractual. It is architectural.

With a private cloud application, the firm controls the interface. It decides which lawyers may use the tool, which matters they may access, which documents are in scope, how long records are retained, and where work product is stored. The application can require the lawyer to select a client and matter before doing anything, limit the lawyer to documents already approved for that matter, prevent files from one matter mixing with another, log usage for later review, and keep client documents on the firm's own systems while sending only what a given request needs.

In short, the software enforces structural safeguards. The lawyer is no longer relying solely on memory, training, or a written policy.

The API tier also carries stronger data protections than consumer accounts. OpenAI states that API data is not used for training by default and that abuse-monitoring logs are generally retained for up to 30 days unless a legal exception applies. Anthropic states that API inputs and outputs are generally deleted within 30 days, subject to exceptions and different agreements. Zero data retention may be available for qualifying enterprise use cases, but it must be addressed expressly in the vendor arrangement.

For many firms, private cloud AI will be the practical middle ground: far more control than consumer AI, with continued access to leading commercial models. But it is not the end of the analysis. When the application calls an outside model, confidential client information still leaves the firm's environment. The transmission may be encrypted, the provider's security strong, the retention terms favorable — but the information is still outside the firm's walls. That is why private cloud AI is better than consumer AI, yet not the most conservative option.

Level 3: Local-First AI

The most conservative approach to confidentiality is simple: do not allow sensitive client information to leave the firm’s environment in the first place.

Instead of sending documents to an AI model hosted by a third party, a law firm can run the AI system inside its own network. The user interface might be an internal web application on the firm’s intranet. It might be a desktop application installed on lawyer laptops. The model itself can run on firm-controlled servers or, for some workflows, directly on an individual computer.

This is local-first AI.

The point is not that every legal AI workflow must be local. The point is that some client information is sensitive enough that the safest design is to keep the documents, prompts, model calls, outputs, and logs under the firm’s control.

That option is becoming more realistic because several strong open-weight models can now be downloaded and run locally.

Picture a workflow for highly sensitive client documents. A lawyer opens a firm-approved desktop application. The application connects only to the client’s matter folder. The lawyer selects an approved task: summarize deposition testimony, extract dates from medical records, compare contract provisions, or prepare a first-pass chronology. The AI model runs locally. The documents remain local. The output is saved back into the firm’s matter system.

No consumer chatbot is involved. No general-purpose conversation history is created. No prompt is stored in a third-party account. No file is uploaded to a vendor merely because a lawyer wanted help with a document.

That is the confidentiality advantage of local-first AI. The firm is not merely relying on a vendor’s promises, a lawyer’s memory, or a written AI policy. The architecture itself reduces the opportunity for confidential information to leave the firm.

There are tradeoffs. Local models may not match the best commercial cloud models on every task. They may require more technical setup. Larger models may require dedicated hardware. Smaller models may be fast and private but less capable. Local systems also need their own governance, security, updates, testing, and lawyer review.

But for some legal workflows, the question is not whether the firm has access to the most powerful model available anywhere in the world. The question is whether the firm can safely use AI on confidential client information without transmitting that information outside the firm.

For those workflows, local-first AI may be the safest design.

Conclusion

Opinion 705 does not require Texas lawyers to avoid AI. It requires them to use AI in a way that protects confidential client information.

That distinction matters. The question is not whether a law firm should use AI. The question is what kind of AI system the firm should permit.

For most firms, the answer should not be a general-purpose chatbot. Lawyers do not merely need a place to paste text and ask questions. They need secure AI workflows for specific legal tasks: document review, contract analysis, discovery preparation, deposition preparation, chronology creation, and drafting.

Private cloud AI is likely to become the practical middle ground for many law firms. A purpose-built application can enforce matter separation, control document access, apply retention rules, and keep the lawyer inside an approved workflow while still using leading commercial models from OpenAI, Anthropic, Google, Microsoft, or AWS.

For more sensitive matters, firms should also consider local-first AI. If confidential client information can remain entirely within the firm’s own environment, the confidentiality analysis becomes simpler. The firm is not merely asking whether an outside vendor has made sufficient promises. It is designing the system so that client information does not need to leave the firm in the first place.

If you take one action this quarter, make it this: find out what AI tools your lawyers and staff are already pasting client information into. Most firms have more unmanaged "shadow AI" use than they think. Set an interim policy, then pilot one purpose-built workflow on a real task. That is the larger point — law firms should not treat AI adoption as buying access to a chatbot. They should treat it as designing secure legal workflows.