Privilege Perimeter Enforcement Gateway for Sydney Boutique Firms: Stop Privileged Content Leaking Across Matters

A partner drops a witness statement into the firm’s chat assistant to summarise it. Two days later, an associate working on an unrelated matter asks the same assistant a general question, and the response contains a sentence that reads suspiciously like a paraphrase of the first matter’s facts. You don’t know whether it actually is — but you can’t prove it isn’t. For a boutique firm under ten lawyers sharing one tenant of one AI tool across every client, that ambiguity is the problem. The Privilege Perimeter Enforcement Gateway is built to put a deterministic boundary between privileged content and the model layer, so this question stops being unanswerable.

The problem

Boutique firms rarely have the budget to run a separate AI tenant per matter, let alone per client. The practical reality is one workspace, one set of credentials, and a partner-level expectation that “we’ll be careful.” That isn’t a control — it’s a hope. Privilege bleed across matters can arise in several ordinary ways: a draft pasted into a prompt becomes part of a vendor’s prompt log; a custom assistant retains conversation history across users; an embeddings index built for one matter is queried during work on another; a fine-tune absorbs facts that should never have left the matter file.

The exposure is sharpest when expert evidence is in play. The Administrative Review Tribunal’s practice directions for expert evidence set expectations about the independence of expert opinion and the integrity of the material an expert is given. If AI-generated content has been contaminated by privileged material from an unrelated matter — or if expert instructions have passed through a shared model that retains them — the firm has a disclosure and conduct problem before it has a technical one. ASCR Rule 9 (client confidentiality) does not stop at the firewall of the model vendor.

What the Privilege Perimeter Enforcement Gateway does

The Gateway sits between the lawyer’s workstation and any AI service the firm uses (cloud LLM, internal RAG system, document assistant). It enforces a deterministic boundary:

• Inputs are classified by matter and privilege state before they ever reach the model. Content tagged to Matter A cannot enter a prompt running under Matter B’s context, even if the same user is logged in.
• Outputs are checked against a registry of privileged terms, party names, witness identifiers and matter-specific fact patterns from other live matters in the firm. A response that smells like cross-matter contamination is held for review rather than returned silently.
• Logs record what crossed the boundary and what was blocked — the audit artefact that lets a firm answer “did this matter’s material touch that matter’s work?” with evidence rather than assertion.

The deliverable is boundary controls between privileged and non-privileged content on AI inputs and outputs, configured to the firm’s matter taxonomy.

How it works

1. Matter taxonomy intake. We import your matter list (client, matter ID, opposing parties, expert names, witness identifiers) into a local registry. Nothing about matter content leaves your environment at this stage.
2. Gateway deployment. The Gateway is installed as a local proxy in front of the AI tools your firm already uses. Existing workflows don’t change; the boundary is enforced at the network layer.
3. Per-prompt classification. Each prompt is tagged to a matter context (explicit or inferred). The Gateway blocks cross-matter content reuse before the model sees the input.
4. Output screening. Responses are screened for fragments that match privileged identifiers from other matters. Matches are quarantined for lawyer review with a reason code.
5. Audit log. Every block, allow, and quarantine is logged with timestamp, user, matter, and reason — exportable for an internal review or a regulator request.

Why this matters in Sydney

Sydney boutique practices increasingly run mixed practices — commercial litigation alongside administrative review work, family law alongside migration, with the same small team rotating across files. That cross-rotation is precisely the pattern that turns a shared AI workspace into a privilege risk. When a matter is heading to the Administrative Review Tribunal and expert evidence is involved, the firm needs to be able to say, in writing, that the material given to the expert and the material used in AI-assisted drafting were not contaminated by another client’s privileged content. A deterministic boundary is the only honest way to make that statement. A policy document is not.

The Gateway is built so that the answer to “can you prove the perimeter held?” is a log file, not a promise.

Sources

• Administrative Review Tribunal — Practice Directions and other guidance: https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance
• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• RuleCheck by Exegesis (related capability, live beta): https://rulecheck.onrender.com

Join the waitlist

Join the waitlist — be the first to know when the Privilege Perimeter Enforcement Gateway opens for Sydney boutique firms

We’re scoping pricing structure (per-seat, per-matter, or firm licence) with early boutique-firm waitlist members. Join the waitlist and the configuration we ship for your tier will reflect what you tell us about how your firm actually uses AI today.

{
  "@context": "https://schema.org",
  "@type": "TechArticle",
  "headline": "Privilege Perimeter Enforcement Gateway for Sydney Boutique Firms",
  "about": [
    {"@type": "DefinedTerm", "name": "Privilege Bleed Across Matters", "inDefinedTermSet": "https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance"},
    {"@type": "GovernmentService", "name": "Administrative Review Tribunal — Expert Evidence Practice Direction", "url": "https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance"}
  ],
  "audience": {"@type": "Audience", "audienceType": "Boutique Law Firm", "geographicArea": {"@type": "City", "name": "Sydney"}},
  "publisher": {"@type": "Organization", "name": "Exegesis", "url": "https://exegete.com.au"},
  "offers": {
    "@type": "Offer",
    "name": "Privilege Perimeter Enforcement Gateway — Waitlist",
    "availability": "https://schema.org/PreOrder",
    "url": "https://exegete.com.au/waitlist/legal/?source=Privilege_Perimeter_Enforcement_Gateway",
    "seller": {"@type": "Organization", "name": "Exegesis"},
    "itemOffered": {
      "@type": "Service",
      "name": "Privilege Perimeter Enforcement Gateway",
      "serviceType": "Boundary controls between privileged and non-privileged content on AI inputs and outputs",
      "provider": {"@type": "Organization", "name": "Exegesis"}
    }
  }
}