Privilege Use Boundary Enforcement Agent for Sydney Boutique Firms: Stop AI Tools Leaking One Matter Into Another

You run a seven-lawyer shop in Sydney. Two of your solicitors are preparing expert evidence for an Administrative Review Tribunal matter; a third is on the other side of a related commercial dispute behind an information barrier. Everyone uses the same shared AI assistant on their laptops. There is no technical control stopping a paralegal pasting instructions from Matter A into the same chat session they used last night for Matter B, and no log telling you it happened. The Privilege Use Boundary Enforcement Agent is built to make that class of failure visible — and stoppable — before it becomes a privilege problem.

The problem

Boutique firms carry the same privilege obligations as the largest practices but rarely have the IT controls to match. Three pressures collide:

• Staff move between matters quickly. The same workstation, the same browser session, sometimes the same AI tool — used across files that should never see each other.
• The ART Expert Evidence Practice Direction sets clear expectations for how expert evidence is prepared and instructed. When an AI tool ingests instructions, draft reports, or witness material from one matter and surfaces patterns of it in another, the firm has no audit trail to show what crossed.
• Australian Solicitors’ Conduct Rule 9 (confidentiality) and Rule 10 (conflicts) attach to the firm, not the tool. If a model retains context between sessions, or if a staff member pastes privileged material into a consumer chatbot, the breach is yours.

Privilege bleed is not usually dramatic. It looks like a draft paragraph that reads suspiciously like another client’s wording, an autocomplete suggestion that names a party from a sealed matter, or a “based on our earlier conversation” reference the user can’t account for.

What the Privilege Use Boundary Enforcement Agent does

The agent runs on each staff workstation and monitors AI-tool interactions (browser-based chat sessions, IDE assistants, desktop LLM clients) against the firm’s matter boundary policy. When it detects a session that would cross a boundary — pasting content tagged to Matter A into a session previously used for Matter B, or sending content from a matter behind an information barrier to an external model — it blocks the action and logs the attempt.

Specifically it:

• Tags content at the point of access (matter ID, client ID, ethical-wall flag)
• Inspects outbound AI-tool traffic at the workstation, before it leaves the device
• Blocks transmissions that would mix tagged content across boundaries
• Writes a tamper-evident log entry for every block and every override
• Produces a weekly privilege-boundary report the principal can review

The agent does not read or store matter content centrally. Inspection is local; only metadata (matter IDs involved, action taken, timestamp, user) leaves the device.

How it works

1. Policy setup. You define matter boundaries and ethical walls in a simple policy file — which matters are siloed, which users sit behind which wall, which AI tools are approved.
2. Workstation install. A lightweight agent is installed on each staff laptop. It hooks into browser and OS-level paste/upload events and into network traffic to known AI endpoints.
3. Tag at source. When a user opens a document or matter folder, the agent tags the content with its matter ID. Tags persist through copy-paste.
4. Inspect at the boundary. Before content is transmitted to an AI tool, the agent checks the destination session’s history against the source tag. Mismatched boundaries trigger a block with a clear on-screen reason.
5. Log and report. Every block, override, and approved transmission is logged locally and aggregated into a weekly report for the principal or risk partner.

Why this matters in Sydney

Sydney boutique firms doing tribunal work — particularly ART matters involving expert evidence, migration, NDIS, or veterans’ affairs — frequently act against, or alongside, larger firms with mature AI governance. The ART Expert Evidence Practice Direction expects experts to be properly instructed and their evidence to be the product of their own independent work; a firm that cannot demonstrate clean separation between matters and clean handling of AI-assisted drafts is exposed both ethically and forensically. NSW has the largest concentration of boutique litigation practices in the country, and the same staff often work matters that touch related parties. Information-barrier hygiene that was once a policy document needs a technical control behind it.

Sources

• Administrative Review Tribunal — Practice Directions and Other Guidance: https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance
• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• Federal Court of Australia — Use of Generative Artificial Intelligence Practice Note (GPN-AI): https://www.fedcourt.gov.au/law-and-practice/practice-documents/practice-notes/gpn-ai
• Office of the Australian Information Commissioner — Guidance on privacy and the use of commercially available AI products: https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-the-use-of-commercially-available-ai-products
• RuleCheck by Exegesis (open-source citation verifier, related capability): https://github.com/andrefabre/rulecheck

Join the waitlist

The Privilege Use Boundary Enforcement Agent is in design partner phase with a small number of Sydney boutique firms. We’re scoping pricing (per-seat monthly, or firm licence) based on real deployment patterns.

Join the waitlist — be the first to know when access opens for Sydney boutique firms

What we hear from waitlist firms will shape the policy model, the supported AI tools, and the reporting that lands on the principal’s desk.