Agentic AI Wiki
Playbooks / Domain Playbooks / Legal agents

Legal agents

Y9
Playbook · Domain Playbooks

Legal agents.

Discovery, contract review, citation checking — where legal agents already work, where they hallucinate, and what supervision they need by jurisdiction. Legal is the domain where the well-documented agent failure mode — confidently fabricated citations — has produced actual professional sanctions and public courtroom embarrassment. The productive surface is real, but the failure modes are structural; you do not solve them with a better prompt.

STEP 1

Where legal agents already work.

Three jobs reliably justify themselves today:

  • eDiscovery — document classification at scale: privileged vs not, responsive vs not, relevant vs not. The agent processes the volume; humans review the hard pile. This is one of the oldest productive uses of ML in legal, and modern agents extend it without changing the supervisory pattern.
  • Contract review — clause extraction against a playbook, variance flagging, redline drafting against a counterparty's mark-up. The agent surfaces what is unusual; the attorney decides what to fight on.
  • Citation checking — verifying that a cited authority exists, that the cite is to the right opinion, and that the cited proposition is actually supported by the cited passage. This is, perhaps surprisingly, the highest-leverage job an agent can do for legal work — it directly counters the failure mode below.

The pattern, again: volume work in, structured exceptions out, a licensed human on the consequential decision.

STEP 2

Where they hallucinate.

Three failure modes are by now well-documented enough that you should design defensively against them:

  • Citation invention. The model produces a plausible case name, court, year, and reporter — for a case that does not exist. Multiple US courts have sanctioned attorneys for submitting briefs containing such hallucinated citations; the failure mode is robust across vendors and model generations. The structural defense is verified-citation-only output, enforced post-generation against an authoritative database — not a prompt that says "do not hallucinate."
  • Case-summary fabrication. Even when a case is real, the summary may not match the holding. The agent may confidently assert a proposition the cited opinion does not stand for.
  • False confidence on novel or non-US jurisdictions. Coverage is uneven; the model may speak with the same fluency on a jurisdiction it has barely seen as on one it has saturated.

Verified-citation-only mode is the only structural defense against fabricated authority. The prompt instruction "do not invent cases" does not work; the regression has happened in production at firms that tried it. Every citation must round-trip against a real, current legal database, and unmatched citations must be dropped or flagged — never silently kept.

STEP 3

Supervision by jurisdiction — generic framing only.

What "adequate supervision" of an AI tool means varies materially by jurisdiction. The honest framing is generic:

  • United States. State bar rules govern competent representation, and most state bars have issued guidance on the use of generative AI; multiple US courts now require disclosure of AI assistance in filings, and several have sanctioned attorneys for unverified AI-generated citations.
  • United Kingdom. The SRA has issued guidance on responsible use of AI by solicitors; duty-of-care and supervision obligations apply unchanged.
  • European Union. National bars set conduct rules, and the EU AI Act adds an additional layer for legal-tech products that meet its definitions.

Do not cite specific case numbers, bar opinion numbers, or directive references unless verified — a wrong citation in a legal-agents essay is structurally worse than no citation. The general rule that holds everywhere: the licensed lawyer remains responsible for what they file, and a tool's output does not transfer that responsibility.

STEP 4

Build vs buy.

Established legal-tech vendors (Westlaw / Lexis families, Harvey, Casetext) have invested in the verified-database backbone that the citation-checking job needs. An in-house agent that connects directly to an authoritative database can match them on individual workflows; an in-house agent that does not — that lets the model "remember" cases instead of looking them up — is structurally on the wrong side of the citation failure mode.

Build in-house when the workflow is firm-specific (your playbook, your precedents, your matter taxonomy) and the citations route through a real database. Buy when the vendor's database is the moat. Do not build "legal research" from scratch on a general-purpose model with no database backbone; that is the path that produced the sanctioned briefs.

STEP 5

The minimum bar to ship.

Before a legal agent reaches an attorney-facing or client-facing surface, you owe answers to:

  • Does every citation in any agent output round-trip against an authoritative legal database, with unmatched citations dropped or flagged for human review?
  • Is a licensed attorney signing off on any work product that goes to a court, regulator, or client, with their identity recorded separately from the agent's?
  • Is the audit log sufficient to reconstruct, after the fact, exactly what the agent had access to and what it produced — see audit trails?
  • Have you mapped the jurisdictions your output will land in, and do you have a defensible answer for AI-disclosure rules in each?
  • Is the kill switch real — per matter, per firm, and globally — and drilled, not just specified?

The pattern with research agents applies here in stronger form: a single fabricated authority can void the entire work product. Build the verified-citation backbone first; everything else is downstream of that.