Shadow AI Detection & Amnesty for Perth In-House Counsel: Surface the Tools Your Team Is Already Using

Someone in legal ops pastes a draft commercial contract into a consumer chatbot to “tidy it up.” A paralegal runs board-pack extracts through a free summariser before the Tuesday meeting. A junior lawyer uses an AI research tool on their personal laptop because procurement hasn’t approved the firm licence yet. You are the General Counsel. You don’t know any of this is happening — and under the Australian Solicitors’ Conduct Rules, the duties of confidentiality and competent representation sit with the solicitors involved regardless of which tool they used. Shadow AI Detection & Amnesty is built to surface this activity inside your team without turning the disclosure into a disciplinary event.

The problem

Shadow AI use inside in-house legal teams typically grows faster than the governance framework around it. Staff adopt consumer-grade tools because they’re free, fast, and one tab away — not because they intend to breach policy. The exposure compounds in three directions at once. Confidentiality obligations under the ASCR extend to any disclosure of client or board information, including paste-into-prompt disclosures to third-party LLM providers whose data handling the firm has never reviewed. Candour and competence duties extend to any work product where AI-generated content (including fictitious citations or misstated authorities) was not verified before it left the team. And from a corporate governance angle, the in-house team is often the function expected to advise the rest of the business on AI risk — which is difficult to do credibly while shadow use inside legal itself is unmeasured.

The harder problem is cultural. Once staff suspect that admitting to AI use will trigger an HR process, disclosure stops and the activity moves further underground. An amnesty-led approach is designed to break that cycle.

What Shadow AI Detection & Amnesty does

Shadow AI Detection & Amnesty is the Exegesis service shape for discovering, and offering structured amnesty for, shadow AI tool use inside a legal team. It pairs two workflows that most firms run separately and badly: a discovery exercise that maps which AI tools staff are actually using and for what tasks, and a no-fault amnesty window during which staff can declare current use without that declaration triggering disciplinary action. The output is a current-state register of AI tools touching client or board information, a categorisation of each by confidentiality and ASCR risk, and a remediation plan that moves sanctioned use onto approved infrastructure.

The deliverable is intentionally not a surveillance product. It does not install endpoint monitoring. It does not read mailboxes. It is a structured engagement that gives the GC a defensible answer to “what AI is the legal team using?” — and a way to land governance changes that staff will actually comply with.

How it works

1. Scoping conversation with the GC. We agree the scope of the amnesty (which teams, which time window, what counts as in-scope use) and the confidentiality boundary around individual disclosures.
2. Anonymous discovery survey. Each team member completes a structured survey covering tools used, tasks performed, and data types involved. Responses are aggregated; individuals are not named in the report to the GC.
3. Amnesty window. During the agreed period, staff can disclose current use without it being treated as a conduct issue. The discovery output feeds directly into the remediation plan rather than into a personnel file.
4. Risk-mapped register. Each tool is mapped against ASCR obligations (confidentiality, competence, candour) and against the firm’s existing data-handling and client-engagement terms. Red, amber, green per use case.
5. Remediation and policy reset. A short, actionable policy update plus a list of sanctioned alternatives for the use cases that were genuinely useful. Repeat discovery scheduled at six months.

Why this matters in Perth

Western Australia adopted the Legal Profession Uniform Law on 1 July 2022, and the Australian Solicitors’ Conduct Rules took effect in WA from that date as the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules. That means Perth-based in-house counsel — including solicitors holding practising certificates in-house for ASX-listed and resources-sector employers — are working under the same ASCR framework that applies in Sydney and Melbourne, with the same confidentiality, candour, and competence duties attaching to AI-assisted work. Perth’s in-house legal market is concentrated around a small number of large employers (resources, energy, infrastructure, state government), which means the reputational consequence of a shadow-AI confidentiality incident travels quickly. An amnesty-led discovery is a low-cost way to find out where you stand before an incident forces the conversation.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Shadow AI Detection & Amnesty service shape (catalog: 03_Agentic_Solutions/Shadow_AI_Detection_and_Amnesty.md)
• RuleCheck by Exegesis — open-source citation verifier: https://github.com/andrefabre/rulecheck

Join the waitlist

Join the waitlist — be the first to know when Shadow AI Detection & Amnesty opens to Perth in-house teams

We’re scoping the engagement structure (single-team discovery, full-function amnesty, or recurring six-monthly review) based on demand from Australian in-house functions. Join the waitlist and we’ll let you know when access opens — what we hear from you shapes how the engagement is delivered.