Legal AI Agents for Lawyers

A legal AI agent is a model-driven workflow that can use context, tools, files, or delegated subtasks to help produce a work product. For lawyers, the important question is not whether the tool feels autonomous. The important question is what it can access, what it can change, what it can send outside the workspace, and where a human must approve the result.

Vocabulary Lawyers Should Own

Agent: A model-assisted workflow that can take steps toward a goal, often using files, tools, commands, or external services.

Context window: The amount of text, files, messages, and tool output the model can consider at once. A larger context window does not guarantee correctness.

Tool call: A request by the model to use a capability such as search, file editing, code execution, browser access, or an MCP server.

MCP server: A Model Context Protocol server that exposes tools or data to an AI client. Treat each server as a new access surface.

Hook: An event-triggered automation that can run before or after model actions in supported coding-agent tools.

Subagent: A specialized agent with a narrower prompt, tool set, or role. Subagents can help separate review, research, drafting, and testing responsibilities.

Prompt injection: Untrusted text that tries to override the user's instructions or leak data. It can appear in web pages, documents, issues, comments, or dependency files.

Human-in-the-loop checkpoint: A required lawyer or authorized reviewer decision before the workflow moves to the next risk level.

The Legal Agent Control Stack

Use five controls before an agent works on legal material:

1. Scope: Define the matter, deliverable, files, and excluded work.
2. Access: Limit repositories, folders, MCP servers, browser access, and internet domains.
3. Instruction: Use a matter-safe brief with confidentiality, source, and escalation rules.
4. Verification: Require tests, citations, diff review, or source-document comparison.
5. Approval: Keep final legal judgment with the responsible professional.

Agent Risk Checklist

• Could the agent see client confidential information?
• Could it transmit data to a third party or an internet resource?
• Could it edit a workflow that later affects many matters?
• Could it cite legal authority or product behavior without verification?
• Could it confuse jurisdictions, dates, parties, or defined terms?
• Could the output be mistaken for final legal advice?

If any answer is yes, require a stricter review gate.

Legal Workflows That Fit Agents

Good fits:

• Internal knowledge-base maintenance.
• Source-backed product update tracking.
• Drafting a first-pass clause checklist.
• Generating tests for document automation.
• Creating issue triage summaries from approved materials.
• Comparing a draft against a provided playbook.

Poor fits without deep controls:

• Final legal advice.
• Filing-ready briefs.
• Settlement authority.
• Privileged strategy decisions.
• Unsourced legal research.
• Open-ended browsing over sensitive facts.

Example: Supervised Due Diligence Agent

Agent task:

Review the provided contract folder for change-of-control, assignment, and termination provisions.
Return a table with document name, clause location, extracted text, risk flag, and reviewer note.
Do not infer missing facts. Mark unclear items for lawyer review.

Human checkpoint:

• Confirm the agent only used the approved folder.
• Compare extracted text against source documents.
• Treat risk flags as triage labels, not legal conclusions.
• Escalate any ambiguous clause to the deal lawyer.

Next Steps

• Use Codex for legal technology work
• Use Claude for legal workflows
• Copy workflow templates
• Run the quality-control checklist