Shadow AI Detection & Amnesty for Brisbane In-House Counsel: Find the Tools Your Team Is Already Using

You’re the GC of a Brisbane company and you know — without being told — that someone on the legal team has been pasting contract clauses into ChatGPT. Maybe a junior. Maybe a senior. Probably both. You don’t have a number, you don’t have a list of tools, and you don’t have a safe way for them to tell you. Meanwhile, the Australian Solicitors’ Conduct Rules sit on the wall behind you, and your obligations under them don’t bend around the fact that the tool wasn’t sanctioned. Shadow AI Detection & Amnesty is built to surface what’s actually happening inside your team — without turning it into a disciplinary exercise that drives the behaviour further underground.

The problem

Shadow AI use — staff using consumer LLM tools (ChatGPT, Claude, Gemini, Copilot variants, browser extensions, transcription tools) without formal approval — is now a baseline assumption in most legal teams, not an exception. For in-house counsel, the exposure compounds: confidentiality obligations under the ASCR apply to every solicitor on the team regardless of whether they used an approved tool, and client (in the in-house context, internal business unit) data pasted into a public model may sit outside the organisation’s information governance perimeter entirely.

The honest difficulty is detection. Staff who used an unsanctioned tool to draft, summarise, or review legal content have strong incentives not to disclose it — particularly once an internal AI policy exists with consequences attached. Without a structured amnesty pathway, the GC ends up with a policy on paper, a quiet practice in reality, and no map of which matters were touched by which tool.

What Shadow AI Detection & Amnesty does

Shadow AI Detection & Amnesty is an Exegesis service shape that combines two things deliberately:

1. Detection — a structured discovery exercise across the legal team to identify which AI tools have actually been used, on which categories of matter, and with what data
2. Amnesty — a time-bounded disclosure window with pre-agreed terms (no individual disciplinary outcomes for disclosed historical use) designed to surface the real picture rather than the sanitised one

The deliverable is a confidential inventory of shadow AI use across the team, a risk-tiered map of which matters and data categories were exposed, and a remediation plan that distinguishes “stop immediately” from “formalise with controls” from “acceptable as-is”. It is scoped specifically for in-house legal functions, where the buyer of the service is also the person who owns the ASCR exposure.

How it works

1. Scoping interview with the GC — agree the amnesty terms in writing, confirm scope (legal team only, or wider), and align on what the GC will and will not do with disclosures
2. Anonymous discovery survey — structured questionnaire delivered to the team covering tools used, matter types, data categories, and frequency, with responses routed to Exegesis rather than internal IT
3. Follow-up interviews — voluntary, confidential conversations to characterise the highest-risk usage patterns
4. Inventory and risk map — a written report identifying tool categories in use, ASCR-relevant exposure (confidentiality, competence, supervision), and matters that warrant retrospective review
5. Remediation plan — a prioritised list of policy, tooling, and training actions, with the GC retaining full discretion over what gets implemented

Why this matters in Brisbane

Queensland adopted the Australian Solicitors’ Conduct Rules in June 2012, and the ASCR remain the operative professional conduct framework for solicitors practising in Brisbane — including in-house counsel admitted to practice. The Rules are, as the Law Council describes them, “a statement of professional and ethical obligations derived from solicitors’ duties as an officer of the court, the common law and equity, legislation, and the collective judgment of the legal profession”. Confidentiality, competence, and supervision obligations under the ASCR do not distinguish between sanctioned and unsanctioned tooling — a solicitor’s duty to the client (or to the employer, in the in-house context) is the same either way.

For a Brisbane GC, that means the practical question isn’t whether shadow AI use creates ASCR exposure — it does — but whether you have a defensible map of where that exposure sits before someone outside the team starts asking.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Shadow AI Detection & Amnesty service spec

Join the waitlist

Join the waitlist — be the first to know when Shadow AI Detection & Amnesty opens for Brisbane in-house legal teams

The service is being scoped as a fixed-engagement offering (discovery + amnesty + report + remediation plan) rather than an ongoing subscription. Join the waitlist and we’ll let you know when engagement slots open — and what we hear from you will shape how the amnesty terms and reporting format actually work in practice.