Privilege Containment Proxy Agent for Perth In-House Counsel: Stop Privileged Content Leaving Your Tenant Before It Hits an External Model

You’re sitting in your Perth office reviewing a draft response to a regulator. Your operations team has spun up a GPT-style assistant inside the business, and your engineering lead has just told you that a junior product manager pasted a chunk of a board paper — including legal advice from external counsel — into a public model to “summarise it for the team”. The model provider’s terms say they don’t train on enterprise tenant data. You still have to work out what left the building, what’s now sitting in someone else’s logs, and whether privilege over that advice has been compromised. The Privilege Containment Proxy Agent is built to stop this transaction at the wire, before any privileged material reaches an external model endpoint.

The problem

Since the Legal Profession Uniform Law commenced in Western Australia on 1 July 2022, Perth solicitors — including in-house counsel admitted in WA — have been subject to the Australian Solicitors’ Conduct Rules. ASCR Rule 9 requires solicitors not to disclose any information confidential to a client without that client’s authorisation. For in-house counsel, the “client” is the employer, but privileged communications across business units, matters, and external advisers are routinely commingled in the same Microsoft 365 tenant, the same Slack workspace, and increasingly the same enterprise AI assistant.

Privilege bleed happens when content from one matter — or content that ought to have stayed inside the legal function — is exposed to a downstream system that does not respect the original confidentiality boundary. Once a prompt leaves the tenant and lands at an external model provider, you cannot recall it. You cannot guarantee the receiving party will not be compelled to produce logs in a foreign jurisdiction. And you cannot easily prove to a board, a regulator, or opposing counsel that the legal team did everything reasonable to maintain confidentiality.

Most enterprise AI governance policies rely on user training and a usage policy. Training and policy don’t stop a paste into a browser tab at 4:50pm on a Friday.

What the Privilege Containment Proxy Agent does

The Privilege Containment Proxy Agent is an inline proxy that sits between your users (or your enterprise applications) and any external AI model endpoint. Every outbound call is intercepted before it reaches the model provider. The proxy scrubs privileged content — legal advice markers, matter identifiers, named external advisers, content tagged as privileged in your DMS — and either redacts, blocks, or rewrites the prompt according to your configured policy. The model only ever sees what your in-house team has authorised it to see.

Critically, the proxy is deterministic. It does not use a second LLM to “decide” whether content is privileged. It uses rule-based detection against a configured pattern set and a tenant-controlled label registry, so the same input always produces the same outcome and the same audit record.

How it works

1. Deploy the proxy as a network endpoint inside your tenant (cloud or on-prem). Your enterprise AI assistant, your custom-built agents, and any approved external model integrations are configured to route through it.
2. Configure the privilege pattern set — legal-hold matter codes, external counsel names, “Privileged & Confidential” headers, document IDs from your DMS, and any custom markers your firm uses.
3. Intercept every outbound prompt. The proxy inspects the payload against the pattern set before it leaves the tenant.
4. Apply the action — redact specified spans, block the call entirely with a message back to the user, or rewrite the prompt to a sanitised form. Each action is logged.
5. Generate the audit record. Every intercept produces a timestamped entry showing what was detected, what action was taken, and which user or system initiated the call. The records are stored in your tenant — not ours.

Why this matters in Perth

In-house teams in WA’s resources, energy, and infrastructure sectors deal with information that attracts privilege across regulatory investigations, joint-venture disputes, and Native Title matters — frequently in parallel. The volume of cross-matter content sitting in one tenant is high, and the rotation of secondees and contractors through legal operations is constant. Under ASCR Rule 9 (confidentiality) and Rule 4 (duty to the administration of justice and to clients), the obligation to protect client information sits on the admitted solicitor regardless of whether the leak came from a paralegal, a product manager, or an AI integration nobody told legal about.

Perth in-house teams are also often the only legal function across multiple operating entities — meaning the “Chinese wall” between matters has to be enforced by technical controls, not org-chart separation. A deterministic proxy gives you a defensible answer when the board asks what stops privileged content reaching an external model.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Privilege Containment Proxy Agent spec
• RuleCheck by Exegesis (open-source citation verifier)

Join the waitlist

Join the waitlist — be the first to know when the Privilege Containment Proxy Agent opens for Perth in-house legal teams

We’re scoping deployment patterns (tenant-hosted vs managed), pattern-set authoring support, and pricing structure with the first cohort of in-house teams. Join the waitlist and we’ll get in touch as access opens.