Privilege Firewall Orchestrator for Melbourne Boutique Firms: Stop AI Tools Cross-Pollinating Confidential Matters

You run a seven-lawyer firm in Melbourne. Two partners are acting for opposing sides of a commercial dispute that walked in eighteen months apart — properly screened, separate matter files, the usual ethical wall. Last week a senior associate asked the firm’s AI assistant to summarise “the construction contract dispute” and got back a paragraph that referenced facts from the other matter. The model had been fine-tuned on uploaded documents from across the firm. Nobody had thought to scope it per matter. The Privilege Firewall Orchestrator is built to stop this class of failure before it produces a conflict you have to disclose.

The problem

Boutique firms adopt AI tools faster than large firms because the productivity gain is immediate and the procurement process is short. The trade-off is that most off-the-shelf AI assistants — chat tools, drafting copilots, document Q&A systems — index every document the firm gives them into a single retrieval layer. There is no native concept of matter, client, or ethical wall. When a lawyer asks a question, the model retrieves from whatever it has seen.

That architecture creates three concrete risks for a small firm:

• Privilege bleed between matters held by the same firm — confidential content from Matter A surfaces in a response generated for Matter B, breaching the duty of confidence under Australian Solicitors’ Conduct Rules (ASCR) Rule 9.
• Conflict of duty breaches under ASCR Rule 10 when the firm is acting for clients with adverse interests and the AI tool has no ethical wall.
• Disclosure obligations under expert evidence regimes — including the Administrative Review Tribunal’s practice directions for expert witnesses — where AI assistance in preparing evidence has to be identifiable and traceable to a specific matter.

The risk isn’t theoretical for a firm with fewer than ten lawyers because there is no IT department running a per-matter access control review. The assistant gets pointed at the document management system and the wall exists on paper only.

What the Privilege Firewall Orchestrator does

The Privilege Firewall Orchestrator is a multi-matter privilege firewall that sits between your AI tools and your matter files. It enforces a hard partition: every AI query is scoped to a single matter, every retrieval is restricted to documents tagged to that matter, and every response is logged against the matter ID. If a lawyer working on Matter B sends a query that would retrieve Matter A content, the orchestrator refuses the retrieval and records the attempt.

The deliverable is the firewall itself plus the audit trail it produces. The audit trail is the artefact you show a regulator, an insurer, or a court if a privilege question is raised.

How it works

1. Matter registration — every active matter in the firm is registered with the orchestrator and assigned a matter ID, client ID, and conflict-group tag. Documents loaded into AI tools are tagged at upload.
2. Query scoping — when a lawyer opens an AI session, they declare the matter they’re working on. The orchestrator binds the session to that matter ID.
3. Retrieval enforcement — every retrieval request the AI tool makes is filtered against the matter ID. Documents tagged to other matters are excluded at the index layer, not at the response layer.
4. Conflict-group blocking — matters in opposing conflict groups cannot share retrievals even with explicit override. This is the ethical wall, enforced in code.
5. Per-matter audit log — every query, retrieval, and response is logged with matter ID, user, timestamp, and the documents that were and weren’t retrieved. The log is the evidence that the wall held.

Why this matters in Melbourne

Victorian boutique firms operate in a market where the same partners often appear before the same tribunals — including the Administrative Review Tribunal, which replaced the AAT in October 2024 and publishes practice directions and guidance for practitioners and expert witnesses. The ART’s practice directions set expectations for how expert evidence is prepared and disclosed, and AI-assisted preparation falls within the scope of what practitioners must be able to account for. A firm that cannot demonstrate per-matter scoping of its AI tools cannot credibly answer a question about whether expert evidence was prepared in isolation from other matters held by the same firm.

The Federal Court’s General Practice Note on AI (GPN-AI) sets the broader expectation that practitioners are responsible for the integrity of AI use in proceedings. ASCR Rules 9 and 10 — confidentiality and conflict — are the rules the Victorian Legal Services Board enforces. The Privilege Firewall Orchestrator is built so that compliance with those rules survives contact with the AI tools the firm has already adopted.

Sources

• Administrative Review Tribunal — Practice Directions and Other Guidance: https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance
• Law Council of Australia — Australian Solicitors’ Conduct Rules (Rules 9 and 10): https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• Federal Court of Australia — Use of Generative Artificial Intelligence Practice Note (GPN-AI): https://www.fedcourt.gov.au/law-and-practice/practice-documents/practice-notes/gpn-ai

Exegesis capability references:

• Privilege Firewall Orchestrator spec
• RuleCheck by Exegesis (open-source citation verifier)

Join the waitlist

Join the waitlist — be the first to know when the Privilege Firewall Orchestrator opens for Melbourne boutique firms

The Privilege Firewall Orchestrator is in pre-release. We’re scoping pricing tiers for firms under ten lawyers and would rather hear from you before we set them. Join the waitlist and tell us how your firm’s AI tools are currently scoped — what you tell us will shape how the small-firm tier is built.