BOAB IT

1800 659 765

LET'S CHAT

AI in Law Firms: A Powerful Tool That Still Needs Guardrails

AI in Law Firms: A Powerful Tool That Still Needs Guardrails

Artificial intelligence is no longer a future concept for law firms. It is already being used to summarise documents, prepare first drafts, review information, support legal research, generate client communications, and reduce time spent on repetitive administrative tasks.

For legal practices, the opportunity is clear. AI can help fee earners move faster, reduce manual effort, and spend more time on work that requires legal judgment, strategy, client care, and professional experience.

But AI is not a shortcut around responsibility. Used properly, it can be a powerful assistant. Used carelessly, it can introduce serious risks around confidentiality, accuracy, cybersecurity, and professional obligations.

AI is already doing the “grunt work”

A recent UK case shows how quickly AI is moving from theory into real legal workflows.

In May 2026, Garfield AI helped freelance HR consultant Tamires Camal Taquidir recover £7,000 in unpaid fees through Wandsworth County Court. Garfield AI was used to support the pre-trial work, including correspondence, court documents, document production, witness statements, and trial bundles. A human barrister still handled the advocacy in court, and the court found in favour of the claimant after a three-hour trial. The claimant reportedly paid around £400 in Garfield AI fees to recover the £7,000 owed.¹

This is a useful example because it shows where AI can add real value. It was not replacing every part of the legal process. It was helping with the heavy lifting around preparation, organisation, drafting, and document handling.

For many firms, that is where the immediate opportunity sits. AI can help with:

  1. Summarising lengthy documents, correspondence, transcripts, and notes
  2. Producing first drafts of letters, file notes, policies, and internal documents
  3. Reviewing large volumes of material to identify themes or inconsistencies
  4. Supporting research preparation, provided all authorities are checked
  5. Creating client-friendly explanations from complex information
  6. Reducing time spent on repetitive admin and matter preparation

The Federal Court of Australia has also acknowledged that generative AI has the potential to improve efficiency in litigation, reduce legal costs, improve access to justice, and support the administration of justice, provided it is used responsibly and with due care.²

The real value is not “AI replacing lawyers”

For law firms, AI should be seen as an assistant, not a decision-maker.

The best use cases are not about removing people from the process. They are about giving lawyers, paralegals, and support staff better tools to work through information faster. AI can help reduce blank-page time, speed up document review, and make internal knowledge easier to access.

This can be especially useful for small and mid-sized firms where staff are often balancing client work, admin, compliance, and operational pressures at the same time.

The Queensland Law Society has taken a similar position, noting that AI use is not discouraged in legal practice and is not inherently incompatible with ethical duties, provided it is used within appropriate guardrails.³

That balance is important. AI can support legal work, but the firm remains responsible for the outcome.

The risks are just as real as the benefits

The same technology that can save time can also create new risks.

One of the clearest examples is inaccurate AI output. AI tools can produce information that sounds confident but is wrong. In legal work, that can be dangerous.

In June 2025, the UK High Court warned that lawyers who rely on AI-generated fake cases could face sanctions, contempt proceedings, or even criminal consequences in serious cases.

Australian courts are taking similar concerns seriously. The Federal Court’s generative AI practice note states that AI may produce fictitious cases, incorrect citations, misleading legal information, factual errors, and false confirmations of accuracy. It also makes clear that presenting false or inaccurate information to the Court is unacceptable.²

For law firms, this means AI output must be checked, especially where it relates to legal authorities, advice, evidence, court documents, or client-facing material.

Confidentiality and client data must come first

Legal practices hold sensitive information: client instructions, contracts, financial records, litigation strategy, family law material, conveyancing documents, trust account information, and privileged communications.

Putting that information into the wrong AI tool can create privacy, confidentiality, and privilege concerns. Public AI tools may store, process, or use inputs in ways that are not suitable for client data.

This is why firms need clear rules around what staff can and cannot enter into AI systems. At minimum, firms should know:

  1. Whether the AI tool stores prompts and outputs
  2. Whether data is used to train the model
  3. Where data is hosted
  4. Whether the platform has enterprise-grade security controls
  5. Who inside the firm is allowed to use it
  6. What kinds of client information are prohibited

AI adoption should not happen through staff experimenting on their own with free public tools. It should be governed, documented, and supported by the firm’s IT and risk management processes.

AI also changes the cybersecurity threat landscape

AI is not only being used by legitimate businesses. It is also being used by cybercriminals.

For law firms, this increases the risk of more convincing phishing emails, impersonation attempts, fake voice or video content, automated reconnaissance, and attacks that are harder for staff to identify.

AI tools can also introduce new technical risks such as prompt injection, where malicious instructions are disguised as normal inputs to manipulate an AI system into producing unsafe or sensitive responses. Cyber.gov.au warns that AI systems can be tricked through prompt injection and can also produce hallucinations, where the response sounds correct but is not true.

The risk increases further when AI tools are connected to email, files, calendars, document management systems, or other business applications. Agentic AI systems, which can take actions across tools, can amplify risks if they are given broad access to sensitive data or critical systems. Cyber.gov.au recommends careful adoption of agentic AI, with strict privilege controls, continuous monitoring, strong identity management, and human oversight.

The OWASP Foundation also identifies AI-specific risks such as prompt injection, insecure output handling, sensitive information disclosure, excessive agency, and supply chain vulnerabilities in large language model applications.

For a law firm, those are not abstract technology risks. They can affect confidentiality, client trust, business continuity, compliance, and professional reputation.

What law firms should do before adopting AI

AI should not be banned out of fear, but it should not be adopted casually either. The better approach is structured, practical, and security-first.

Before rolling out AI across a legal practice, firms should put the following in place:

  1. An AI usage policy that explains approved tools, prohibited uses, and staff responsibilities
  2. Clear rules around client data, confidential material, and privileged information
  3. Human review requirements for all legal, court, and client-facing outputs
  4. Staff training on hallucinations, fake citations, phishing, and prompt injection
  5. Secure enterprise-grade AI tools rather than unmanaged personal accounts
  6. Access controls so AI tools only see the information they genuinely need
  7. Audit logs and monitoring where AI is connected to firm systems
  8. A review process for any AI tool before it is introduced into the business

The goal is not to slow innovation. The goal is to make sure the firm can benefit from AI without increasing risk unnecessarily.

A practical way forward

AI will continue to change the way legal work is done. The firms that benefit most will not necessarily be the ones that use the most AI. They will be the ones that use it carefully, securely, and with proper oversight.

The UK Garfield AI case shows that AI can already assist with meaningful legal preparation and reduce the cost of pursuing smaller claims. But the court warnings around fake citations, confidentiality, and misuse show the other side of the same technology.

For law firms, the message is simple: AI is useful, but it needs guardrails.

Used well, AI can reduce repetitive work, improve efficiency, and help staff focus on higher-value client service. Used poorly, it can expose the firm to data leakage, inaccurate work, cybersecurity threats, and professional risk.

The opportunity is real. So is the responsibility.

References

  1. Garfield AI. (2026, June 22). AI lawyer wins first court trial (2026). Garfield AI.
  2. Federal Court of Australia. (2026, April 16). Generative Artificial Intelligence Practice Note (GPN-AI). Federal Court of Australia.
  3. Queensland Law Society. (n.d.). No. 37 Artificial Intelligence in legal practice. Queensland Law Society.
  4. Tobin, S. (2025, June 6). Lawyers face sanctions for citing fake cases with AI, warns UK judge. Reuters.
  5. Australian Signals Directorate’s Australian Cyber Security Centre. (2026, January 14). Artificial intelligence for small business. Cyber.gov.au.
  6. Australian Signals Directorate’s Australian Cyber Security Centre. (2026, May 1). Careful adoption of agentic AI services. Cyber.gov.au.
  7. OWASP Foundation. (2025). OWASP Top 10 for large language model applications. OWASP.