Privilege Containment Proxy Agent for Brisbane In-House Counsel: Stop Privileged Content Leaving Your Tenant

You’re general counsel at a Brisbane-headquartered group. The business has rolled out a general-purpose AI assistant across legal, finance and procurement. Three weeks in, a paralegal pastes a draft board paper — with frank advice on a regulatory exposure — into a chat window to “summarise it for the audit committee”. The content now sits in a model provider’s logs, possibly in training pools, and is reachable by colleagues across other matters through the same tenant. Privilege was waived in the moment it left your perimeter, and you have no log of which model saw what. The Privilege Containment Proxy Agent is built to prevent that class of leak before the request leaves the building.

Why it matters now

The Australian Solicitors’ Conduct Rules impose a continuing duty of confidentiality on solicitors with respect to a client’s information, and equivalent ethical obligations apply to in-house solicitors holding a practising certificate in Queensland. Client legal privilege at common law is fragile: it can be lost by disclosure to a third party, including a service provider whose terms of use permit retention, model training or human review of submitted content. Many general-purpose generative AI tools — including consumer-tier chat interfaces and unconfigured enterprise plans — process submissions in ways that are inconsistent with the confidentiality obligations owed by an in-house legal team to its client (the company and, in some structures, related entities). Once a privileged communication is submitted to such a tool, the question of whether privilege survives becomes a contestable factual issue you do not want to argue. The practical exposures multiply when the same AI tenant is shared by legal, M&A, HR and procurement: privileged advice on one matter can be retrieved as context in a prompt on a different matter — privilege bleed — without anyone in legal seeing it happen.

The 5-minute view

Privilege bleed is the transmission of privileged or confidential client material into an external AI service in a way that may waive privilege, breach confidentiality, or expose the material to other users or matters
ASCR Rule 9 (confidentiality of clients’ information) and the broader duties in Rules 3 and 4 apply to in-house solicitors with a practising certificate
Generic enterprise AI deployments rarely distinguish between “legal-privileged draft”, “commercial-sensitive”, and “public” content at the prompt level
Once content is submitted to an external model, recall is impractical — the control point has to be before the API call leaves your network
The Privilege Containment Proxy Agent sits between staff applications and the external model endpoint, inspects each request, and scrubs or blocks privileged content before submission
Decisions are logged with matter identifiers so legal can audit what was inspected, what was redacted, and what was sent

What Exegesis is building

The Privilege Containment Proxy Agent is an inline proxy that intercepts outbound AI calls from configured client applications and applies a deterministic privilege-containment policy before any request reaches an external model provider. The agent enforces three things in sequence: classification (does this request contain content tagged or detected as privileged or client-confidential), transformation (redact, summarise to a non-privileged abstract, or substitute placeholders for client identifiers), and routing (allow to the configured external model, downgrade to an internal-only model, or block with a reason returned to the requesting application). The proxy is intended to be deployed inside the client’s own network boundary — no draft content is sent to Exegesis. It pairs with RuleCheck by Exegesis, the open-source pre-lodgement checker (github.com/andrefabre/rulecheck), which shares the same local-first, no-external-LLM posture for verification work.

The deliverable

An inline proxy deployed in your network that intercepts AI API calls from approved client applications
A configurable containment policy: detect, redact, summarise, downgrade, or block
Per-request audit log: timestamp, requesting user, matter tag (where supplied), classification decision, action taken, content hash
Allow-listing of approved external models and explicit deny of unconfigured endpoints
Weekly governance report for the GC: volume of intercepted requests, redaction rate, top blocked patterns
No transmission of draft content to Exegesis — the proxy runs in your tenant, configuration is the only thing we touch

CTA

Join the waitlist — be the first to know when the Privilege Containment Proxy Agent opens for Brisbane in-house legal teams

The Privilege Containment Proxy Agent is in design partner intake. We’re scoping deployment models (single-tenant container, sidecar to your existing AI gateway, or managed appliance) and pricing structure with the first cohort. Join the waitlist and we’ll let you know when access opens — and what we hear from you will shape the containment policy defaults shipped in v1.

Sources

Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references: