Privilege Firewall Orchestrator for Perth Boutique Firms: Stop AI Tools Cross-Pollinating Client Matters

You run a seven-lawyer practice in West Perth. Two of your matters share an industry — a mining services dispute on one side of the floor, a contract advisory for a competitor on the other. Both teams use the same AI assistant to draft, summarise, and search. The model has no concept of an ethical wall. One careless prompt that pulls “similar past advice” from its working memory, and material from one client’s privileged file surfaces in another’s draft. You won’t know until the other side notices. The Privilege Firewall Orchestrator is built to make that class of bleed structurally impossible.

The problem

Privilege bleed isn’t a new risk — it’s the AI-tooling version of an old one. Confidentiality and the avoidance of conflict are core obligations under the Australian Solicitors’ Conduct Rules (Rule 9 on confidentiality, Rules 10–11 on conflicts and information barriers). When a small firm bolts a general-purpose LLM onto its drafting workflow, the model’s context window, retrieval index, and conversation history become a shared workspace across every matter the firm runs. There is no built-in ethical wall. A paralegal searching for “similar indemnity carve-outs” can retrieve clauses from a matter they are conflicted out of, and a partner using AI summarisation across a document set can have one client’s privileged strategy material recombined into another client’s advice. For boutique firms — where the same handful of lawyers touch many matters — the surface area is disproportionately large. Expert-evidence work governed by the Administrative Review Tribunal’s practice directions adds a further wrinkle: material relied on by an expert can be compelled, and any leakage of source context into that pipeline becomes a discoverability problem.

What the Privilege Firewall Orchestrator does

The Privilege Firewall Orchestrator is a multi-matter privilege firewall that sits between your firm’s AI tools and your matter store. Every AI request is bound to a matter ID. The orchestrator enforces that the model can only see, retrieve from, or generate against content tagged to that matter and the users authorised for it. Cross-matter retrieval is blocked at the orchestration layer, not left to model behaviour or user discipline. Conflicted users — including those subject to an information barrier on a specific file — are denied at the request layer, with the denial logged. The output is a confidentiality posture you can describe to a client and an audit trail you can produce if the question is ever asked.

How it works

1. Matter binding. Every AI interaction (chat, retrieval, summarisation, drafting) must declare a matter ID. Requests without one are rejected. The matter ID is the unit of access control.
2. Conflict register integration. The orchestrator reads from your firm’s conflicts register and information-barrier list. A user flagged off a matter cannot send prompts, retrieve documents, or receive completions tied to it — enforced before the model is called.
3. Per-matter context isolation. Retrieval indexes, conversation history, and any cached embeddings are partitioned per matter. The model’s working context for Matter A cannot include any content from Matter B, even if the same lawyer worked both.
4. Egress filtering. Generated output is checked against the source matter’s allowed-content scope before being returned. Material that would constitute cross-matter leakage is blocked and logged.
5. Audit log per matter. Every prompt, retrieval, completion, and denied request is logged against the matter file — producing a defensible record for compliance reviews, professional standards enquiries, or expert-evidence disclosure obligations under ART practice directions.

Why this matters in Perth

Perth’s legal market is concentrated around a small number of sectors — resources, energy, construction, native title — where the same boutique firm will routinely act for parties on opposite sides of overlapping transactions across time. Conflict-management discipline is already the operational backbone of these practices. Bolting AI tooling on top without a firewall undoes that discipline silently. For firms doing expert-evidence work before the ART, where the practice directions set expectations on the integrity and provenance of expert material, an AI tool that has been retrieving across matters is a discoverability and admissibility risk you don’t want to discover under cross-examination. A firewall enforced at the orchestration layer — rather than by training individual users to be careful — is the only version of this control that survives contact with a busy week.

Sources

• Administrative Review Tribunal — Practice Directions and Other Guidance: https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance
• Law Council of Australia — Australian Solicitors’ Conduct Rules (Rules 9, 10, 11 on confidentiality, conflicts and information barriers): https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• Office of the Australian Information Commissioner — Privacy guidance: https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies

Exegesis capability references:

• Privilege Firewall Orchestrator spec
• RuleCheck by Exegesis — open-source verifier

Join the waitlist

Join the waitlist — be the first to know when the Privilege Firewall Orchestrator opens for Perth boutique firms

We’re scoping deployment patterns for boutique firms (under 10 lawyers) where the orchestrator sits in front of existing AI tooling rather than replacing it. Join the waitlist and we’ll share the integration shape, the conflicts-register requirements, and what early-access pricing looks like as soon as it’s defined.