The Upper Tribunal has issued a warning about the professional risks of using generative AI in legal practice, after two immigration cases revealed the submission of fictitious authorities generated by AI tools.
The judgment, UK & R (Munir) v Secretary of State for the Home Department [2026] UKUT 81 (IAC), sets out clear expectations for legal representatives and confirms that uploading client material into open source AI systems breaches confidentiality and may waive privilege.
The panel - UT Judges Lindsley, Keith and Blundell - said legal professionals must ensure the accuracy of all authorities cited and supervise junior staff effectively. The Tribunal held that “supervisors must ensure that fee earners under their supervision are aware of the dangers of using non-specialist Artificial Intelligence (AI) for legal research and drafting.” It added that failures to do so are likely to result in referral to the Solicitors Regulation Authority (SRA) or other regulators.
The judgment arose from two separate matters in which lawyers submitted grounds containing non existent case law. In the first, a Level 3 accredited adviser admitted including a fabricated authority - “Horleston v SSHD”- which the Tribunal confirmed had never existed. After reviewing his internet history, he accepted that “in absence of an explanation… I cannot dismiss the fact that the case was an AI creation.”
The Tribunal tested Google’s AI search mode itself and found it capable of producing plausible but entirely false case names, judicial panels and legal propositions. It warned that the problem is not limited to ChatGPT style tools: “the use of Google AI for legal research is equally likely to generate results which are false.”
The judges stressed that such errors waste judicial resources, mislead the court and risk undermining public confidence. They noted that immigration clients are often particularly vulnerable, heightening the need for professional diligence.
The Tribunal also held that uploading client emails or Home Office decision letters into open source AI tools constitutes a data breach. It stated that “uploading confidential documents into an open-source AI tool, such as ChatGPT, is to place this information on the internet in the public domain, and thus to breach client confidentiality and waive legal privilege.”
The Tribunal said such conduct may warrant referral to the SRA and should in any event be reported to the Information Commissioner’s Office (ICO). It contrasted open source tools with closed source systems such as Microsoft Copilot, which do not place information into the public domain.
The Tribunal emphasised that the core issue was not simply AI misuse but inadequate supervision. It held that a supervisor who allows junior staff to submit inaccurate or AI generated material is “more culpable” than a lawyer who makes such errors personally, because they fail both the Tribunal and the development of junior practitioners.
In the second case, a solicitor responsible for a trainee’s work admitted that inaccurate authorities had been inserted without verification. The Tribunal rejected attempts to distinguish the case from the earlier High Court decision in Ayinde, which established that false citations - regardless of how they arise - are likely to justify regulatory referral.
In both matters, the Tribunal ultimately declined to refer the practitioners to the SRA or Immigration Advice Authority only because they had already self reported. It made clear that, absent self referral, it would have done so.
