Privilege Firewall Orchestrator for Brisbane In-House Counsel: Stop AI Tools Cross-Pollinating Confidential Matters

You run legal for a Brisbane-headquartered group with three live disputes, an acquisition under NDA, and a regulator engagement. Your team — and the business teams who don’t always tell you what they’re doing — have started pasting matter content into the same AI assistant. The model has no concept of which matter is which. Context from the acquisition surfaces in a draft about the regulator. Privileged advice from external counsel ends up sitting in the same conversation history as a routine commercial query. You haven’t had a leak yet that you know of. The Privilege Firewall Orchestrator is built so you don’t have to find out the hard way.

The problem

In-house teams have adopted shared AI assistants faster than they’ve built controls around them. The Australian Solicitors’ Conduct Rules require solicitors to maintain confidentiality of client information (Rule 9) and to avoid conflicts between current clients and between current and former clients (Rules 10 and 11). For in-house counsel, the “client” is the corporate group and its constituent matters — and the duty to keep privileged communications from being inadvertently disclosed or waived applies whether the channel is a junior lawyer’s notebook or a model prompt window.

The specific failure pattern is “privilege bleed”: confidential or privileged content from Matter A becomes part of the working context an AI tool draws on for Matter B. The risks are concrete — inadvertent waiver of legal professional privilege, conflicts that should have been screened, and confidential third-party information (counterparties, targets, witnesses) flowing into unrelated work product. Once content has been cross-pollinated through a shared model context or a shared retrieval index, undoing it is not a technical option.

What the Privilege Firewall Orchestrator does

The Privilege Firewall Orchestrator is a control layer that sits between your in-house team’s AI tooling and your matter content. It enforces a multi-matter firewall: each matter has its own isolated context, its own retrieval index, and its own access list, and the orchestrator refuses to mix them. It is the deliverable described in the Exegesis Legal catalog as a multi-matter privilege firewall — preventing AI tools from cross-pollinating confidential content between client matters.

Concretely, the orchestrator:

• Tags incoming content (uploads, prompts, pasted text) to a matter ID at the point of entry
• Maintains a separate retrieval index per matter, so no model query can reach across matter boundaries
• Blocks prompts that reference content from a matter the user is not cleared on
• Logs every cross-matter access attempt for the General Counsel’s governance review
• Produces a per-matter audit trail suitable for evidencing confidentiality controls under ASCR Rule 9

How it works

1. Matter onboarding — Each matter is registered with an ID, owner, access list, and confidentiality classification. The orchestrator provisions an isolated context store and retrieval index.
2. Content tagging at intake — Documents, emails, and prompts entering the system are tagged to a matter at the point they arrive. Untagged content is held until a matter is assigned.
3. Prompt-time enforcement — When a user issues a prompt, the orchestrator checks the user’s matter clearances and limits retrieval to the relevant matter’s index. Cross-matter retrieval is refused, not silently filtered.
4. Conflict screening — When a new matter is added, the orchestrator screens the access list against existing matter clearances and flags potential conflicts under ASCR Rules 10 and 11 for human review.
5. Audit and review — Every access, every blocked attempt, and every clearance change is logged. The General Counsel receives a weekly review pack.

Why this matters in Brisbane

Queensland adopted the Australian Solicitors Conduct Rules in June 2012, and they bind every admitted solicitor practising in the state — including in-house counsel employed by Brisbane-headquartered corporates. The ASCR’s Rule 9 confidentiality duty and Rule 10/11 conflict rules apply with the same force to a General Counsel running a legal function inside a listed company as to a partner in private practice. When an in-house team adopts a shared AI assistant without matter-level isolation, the duty hasn’t changed — only the surface area where it can be breached.

There is a second pressure point specific to the next twelve months. The Law Council is consulting on amendments to the ASCR in response to the Anti-Money Laundering and Counter-Terrorism Financing regime that brings new obligations for solicitors providing “designated services” from 1 July 2026, including suspicious matter reporting and a “tipping off” prohibition. Tipping off, by its nature, requires that information about a report not leak — including through AI tools that don’t know which matter they’re operating in. A privilege firewall is the same control surface that prevents both classes of failure.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Join the waitlist

The Privilege Firewall Orchestrator is on the Exegesis Legal roadmap. We are scoping it with a small number of in-house teams in Brisbane and elsewhere to land the right control surface before general release.

Join the waitlist — be the first to know when access opens for Brisbane in-house teams

What we hear from waitlist members shapes the matter-tagging model, the conflict screening logic, and the audit pack format. If you run an in-house function in Brisbane and you’ve already seen AI tools straying across matter lines, we want to talk to you.