Privilege Use Boundary Enforcement Agent for Brisbane Boutique Firms: Stop Privilege Bleed Before a Paralegal’s Prompt Crosses a Matter

You run a six-lawyer practice in Brisbane. One paralegal pastes a redraft of a confidential affidavit into a public chatbot to “tidy the language”. Another asks the same tool to summarise instructions from a matter the firm acted on last year — for a new client whose interests are now adverse. Nobody saw it happen. There’s no log. The Privilege Use Boundary Enforcement Agent is the workstation-level control that stops these prompts before they leave the device.

The problem

Privilege bleed is the unintended exposure of privileged or confidential material across matters, clients, or firms — and AI tooling has made it faster and harder to detect. A staff member pastes a draft witness statement into a consumer LLM to clean it up; the prompt is logged on a third-party server outside the firm’s control. A lawyer uses an AI assistant trained on past matters to draft for a new client whose interests conflict with a former one. A paralegal preparing material for an Administrative Review Tribunal expert evidence brief queries an external model with the expert’s draft opinion attached.

For a boutique firm in Brisbane, the exposure is concentrated. You don’t have a dedicated GC or an internal information security team auditing every prompt. The Australian Solicitors’ Conduct Rules require solicitors to maintain client confidentiality (Rule 9) and to avoid conflicts arising from former-client information (Rule 10). The ART’s expert evidence practice direction places expectations on the integrity and independence of expert material put before the Tribunal — material that loses integrity the moment it’s fed through an uncontrolled external model.

What the Privilege Use Boundary Enforcement Agent does

The agent runs on staff workstations and enforces firm-defined boundaries on AI use at the point of input. Per the catalog spec (Privilege_Use_Boundary_Enforcement_Agent), it detects and blocks AI use that would violate privilege rules — across every device where staff might paste, upload, or type a prompt into a generative AI tool.

Concretely, it does three things:

• Detects prompts and uploads that contain markers of privileged material — matter identifiers, client names, “without prejudice” / “privileged and confidential” tags, or content fingerprints from documents stored in the firm’s matter system.
• Blocks or quarantines prompts that would send that content to an external AI endpoint not on the firm’s approved list.
• Logs the attempt — who, when, which matter, which destination — so the firm has a defensible audit trail when a question is asked later.

The agent is workstation-resident. It does not require the firm to centralise its document store, switch DMS, or buy into a single vendor’s AI suite.

How it works

1. Boundary policy is defined per firm. You set which AI tools are approved, which matters or clients are walled off from each other, and which content classes (drafts, instructions, expert opinions, settlement correspondence) must never leave the device.
2. The agent runs locally on each staff workstation. It monitors the browser, clipboard, and file-upload events targeting known AI endpoints.
3. Prompts are screened before they leave the device. If a prompt or attachment matches a blocked content class or violates a matter-boundary rule, the send is interrupted and the user sees a reason.
4. Every block, override, and allowed send is logged. The log is held by the firm — not by an external vendor — and is structured for review by the principal or a compliance officer.
5. Policy is reviewed on a cadence the firm sets. Rules can be tightened around specific matters (for example, an active ART expert evidence brief) without rewriting the firm-wide policy.

Why this matters in Brisbane

Brisbane boutique firms increasingly take on federal-jurisdiction work — Administrative Review Tribunal matters, Federal Circuit and Family Court files, and Federal Court commercial litigation — alongside Queensland Supreme Court practice. The ART’s expert evidence practice direction sets expectations on how expert material is prepared and presented; a firm cannot credibly assure the Tribunal of the integrity of an expert’s opinion if a paralegal has run drafts through an unlogged external model. The Australian Solicitors’ Conduct Rules apply to every solicitor on the practising certificate regardless of firm size, and confidentiality and former-client obligations don’t scale down for boutiques. Workstation-level enforcement closes the gap between firm policy (“don’t paste client material into ChatGPT”) and the reality on a Tuesday afternoon when a deadline is forty minutes away.

Sources

• Administrative Review Tribunal — Practice Directions and Other Guidance: https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance
• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• Federal Court of Australia — Use of Generative Artificial Intelligence Practice Note (GPN-AI): https://www.fedcourt.gov.au/law-and-practice/practice-documents/practice-notes/gpn-ai

Join the waitlist

Join the waitlist — be the first to know when the Privilege Use Boundary Enforcement Agent opens for Brisbane boutique firms

We’re scoping deployment patterns for firms under ten lawyers — what gets enforced by default, what needs principal sign-off to override, and how the audit log fits with your existing matter management. Join the waitlist and what we hear from you will shape the policy templates the agent ships with.