MPL Legal Tech Advisors: The Legal AI Brief

Thursday, 23th October 2025 - 7th Edition

This Week’s Theme

Every legal team I spoke to this week had an AI policy. None of them could answer a simple question:

Every call I had this week; whether with law firm founders, consultants, tech lawyers, or practice admins; pointed to the same pattern:

Prove who used AI, on which matter, and who reviewed it.

That gap is where the real liability sits.

Regulators and insurers don’t care about guidelines. They care about evidence.

If you can’t show who used AI, for what purpose, and under what sign-off, you don’t have governance. You have exposure.

If anyone can use AI without permission or role clarity, you’re not “innovating”, you’re leaking privileged information.

If AI output lands in a client file without documented human review, it’s not “assistance”, it’s unauthorized practice.

If you can’t export who used what, on which matter, under which supervision, then nothing you say in your policy matters.

Across all conversations this week, from litigation boutiques to compliance teams, AI tools were already being used.

Almost none of that usage was traceable.

Four failure points beyond hallucinations.

A simple operating rhythm any legal team needs.

Variations of the same confession came up in every call:

“People are pasting client files into AI tools, and we have no record of where it goes.”

That isn’t innovation, but rather undocumented client data transfer with no audit trail. The sort of thing insurers drop coverage over.

Evidence beats access
A license isn’t adoption unless you can prove repeated, supervised use.
Policies ≠ defensibility
Insurers and regulators want proof, not promises.
Auditability is the standard
If usage isn’t tied to matters and reviewers, it’s unfit for professional practice.