Privilege Perimeter Enforcement Gateway for Melbourne Boutique Firms: Stop Privileged Material Leaking Across Matters Through Shared AI Tools

You run a ten-lawyer firm in Melbourne. Two partners are on opposing sides of a commercial dispute that hasn’t formally conflicted out — yet. Three associates are using the same AI assistant across matters because the licence is per-seat and the tool has no concept of a Chinese wall. An expert witness brief is being drafted in the same workspace that, last week, held confidential instructions from the other side’s adjacent matter. Nobody has done anything wrong. But the architecture means privileged material can move sideways without anyone touching it. The Privilege Perimeter Enforcement Gateway is built to put boundaries back.

The problem

Boutique firms adopted AI tools faster than the firms that wrote the procurement policies. A general-purpose LLM doesn’t know which matter a prompt belongs to, which client owns the privilege, or whether the document attached to a query is subject to a confidentiality undertaking. Where the same tool is used across matters — and across practitioners who may sit on opposing or related instructions — the conditions for privilege bleed are present even without any deliberate disclosure. The risks compound when AI output is later used in expert witness material filed in the Administrative Review Tribunal, where the ART Expert Evidence Practice Direction governs the form and basis of expert evidence and the practitioner remains responsible for how that evidence was assembled. Australian Solicitors’ Conduct Rule 9 (confidentiality) and Rule 10 (conflicts concerning former clients) do not bend to accommodate shared tooling. The duty sits with the firm, irrespective of the platform’s default configuration.

What the Privilege Perimeter Enforcement Gateway does

The gateway sits between your practitioners and any AI tool they use. Every prompt and every response passes through a boundary control layer that tags content by matter, client, and privilege status, and enforces rules about what can cross from one context to another. Inputs are screened for material that belongs to a different matter than the one the user is currently working in. Outputs are screened for content that originated in a context the current user shouldn’t have access to. The deliverable is a documented set of boundary controls between privileged and non-privileged content on AI inputs and outputs, configured to your matter ledger and your firm’s conflict register.

How it works

1. Matter binding. Every AI session is bound to a specific matter ID before any prompt is accepted. Practitioners select the matter; the gateway records it.
2. Input screening. Pasted text and uploaded files are checked against tagged content from other matters in the firm. Material that appears to belong to a different matter, or to a former client, is held and surfaced to the user before transmission.
3. Tool-level segregation. The gateway routes prompts to AI services using matter-scoped credentials and context windows, so a model session for Matter A cannot draw on cached context from Matter B.
4. Output tagging. Responses are tagged with the originating matter and stored in a matter-scoped audit log, so any later reuse is traceable.
5. Audit and review. A weekly boundary report identifies near-miss events, screened inputs, and any rule changes — the kind of record that becomes useful if a privilege question is later raised.

Why this matters in Melbourne

Melbourne boutiques typically run concentrated practices — commercial litigation, planning, family, tax — where the same expert witnesses, the same opposing firms, and the same subject-matter overlaps recur. The ART Expert Evidence Practice Direction sets out how expert evidence must be prepared and presented in Tribunal proceedings, and the practitioner instructing the expert carries responsibility for the integrity of the instructions and underlying material. If AI tooling has been used during instruction drafting or evidence preparation, the firm needs to be able to show that privileged content from unrelated matters did not enter that workflow. ASCR Rule 9 obligations on confidentiality, and Rule 10 obligations regarding former clients, apply with the same force whether content moved by email, by shared drive, or by an LLM context window. Boundary controls at the gateway are how a small firm matches the segregation that larger firms achieve through separate tenancies and matter-scoped infrastructure.

Sources

• Administrative Review Tribunal — Practice Directions and Other Guidance: https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance
• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• Office of the Australian Information Commissioner — Privacy guidance for organisations: https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies
• Federal Court of Australia — Use of Generative Artificial Intelligence Practice Note (GPN-AI): https://www.fedcourt.gov.au/law-and-practice/practice-documents/practice-notes/gpn-ai

Exegesis capability references:

• Privilege Perimeter Enforcement Gateway spec
• RuleCheck by Exegesis — open-source citation verifier

Join the waitlist

Join the waitlist — be the first to know when access opens for Melbourne boutique firms

The Privilege Perimeter Enforcement Gateway is in scoping. We’re talking to Melbourne boutiques about how their matter ledgers, conflict registers, and current AI tooling actually look on the ground, so the gateway lands as a control your firm can adopt — not a platform you have to rebuild around. Join the waitlist and we’ll bring you into that conversation.