Most lawyers I talk to are already quietly using AI — ChatGPT, Claude, Copilot — for drafting, research, and summarization. It’s useful. It saves hours. And in almost every case, the firm never formally decided whether it was allowed. A paralegal or an associate started, then a partner tried it, then it was everywhere, and nobody circled back to the ethics question.
Here’s the uncomfortable part: under ABA Model Rule 1.6, the duty of confidentiality applies to everything relating to a client’s representation, not just privileged communications. Anything you paste into a cloud AI service is data you’ve handed to a third-party processor. Some states have issued specific guidance warning that AI use requires the same diligence as any other vendor — data handling agreements, security audits, informed client consent.
Most firms are doing zero of that. They’re just pasting.
What “on-device AI” actually means
There is another way to run AI tools inside a firm — locally, on the machines the firm already owns, with no frame of the document ever touching a network.
This isn’t hypothetical. Apple Silicon MacBooks from roughly 2022 onward can run open-weight coding and writing models at useful speeds, entirely inside their own unified memory. No API call. No cloud round-trip. No “your data may be used to improve the service” footnote.
The technical term is air-gapped AI. Same underlying capability — large-language-model drafting, document review, summarization — minus the third-party data processor relationship. Because nothing leaves the Mac, there’s nothing to disclose to the client, nothing to document under a vendor-risk framework, nothing that can be subpoenaed from a cloud provider’s server. The surface area for a breach is the machine itself, which you already secure as part of normal firm operations.
Why this wasn’t practical a year ago
For years the “local AI” story was a lab-bench curiosity. You could technically run a language model on your laptop, but it was slow, it couldn’t follow complex instructions, and the output quality was visibly worse than what cloud tools produced. Clients would notice.
That changed faster than most firms realize. The current generation of open-weight models running on Apple Silicon produces output that’s indistinguishable from cloud Claude or GPT for most legal-adjacent tasks — drafting correspondence, summarizing long documents, extracting facts from depositions, plain-language explanation of statutes, cite checking against uploaded documents. The models have caught up. The hardware has caught up. The thing that hasn’t caught up is firms’ awareness that the option exists.
The setup, in plain English
A typical firm install looks like this:
- A handful of MacBooks (or an existing one per attorney who does heavy drafting).
- An open-source MLX server that runs a 31- to 70-billion-parameter model on each machine.
- A CLI or chat interface that matches what the attorneys are already used to — Claude Code for tech-heavy work, a local chat app for drafting.
- A one-page firm policy that documents “our AI runs on premises, does not use third-party processors, complies with [your state’s] duty of confidentiality guidance.”
The technical install is half a day per machine. The policy paperwork and a lunch-and-learn for the attorneys takes another day. After that it runs like any other piece of firm infrastructure — quietly in the background.
What it costs vs what cloud AI costs
A cloud AI subscription for a 10-attorney firm runs anywhere from $200 to $1,500 per month depending on tier and usage. Annual: $2,400 to $18,000. That’s ongoing forever, and each vendor price increase flows straight through to the firm’s overhead.
A one-time install of on-device AI across the same 10 attorneys is a fixed engagement — typically $8,000 to $15,000 all-in, hardware aside (most firms already have the Macs). After that, zero recurring AI spend. Year two onward the firm’s marginal AI cost is the electricity to run the MacBook.
The financial case is real, but it’s not actually the strongest argument. The strongest argument is: if a regulatory body ever asks how your firm handles client data in AI tools, “we run it on-device, no third-party processor” is the only answer that ends the conversation.
Who this is for
This isn’t the right fit for every firm. If your practice doesn’t handle confidential client information, or you’ve already done the vendor-risk work and your clients have signed off on cloud AI, cloud is fine and probably cheaper to start.
Where on-device is specifically the right move:
- Solo and small firms handling family law, trusts/estates, criminal defense, or any practice where client files carry heavy privacy expectations.
- Firms with specific-client confidentiality agreements that explicitly prohibit third-party data processors.
- Regulated practice areas (healthcare-adjacent, financial-services-adjacent, government contracting) where the compliance overhead of vendor AI is genuinely disproportionate.
- Firms in California, New York, Florida, Texas, or any state whose bar has issued specific AI guidance that firms haven’t actually complied with yet.
How to think about the decision
If you’re a partner reading this, the easiest diagnostic is: pull your associates and paralegals into a room and ask a yes/no question — “In the last 30 days, have you pasted client work into ChatGPT, Claude, or similar?” If the answer is anything other than a clear no, you already have an on-device-AI-worth-evaluating moment on your hands, whether you knew it or not.
The fix is not banning AI — banning it just moves the usage underground and makes it worse. The fix is giving attorneys a sanctioned AI that doesn’t create a vendor-risk problem. That’s what on-device is.
I do firm installations of exactly this setup — fixed-fee, one week start to finish, including the policy paperwork and attorney training. If your firm is quietly accumulating AI usage without a formal stance, or you’ve been waiting for the tech to get good enough to deploy safely, it’s there now.
More detail on the service: AirGap AI. Book a 15-minute call from that page and I’ll tell you in plain terms whether on-device is the right fit for your specific practice.
— Matt Macosko, Nice Dreamz LLC
The open-source setup I use for installs is public at github.com/nicedreamzapp/claude-code-local if you or your IT person want to review exactly what runs on firm hardware.