Client/Firm Privilege Boundary Orchestrator for Brisbane Firm Principals: Keep Matter Confidences Inside the Matter

A senior associate uses an internal AI assistant to draft a memo on a contentious takeover. Two weeks later, on an unrelated matter for a different client, the same assistant surfaces a paragraph that reads suspiciously close to the earlier work — same deal structure, recognisable counterparty language. Nobody copied anything. The model, or its retrieval index, remembered. As the firm’s principal, you carry the consequence under the Australian Solicitors’ Conduct Rules. The Client/Firm Privilege Boundary Orchestrator is built to stop that class of leak before it becomes a complaint.

Why it matters now

The Australian Solicitors’ Conduct Rules — adopted in Queensland in June 2012 as the Australian Solicitors Conduct Rules — codify a solicitor’s duty of confidentiality to current and former clients, and the related duties to avoid conflicts of duty between concurrent clients and between former and current clients. Those duties were drafted with human practitioners and physical files in mind. The arrival of firm-wide AI assistants, retrieval-augmented generation over internal document stores, and shared model fine-tuning has introduced a new failure mode: privilege bleed across matters or firms, where information drawn from one client’s confidential materials surfaces — directly or by inference — in work done for another. The Law Council’s 2026 review of the ASCR is already grappling with adjacent ethical issues (including the AML/CTF tipping-off obligations from 1 July 2026), and firm principals are the ones who sign professional indemnity declarations and answer to the regulator when a boundary fails. Manual review of every AI interaction across the firm is not a workable control. The control has to sit in the orchestration layer.

The 5-minute view

• Privilege bleed is the leakage of confidential or privileged matter content from one client engagement into another — through shared prompt context, shared retrieval indexes, model fine-tuning, or cached embeddings
• ASCR Rule 9 (confidentiality), Rule 10 (former-client conflicts), and Rule 11 (current-client conflicts) all extend to AI-assisted work; the rules are technology-neutral and the duty sits with the solicitor and the principal
• Off-the-shelf enterprise AI deployments often share a single vector store and a single model context across all users in the firm — that architecture is the threat
• A privilege boundary orchestrator enforces matter-level and client-level segregation at the orchestration layer: which corpora can be retrieved, which model contexts can be reused, and which outputs require an information-barrier check before delivery
• Boundary events (attempted cross-matter retrieval, near-duplicate output flags) are logged for the principal and for professional standards review
• The control is designed to be auditable by the firm’s general counsel, COLP, or external regulator without exposing the underlying client content

What Exegesis is building

The Client/Firm Privilege Boundary Orchestrator is a T2 service in the Exegesis Legal stack. It sits between the firm’s AI tooling (chat assistants, drafting copilots, RAG pipelines) and the underlying matter and document stores, and enforces privilege boundaries at the orchestration layer rather than relying on user discipline. Each request is tagged with a matter identifier and a client identifier; the orchestrator restricts which retrieval corpora are reachable from that request, blocks reuse of prompt context across matter boundaries, and runs a near-duplicate check on outputs against prior work product for unrelated clients. Where a potential bleed is detected, the request is held and surfaced to a configured reviewer rather than being delivered to the requesting practitioner. The architecture is deterministic at the boundary-check step — no external LLM is used to decide whether a boundary has been crossed.

The deliverable

• A deployed orchestration layer that wraps the firm’s existing AI tooling and enforces matter-level and client-level segregation
• Per-request boundary decisions: permitted, blocked, or held for review, each with a recorded rationale
• A near-duplicate output check against prior firm work product for unrelated clients
• Boundary event log suitable for principal-level review and for production to a professional standards investigation
• Configuration interface for the firm’s principal or general counsel to define information barriers, ethical walls, and reviewer escalation paths
• Onboarding workshop for the firm’s risk and compliance function on how the orchestrator maps to ASCR Rules 9, 10, and 11

Why this matters in Brisbane

Queensland adopted the ASCR in June 2012, and Brisbane firms are regulated against them by the Queensland Law Society. The boundary duties — confidentiality and conflict avoidance — apply to every solicitor in the firm and, by reason of supervision obligations, to the firm’s principal. A firm-wide AI deployment without an enforced privilege boundary creates a single shared surface across every matter the firm runs; that is exactly the structural risk the ASCR was designed to prevent in physical-file form. Brisbane principals adopting AI tooling now are the ones who will be asked, in two or three years, how they ensured the duty was discharged across the deployment.

CTA

Join the waitlist — be the first to know when access opens for Brisbane firm principals

The Privilege Boundary Orchestrator is in build. We are scoping deployments with a small number of mid-size Australian firms and shaping the access tiers around what those firms tell us about their existing AI stack. Join the waitlist and we’ll be in touch when the first cohort opens.

Sources

1. Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Client/Firm Privilege Boundary Orchestrator spec