Privilege Containment Proxy Agent for Melbourne In-House Counsel: Stop Privileged Content Leaving the Building Through an AI Prompt

Your commercial team has been using a public LLM to summarise contracts for six months. Today the GM forwarded you a thread where someone pasted board minutes — including counsel advice on a contested matter — into a chat to “get a plain English version.” You’ve now got privileged content sitting in a vendor’s logs, possibly used as training signal, possibly accessible by another tenant. The Australian Solicitors’ Conduct Rules don’t care that it was a marketing coordinator who pasted it. The Privilege Containment Proxy Agent is built to prevent the next instance of this before it happens.

The problem

Privilege bleed inside a corporate legal function rarely looks like espionage. It looks like a finance analyst pasting a draft settlement deed into ChatGPT to reformat a table. It looks like a procurement lead asking an LLM to “tighten” a memo that quotes your written advice. It looks like an engineer using a coding assistant to refactor a tool that ingests legal hold notices. Each of those interactions sends privileged or confidential material to an external model, where retention, sub-processing and access controls are governed by the vendor’s terms — not your client privilege framework.

The Australian Solicitors’ Conduct Rules treat confidentiality and competent supervision as core obligations. Rule 9 requires solicitors to maintain client confidentiality. Rule 37 requires supervisors to ensure work done under their supervision is performed competently — which extends to the systems and tools that work passes through. For in-house counsel, the practical problem is that you don’t control the endpoints. Your business colleagues have AI tools in every workflow, and a once-off training session won’t stop a privileged paragraph being pasted at 4pm on a Tuesday.

What the Privilege Containment Proxy Agent does

The Privilege Containment Proxy Agent is an inline proxy that sits between your organisation’s users and any external AI model (public LLM APIs, embedded copilots, browser-based chat tools routed through the corporate network). Every outbound prompt is intercepted, inspected for privilege markers and confidential content, and either scrubbed, blocked, or routed through a sanctioned path before it reaches the external model. The deliverable is a containment layer that lets the business continue to use AI without exposing privileged material to vendors outside your control.

It is not a generative tool. It does not draft, summarise or advise. It is a gate — designed narrowly so that its security and audit posture can be reasoned about.

How it works

1. Inline interception. The proxy is configured as the egress path for AI traffic — via DNS routing, browser extension, or API gateway depending on how your organisation consumes models. Calls to external endpoints (OpenAI, Anthropic, Google, embedded copilots) pass through it.
2. Privilege and confidentiality detection. Each prompt is scanned for markers consistent with legal advice, matter identifiers, board materials, witness statements, and other categories you configure. Detection runs locally — the proxy does not send the prompt to a third-party classifier to decide whether to send it to a third party.
3. Action per policy. Depending on the rule, the proxy will block the call, redact the offending segments and forward a scrubbed prompt, or route the request to a sanctioned internal model with appropriate confidentiality terms.
4. Audit log per interaction. Every intercepted call is logged with timestamp, user, classification verdict, action taken, and a hash of the original prompt. The log is retained inside your environment for supervision and incident review under ASCR Rule 37.
5. Feedback to supervising counsel. Patterns of attempted privileged submissions are surfaced to you weekly so you can address the underlying workflow — not just the individual incident.

Why this matters in Melbourne

Victorian solicitors are bound by the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015, which gave the ASCR statutory force in Victoria from 1 July 2015 under the Legal Profession Uniform Law framework administered by the Law Council and state regulators. For in-house counsel in Melbourne, that means the confidentiality obligation in Rule 9 and the supervision obligation in Rule 37 are not aspirational — they sit on top of your duty to your employer-client and travel with you regardless of how the business chooses to deploy AI tooling. The Law Council’s 2026 ASCR review is also examining how solicitors should respond to ethical pressures from new statutory regimes (including AML/CTF reporting and tipping-off provisions), which raises the bar on what counts as adequate control over what leaves your environment in a prompt.

If you cannot describe, with evidence, how privileged material is prevented from reaching external AI vendors, the answer in a regulator or court inquiry is unlikely to be “we told staff not to.”

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Privilege Containment Proxy Agent spec
• RuleCheck by Exegesis — open-source pre-lodgement verifier

Join the waitlist

Join the waitlist — be the first to know when access opens for Melbourne in-house legal teams

The Privilege Containment Proxy Agent is in design partner phase. We’re working with a small number of Melbourne in-house teams to shape the deployment model (browser extension, network proxy, or API gateway), the policy library, and the supervision reporting cadence. Join the waitlist and we’ll be in touch when the next intake opens — what you tell us in the form will shape what gets built next.