Executive Summary
Assessment completed for
Green Mountain Legal Partners, LLP
Top 3 Risks Identified
- Client data traversing consumer-grade AI tools. Confidential matter documents, privileged communications, and client PII are actively flowing through personal ChatGPT free accounts and Microsoft Copilot with no controls, logging, or privilege protection.
- No attorney-client privilege governance over AI outputs. ABA Model Rule 1.6 obligates firms to protect client confidentiality. Current usage has no retention policy, no audit trail, and no supervision structure.
- VPC-perimeter gap in AI tool access. Westlaw AI, Lexis+ AI, and Microsoft 365 Copilot all have network access to firm data with role-based controls that have not been mapped. Sensitive matter data is discoverable to any staff member with a standard M365 license.
Private AI infrastructure — VPC-isolated deployment. Firm should transition from consumer/single-vendor AI to a controlled private deployment with: isolated inference, document-level access controls by matter, audit logging, and attorney-client privilege preservation. Estimated project: $42K–$68K (see Section 7).
Estimated Investment Range
| Component | Investment |
|---|---|
| AI Readiness Assessment (complete) | $7,500 (paid) |
| Private AI Build — Phase 1 (90 days) | $42,000 – $68,000 |
| Operations Retainer | $3,500 / month |
| Total Year 1 | $103,000 – $129,000 |
Section 1 — Firm Profile & Scope
Section 2 — Current State Inventory
AI tools currently in use across the firm, mapped by deployment type, user volume, and risk flag.
| Tool | Deployment Type | Users | Volume Estimate | Risk Flag |
|---|---|---|---|---|
| ChatGPT (free, personal accounts) | Consumer web / no firm controls | ~38 attorneys, ~65 staff | 200–400 queries/day estimated | 🟦 CRITICAL No firm visibility, no data controls, attorney-client privilege implications |
| Microsoft 365 Copilot | M365 tenant — standard license | ~22 attorneys (trial), ~40 staff | Unknown — no usage reporting configured | 🟩 HIGH Matter data accessible, no RBAC by matter configured |
| Westlaw AI (Edge + AI features) | Licensed SaaS | ~48 attorneys | High — daily use for case research | 🟨 MODERATE Third-party hosted, terms of service reviewed |
| LexisNexis+ AI | Licensed SaaS | ~15 attorneys (M&A practice) | Moderate | 🟨 MODERATE Third-party hosted |
| Clio AI (practice management) | SaaS, limited integration | ~8 paralegals | Low | 🟪 MEDIUM Client matter data in third-party system |
| Adobe Acrobat AI | Licensed per-seat | ~30 staff | Low — document analysis only | 🟢 LOW No client data transmission |
| Google Gemini (personal accounts) | Consumer web | ~8 attorneys, ~15 staff | Low | 🟦 CRITICAL Same as ChatGPT free tier |
| Draftwise (legal AI platform) | Pilot — 90-day trial | 4 M&A attorneys | Limited — 60 documents processed in trial | 🟩 HIGH Cloud-hosted, firm not in control of data retention |
Section 3 — Data Sensitivity Map
Data flow classification by practice area, mapped to AI tools currently touching each data type.
| Practice Area | Data Types | AI Tools Touching This Data | Classification | Volume Estimate |
|---|---|---|---|---|
| M&A / Corporate | Deal documents, LOIs, due diligence files, financial statements, board materials, M&A correspondence | ChatGPT (personal), Copilot, Draftwise | 🟦 Attorney-Client Privilege / Highly Confidential | ~2,400 documents/year |
| Litigation | Discovery materials, deposition transcripts, exhibits, settlement correspondence, privileged strategy memos | ChatGPT (personal), Copilot, Westlaw AI | 🟦 Attorney-Client Privilege / Work Product | ~6,800 documents/year |
| Estate Planning | Client wills, trust instruments, financial account data, health information, family details | ChatGPT (personal), Copilot, Clio AI | 🟦 PII / Sensitive Personal Data / Privileged | ~1,200 client files/year |
| General Admin | HR records, financial statements, lease agreements, vendor contracts | ChatGPT (personal), Copilot, Gemini | 🟪 Internal / Confidential | ~800 documents/year |
"A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."
"A lawyer shall ensure that the services of nonlawyers employed by the lawyer are compatible with the professional obligations of the lawyer."
Key violations observed:
- Personal ChatGPT accounts used for client matter research create inadvertent disclosure to a third-party AI provider under terms of service that disclaim client confidentiality obligations.
- Microsoft 365 Copilot has not been configured to restrict access by matter — a litigation associate could theoretically surface privileged discovery documents in a Copilot query.
- No supervision structure exists for AI tool usage by paralegals and legal assistants — Rule 5.3 direct supervision obligation not met.
- Draftwise pilot is processing deal documents on cloud infrastructure the firm has not audited for security certifications or data retention policies.
Section 4 — Exposure Scenarios
Four plausible incident scenarios based on observed firm behavior and current AI tool usage patterns.
Client M&A Deal Documents Leaked via Personal AI Tool
Probability: HIGH without controlsTrigger: An M&A associate uses their personal ChatGPT free account to summarize a 200-page due diligence data room output. The document — containing non-public target financials, customer lists, and deal terms — is transmitted to OpenAI's servers.
How it happens: ChatGPT free accounts have no enterprise data controls. The document is processed and may be retained in OpenAI's training pipeline. A competitor, journalist, or opposing counsel could theoretically discover deal details through model outputs.
Privileged Litigation Strategy Surfaced via Copilot Misconfiguration
Probability: MODERATE — requires misconfiguration, but commonTrigger: Microsoft 365 Copilot tenant is configured with standard M365 permissions. A paralegal in the litigation group asks Copilot to summarize deposition excerpts across all cases. Copilot surfaces privileged strategy notes from a senior partner's email in the same tenant.
How it happens: M365 Copilot can surface content from emails, SharePoint, and Teams if underlying permissions allow access. Without matter-level RBAC, cross-contamination of privileged content is possible.
Client PII Exposed Through Estate Planning AI Workflow
Probability: HIGH — common behavior among estate planning staffTrigger: An estate planning paralegal uses ChatGPT to draft a trust instrument summary for attorney review. They paste client financial account numbers, health conditions, and family structures into the query. This data is now in a consumer AI system with no encryption, no retention controls, and no access restrictions.
How it happens: Personal accounts used for work tasks are indistinguishable from personal use. The firm has no visibility or controls.
Draftwise Data Retention — Deal Data in Unaudited Cloud Infrastructure
Probability: MODERATE — common oversight in fast-moving AI adoptionTrigger: Draftwise processes M&A due diligence documents for 4 attorneys in a 90-day pilot. The firm does not have a Business Associate Agreement (BAA) with Draftwise. Client deal data — including financial statements and deal terms — is stored on Draftwise's cloud infrastructure.
How it happens: The pilot was initiated without IT review, legal review of ToS, or data processing agreement. No BAA exists. If Draftwise experiences a breach or changes its data retention policy, client data is unprotected.
Section 5 — Recommended Architecture
VPC-isolated deployment isolates AI inference from public cloud infrastructure, maintains full data sovereignty, and provides attorney-client privilege protection through technical and procedural controls.
Matter-Segmented
Self-hosted or VPC-locked provider
| Component | Description | Implementation |
|---|---|---|
| Document Ingestion Pipeline | Secure upload of matter documents into a segmented, encrypted document store | On-premise or AWS/VPC-locked S3-compatible storage with AES-256 encryption |
| Matter-Segmented RBAC | Role-based access controls prevent cross-matter data leakage | Custom permission layer enforcing attorney-client privilege boundaries per matter |
| Private LLM Inference | Self-hosted or VPC-isolated model — no data leaves firm environment | Llama 3.1 70B via private GPU cluster; or Mistral via private cloud partner; or Private GPT-4o deployment via Azure AI (no training data use) |
| Audit Logging Layer | Immutable, timestamped logs of every query — attorney ID, matter, document, output | Append-only log to separate audit store with SHA-256 integrity verification |
| Attorney Review Interface | AI outputs flagged "draft — attorney review required" before work product incorporation | Workflow enforcement layer |
| BAA / DPA Framework | Standardized data processing agreements with all AI vendors covering privilege, retention, breach notification | Legal review gate before any AI tool is onboarded |
Section 6 — Phased Roadmap
90-Day Plan — Foundation
Assessment: included ($7,500) · Internal resource: ~40 hrs IT, ~20 hrs attorney time
| Milestone | Deliverable | Owner | Target |
|---|---|---|---|
| AI tool inventory audit | Complete list of all AI tools in use with usage mapping | IT Director + Operations | Week 2 |
| Data classification baseline | Map all practice area data flows, classify by privilege/PII level | CIO + Practice Group Leaders | Week 4 |
| Immediate policy deployment | Interim policy: no client data in personal AI accounts; attorney acknowledgment | Managing Partner | Week 3 |
| M365 Copilot RBAC configuration | Segment Copilot access by practice group and matter level | IT Director | Week 6 |
| Draftwise pilot evaluation | Legal review of ToS, BAA negotiation or discontinuation of pilot | General Counsel (external) | Week 4 |
| Vendor shortlist for private AI | Evaluate 3 providers (self-hosted, Azure AI private, private cloud partner) | CIO + Vermont AI Systems | Week 6 |
| Phase 1 deliverable | Complete AI risk report with immediate remediation actions and private AI vendor recommendation | ||
180-Day Plan — Private AI Build
Cost: $42,000 – $68,000 · Internal resource: ~120 hrs IT, ~60 hrs attorney time
| Milestone | Deliverable | Target |
|---|---|---|
| Private AI infrastructure design | Architecture spec with networking diagram, security controls, vendor selection | Month 4 |
| Document ingestion pipeline | Matter-segmented document store with encryption and access controls | Month 5 |
| LLM inference deployment | Private model deployed in VPC; integration with document store | Month 5–6 |
| Audit logging layer | Immutable audit system operational and tested | Month 6 |
| Attorney onboarding | Training program for all 52 attorneys on private AI tools and privilege protocols | Month 6 |
| Policy formalization | Updated firm AI policy, attorney acknowledgment, paralegal training | Month 6 |
| Phase 2 deliverable | Fully operational private AI system in production | |
365-Day Plan — Optimization & Scale
Cost: included in operations retainer ($3,500/mo) · Internal resource: ~40 hrs/quarter IT, ~8 hrs/quarter governance
| Milestone | Deliverable | Target |
|---|---|---|
| Advanced matter intelligence | AI-powered matter research, contract analysis, deposition prep — integrated into iManage | Month 9 |
| Performance measurement | Baseline metrics established; AI ROI reporting to managing partner quarterly | Month 9 |
| Practice group expansion | Expand from M&A pilot to litigation and estate planning use cases | Month 10 |
| Vendor audit | Annual security and compliance review of all AI vendors | Month 12 |
| AI governance committee | Standing committee (managing partner, CIO, 2 practice group leads) — quarterly review | Month 12 |
| Phase 3 deliverable | Firm-wide private AI governance program operational with measurable ROI | |
Section 7 — Investment Estimate
Assessment
Already completed for this fictional firm profile as part of the sample illustration.
| Item | Amount |
|---|---|
| AI Readiness Assessment — full engagement | $7,500 |
| Total Assessment | $7,500 |
Private AI Build — Itemized Estimate
Range provided because final scope depends on infrastructure decisions (on-premise vs. cloud VPC) and integration complexity. A fixed-price engagement can be scoped in a 2-hour discovery call.
| Component | Low Estimate | High Estimate | Notes |
|---|---|---|---|
| Infrastructure assessment & design | $6,000 | $10,000 | Architecture, vendor selection, security spec |
| Document ingestion pipeline development | $8,000 | $14,000 | Matter-segmented storage, encryption, API integration |
| Private LLM deployment (VPC) | $12,000 | $20,000 | GPU instance or private cloud partner; Llama 3.1 or Mistral |
| RBAC and access control layer | $7,000 | $12,000 | Matter-level permissions, attorney ID binding, audit schema |
| Audit logging system | $5,000 | $8,000 | Immutable log infrastructure, compliance dashboard |
| Integration with iManage / M365 | $4,000 | $7,000 | Document management system integration |
| Testing, QA, security audit | $5,000 | $9,000 | Penetration testing, compliance validation, privilege audit |
| Project management & change management | $3,000 | $6,000 | Attorney training, policy documentation, rollout |
| Build Subtotal | $50,000 | $86,000 | |
| Discount applied | ($8,000) | ($18,000) | |
| Net Build Cost | $42,000 | $68,000 |
Operations Retainer
| Item | Monthly | Annual |
|---|---|---|
| System monitoring and uptime management | $1,200 | $14,400 |
| Security patch management and vulnerability scanning | $600 | $7,200 |
| Audit log review and compliance reporting | $400 | $4,800 |
| AI model updates and performance optimization | $500 | $6,000 |
| Quarterly governance committee support | $300 | $3,600 |
| Help desk for attorney AI tool questions (business hours) | $500 | $6,000 |
| Operations Retainer | $3,500 | $42,000 |
Section 8 — Vendor Comparison
Three-path analysis: Private AI Build (recommended) vs. ChatGPT Enterprise vs. Harvey AI.
| Criteria | Private AI Build Recommended |
ChatGPT Enterprise | Harvey AI |
|---|---|---|---|
| Data sovereignty | ✓ Full — data never leaves firm VPC or on-premise | ✗ OpenAI processes data under Business Addendum; not privilege-safe | ⚠ Opt-out required for training data use; default shares data |
| Attorney-client privilege protection | ✓ By architecture — no third party can access firm data | ✗ Not designed for legal privilege | ⚠ Legal platform but training data policy requires opt-out negotiation |
| Matter-level RBAC | ✓ Full matter segmentation achievable | ⚠ Available via enterprise admin but not matter-specific | ⚠ User-level permissions, not matter-segmented |
| Audit logging | ✓ Immutable, attorney-level, matter-tagged logs | ⚠ Basic admin logs, no matter tagging | ⚠ Limited — not purpose-built for compliance |
| ABA Rule 1.6 compliance | ✓ Architecture designed for it | ⚠ Business Addendum does not equal privilege protection | ⚠ Depends on training opt-out execution |
| Ongoing cost (Year 1) | $42K–$68K build + $42K retainer | ~$40K/year (600 seats × $660/user) | ~$60K–$120K/year (usage-based, ~$500–$1,000/attorney/month) |
| Scalability | ✓ | ✓ | ✓ |
| Firm control over model | ✓ Can switch models, fine-tune, or upgrade | ✗ Dependent on OpenAI roadmap | ✗ Dependent on Harvey roadmap |
| Suitable for M&A deal documents | ✓ Yes | ✗ No — not privilege safe | ⚠ Opt-out required, not guaranteed |
| Suitable for litigation strategy | ✓ Yes | ✗ No | ⚠ Training data risk unresolved |
| Suitable for estate planning / PII | ✓ Yes | ✗ No | ⚠ BAA required, not always executed |
Section 9 — Next Steps
This assessment represents the scope of work included in Vermont AI Systems' $7,500 AI Readiness Assessment engagement — already completed for this fictional firm profile.
What happens next if you engage:
← View all sample case studies
→ Now see this assessment running as an interactive AI — try the Green Mountain Legal demo →
Book a Discovery Call
No commitment required. 60 minutes. We'll tell you exactly what you'd get and what it would cost.