Privilege Perimeter Enforcement Gateway for Brisbane In-House Counsel: Stop Privileged Content Bleeding Through AI Tools

You run legal for a Brisbane-headquartered group. The business has rolled out an enterprise LLM assistant to every desk — procurement, HR, engineering, the board secretariat. Someone in operations pastes a draft litigation hold notice into the chat to “make it clearer”. Someone in finance summarises a board pack that contains advice from external counsel. The model is shared. The logs are shared. You now have legally privileged content sitting in a vector store that wasn’t scoped for privilege, alongside content from matters that should never have been adjacent. That is privilege bleed, and once it has happened, the question is no longer “can we prevent this” but “can we prove the perimeter held”.

The problem

In-house teams in Queensland are bound by the Australian Solicitors’ Conduct Rules (adopted in Queensland in June 2012 as the Australian Solicitors Conduct Rules). Rule 9 requires solicitors to keep client information confidential, and Rule 11 governs conflicts between concurrent clients — both of which apply with full force to in-house counsel acting for related corporate entities, joint ventures, or successive matters with overlapping subject matter. Generative AI tools, by default, do not respect these boundaries. They are designed to retrieve and synthesise across whatever content is in their context window or retrieval index. When a single corporate LLM deployment ingests privileged advice, board minutes, employee complaints, and counterparty correspondence into one searchable surface, the ASCR confidentiality and conflict obligations are not satisfied by the tool’s terms of service — they are satisfied by what the architecture actually permits.

The specific failure modes are familiar: privileged communications from external counsel summarised by an AI assistant and returned to a business user without legal review; instructions from one business unit referenced when answering a question from another with adverse interests; matter content from a closed engagement surfacing in retrieval results months later. Each is a candidate for waiver or for a Rule 11 conflict claim.

What the Privilege Perimeter Enforcement Gateway does

The Privilege Perimeter Enforcement Gateway is a boundary control layer that sits between your AI tools (chat assistants, retrieval systems, drafting copilots) and the content they are permitted to see or produce. It enforces, at the request and response level:

• Input controls — classification of content being submitted to a model, with privileged content routed only to deployments that meet your retention and isolation requirements
• Output controls — inspection of model responses for content that originated in a privileged corpus the requesting user is not entitled to see
• Matter-segregation rules — explicit allow/deny lists between matters, entities, and business units, so a request scoped to Matter A cannot pull from Matter B’s index

The deliverable is boundary controls between privileged and non-privileged content on AI inputs and outputs — implemented as a gateway your existing AI tools call through, not a replacement for them.

How it works

1. Classify the privileged corpus. We work with you to identify which document stores, mailboxes, and matter folders are privileged or matter-segregated, and tag them with the policy rules that apply (which users, which matters, which retention period).
2. Place the gateway in the request path. Every call from your AI assistant or retrieval system to a model passes through the gateway — both the prompt going out and the response coming back.
3. Apply input policy. Privileged content is detected (by source tag and by classifier) and either blocked, redacted, or routed to an isolated deployment depending on policy.
4. Apply output policy. Responses are checked against the requesting user’s entitlements; content that would cross a matter boundary or expose privileged material to a non-entitled user is blocked and logged.
5. Log every decision. Every allow, block, and redaction is written to an immutable audit log, so the perimeter is provable — not just claimed.

Why this matters in Brisbane

Queensland adopted the ASCR in June 2012, and Queensland in-house counsel are bound by Rules 9 (confidentiality) and 11 (conflicts) as a matter of professional obligation, not just internal policy. Brisbane-headquartered groups with operations across Queensland, New South Wales and Victoria are also operating under the Legal Profession Uniform Law in the southern states, which carries the ASCR forward as the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015. A general counsel in Brisbane managing a multi-jurisdiction group is therefore enforcing the same conduct rule set across every desk where an AI tool is in use — and the Law Council’s 2026 review of the ASCR signals continuing tightening, not loosening, of confidentiality and reporting obligations on solicitors.

Privilege, once waived through careless adjacency in an AI tool, is difficult to reassert. The gateway exists so that the answer to “how do you know the perimeter held?” is a log, not a hope.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Privilege Perimeter Enforcement Gateway spec
• RuleCheck by Exegesis (open-source citation verifier)

Join the waitlist

Join the waitlist — be the first to know when the Privilege Perimeter Enforcement Gateway opens for Brisbane in-house teams

We’re scoping early-access deployments with in-house teams in Brisbane and the eastern seaboard. Join the waitlist and we’ll talk through your current AI surface, where the privilege boundaries sit, and what a gateway deployment would look like against your existing tooling.