Privilege Containment Proxy Agent for Sydney In-House Counsel: Stop Privileged Content Reaching External Models

Your commercial team has a Copilot licence. Your engineers are pasting contract drafts into ChatGPT to “summarise the indemnity”. Someone in M&A asked an external LLM to red-line a term sheet that names the counterparty, the price, and the deal structure. You are the General Counsel. You are responsible for legal professional privilege across the group, and you do not currently have a technical control that prevents privileged material from leaving the tenant boundary. The Privilege Containment Proxy Agent is built to put that control between your people and the models they use.

The problem

Legal professional privilege attaches to confidential communications made for the dominant purpose of obtaining or providing legal advice — and it is fragile. Once privileged content is disclosed to a third party without a confidentiality arrangement that preserves the privilege, waiver arguments become available to opposing parties and regulators. Commercial LLM providers process inputs on infrastructure operated by third parties, often outside Australia, and often without contractual terms that an Australian in-house team would accept for outside-counsel advice. The Australian Solicitors’ Conduct Rules (ASCR) — adopted as the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 in New South Wales from 1 July 2015 — impose duties of confidentiality (Rule 9) and competent service delivery (Rule 4) on solicitors, including in-house counsel. These obligations don’t pause when a business unit decides to use an AI tool. The exposure is two-directional: privileged content leaving the perimeter, and content from one matter contaminating prompts on another (privilege bleed across matters, or across legal entities within a group).

What the Privilege Containment Proxy Agent does

The Privilege Containment Proxy Agent is an inline proxy that sits between user-facing AI tools and the external model endpoint. Every outbound call is intercepted before it reaches the third-party provider. The proxy scans the prompt for privileged content — defined by patterns the legal team configures: matter codes, counsel names, counterparty names, deal codenames, board paper references, regulator correspondence markers, document categories tagged in the DMS. Matches are scrubbed, redacted, or blocked depending on the policy for that user, that channel, and that destination model. The deliverable is the proxy itself plus the policy configuration and the audit trail: every interception, every redaction, every block, retained in a form your office can produce to the board, the audit committee, or a regulator.

How it works

1. Deploy the proxy in front of the AI tools your organisation has approved — Microsoft Copilot, ChatGPT Enterprise, Claude, internal RAG endpoints — so all outbound calls route through it.
2. Configure privilege patterns with the legal team: matter numbers, privileged-document markers from the DMS, sensitive counterparty lists, deal codenames, names of external counsel firms instructed.
3. Set channel policies — what gets blocked outright, what gets redacted and allowed through, what gets allowed with a warning logged against the user.
4. Intercept and act — at call time, each prompt is scanned, the policy is applied, the cleaned prompt (or a block notice) is returned, and the action is logged.
5. Review the audit log weekly or monthly: which users tried to send what, which matters were touched, what policy adjustments are needed.

Why this matters in Sydney

Sydney in-house teams sit under the Legal Profession Uniform Law, which commenced in New South Wales on 1 July 2015 and under which the ASCR apply to solicitors in NSW. The Law Council’s Professional Ethics Committee maintains the ASCR as the agreed statement of professional and ethical obligations for solicitors, including the duty of confidentiality. For in-house counsel in NSW, a privilege waiver event isn’t a theoretical compliance failure — it is a live risk to the company’s position in current and future disputes, to the privilege status of board advice, and to the GC’s own conduct obligations as a solicitor on the roll. Many Sydney-headquartered organisations also operate across state lines and into the Uniform Law jurisdictions of Victoria and Western Australia, which means the same ASCR-derived duties apply to a single in-house team operating nationally. A technical control that contains privileged content at the network layer — rather than relying on individual users to remember the policy — is the kind of measure a GC can point to when asked, by the board or a regulator, what is in place.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Privilege Containment Proxy Agent spec (03_Agentic_Solutions/Privilege_Containment_Proxy_Agent.md)
• RuleCheck by Exegesis — open-source citation verifier from the same stack

Join the waitlist

Join the waitlist — be the first to know when access opens for Sydney in-house teams

The Privilege Containment Proxy Agent is in scoping. We’re working through deployment patterns (per-tenant proxy, per-user agent, gateway integration) and pricing structures with early in-house teams. Join the waitlist and the conditions you tell us about — your AI tooling stack, your DMS, your group structure — will shape how the offering you sit in actually works.