The Arizona court system recently published a list of approved artificial intelligence tools for use across state courts. The document is worth reading carefully, because what it prohibits tells a more important story than what it approves.

Never include confidential, personally identifiable, or other sensitive content in a prompt or as input.

What the document says

Every tool on the approved list carries the same prohibition in plain language: sensitive content must never be included in a prompt or submitted as input. The list includes the tools most commonly discussed when attorneys consider adopting AI for their practices. ChatGPT, Claude, Microsoft Copilot, and Google Gemini all appear. All carry the same restriction.

The document also notes that information included in prompts may be exposed by the tool to other users, and that data retention and utilization terms vary by tool and license tier. These are not theoretical concerns. They are the documented characteristics of every major cloud-based AI platform on the market today.

The prohibition applies formally to the Arizona court system. But the reasoning behind it applies equally to any professional practice that handles sensitive documents. The source of the risk is the same regardless of who is submitting the prompt.

The gap this creates for law firms

A law firm's most valuable work product is sensitive by definition. Client matters, contract negotiations, deposition transcripts, medical records in litigation, financial disclosures, family circumstances in estate matters. The documents that make legal representation possible are precisely the documents that approved cloud AI tools are prohibited from receiving.

This creates a practical problem. An attorney who wants to use AI to search prior matter files, review a contract against precedent, or prepare for a deposition is working with documents that cannot, under the reasoning of this guidance, be submitted to the tools most widely available.

The Arizona State Bar has separately noted that generative AI may produce fabricated citations and result in attorney discipline. Judges in Arizona now carry a formal duty of technology competence. The regulatory environment is not standing still. Attorneys who have not thought carefully about how they use AI with client documents may find themselves in a difficult position as that environment develops further.

The same reasoning extends beyond law firms. Medical practices, accounting firms, life sciences companies, and regulated manufacturers all work with documents that carry confidentiality obligations. The Arizona courts guidance applies formally to courts and the attorneys who appear in them. The architecture problem it identifies is not limited to that context.

What a private deployment changes

A private AI system deployed on hardware at the firm's location operates differently in every relevant respect.

Documents submitted to the system never leave the building. There is no third-party server receiving the query or the document content. There is no vendor data retention policy governing what happens to client files after the session ends. There is no cloud infrastructure that a subpoena could reach.

The system answers questions from the documents the firm has chosen to provide. It draws from nothing else. Its answers are sourced from those documents and cite the specific files and passages they came from. The prohibition that governs every tool on the Arizona courts list does not apply, because the architecture that creates the risk does not exist.

A question worth asking

The Arizona court system's guidance draws a clear line between what AI can do with public, non-sensitive information and what it cannot do with sensitive content. That line exists for good reason, and it is not unique to courts. Law firms, medical practices, and accounting firms operate under the same professional obligations that make the distinction meaningful.

Before a practice adopts any AI tool for working with client documents, one question is worth asking plainly: where does the document go when it is submitted, and who controls what happens to it after that?

For practices where the answer to that question matters, the architecture of the system is not a technical detail. It is the whole point.