A matter of trust – why AI guard rails are crucial

In short

• With the rise of AI, law firm leaders should be conscious of not relinquishing their agency, including by doing their due diligence on the risks associated with using the technology.
• The firms that will prosper are those that find ways to verify AI output without creating more work than in a pre-AI era.
• With the rollout of AI, law firms should invest in a data strategy and the people to support that strategy, otherwise they risk significant reputational damage.

Amid considerable commentary around the potential change to the staffing mix in law firms, the need for different skills and the role that agentic AI could play, Mark Andrews explores the notion of trust and the legal profession.

Before getting into the substance of this article, it is useful to take a brief detour into post-modern philosophy as it is insightful as to how we consider truth. The French philosopher Jacques Derrida is sometimes falsely referenced to support post-truth arguments, but in fact his focus was on critical analysis of text to find hidden assumptions – what is known as deconstruction. His argument was that meaning comes from context rather than being explicit in every word and that to find truth we must deconstruct.

His philosophy was, in my view, prophetic of one of the key challenges we are facing with generative AI (GenAI). GenAI algorithms produce results based on probabilities – i.e. what word is more likely to be associated with what other word. GenAI is essentially language construction based on language models and algorithms. Simplistically, we could see it as the opposite of Derrida’s deconstruction in that GenAI seeks to build meaning from association, whereas Derrida seeks to deduce truth, or at least understand assumptions and biases implicit in the language being used.

We need Derrida’s deconstruction in the era of AI as a way to verify and therefore protect trust.

When do we trust technology?

We already trust technology in many contexts, whether it is travelling on driverless trains, using best-route guidance from map applications, or conducting research, to name just a few. Then there are areas in which we still do not entirely trust technology. For example, people are generally nervous about the idea of an aircraft with no pilot, having surgery without a surgeon, getting a diagnosis and treatment plan without talking to a medical practitioner, buying and selling real estate without an agent, or entering into a higher value/complex contract without legal advice.

We can see a relationship between the capability of technology and the level of use of that technology, tempered by the risk of using it. Air travel is perhaps a prime example where the technology is capable of safely flying us from point A to B with no human intervention, but due to the potential catastrophic risk we want to know there is a pilot with override control.

The exponential growth in AI use and the speed at which the capability is maturing is resulting in rapid increases in adoption. It is not always tempered by risk considerations, in part because people may not always comprehend the risk or extrapolate a potentially adverse reaction.

Relinquishing agency and verification

We make choices about our agency all the time – when do we want to have agency in a decision and when are we happy to relinquish our agency. For a considerable period of time, we were very aware of when we were relinquishing agency. For example, boarding a train as opposed to driving a car is us relinquishing agency. We make a choice to get as close as we can to where we want to be based on the nearest station. Boarding a driverless train is us relinquishing agency to technology rather than a train driver.

What is of note in this situation is that we are able to think through risks and consequences – the train derailing, the train failing to move, the train accelerating to terminal velocity, a collision, a signal failure, not stopping at all scheduled stations etc. We take reassurance from the existence of railway tracks and assess the risks to be relatively low. As a result, we are comfortable relinquishing agency to such an extent that most of us probably do not pause for thought when boarding a train.

When it comes to AI, we must not be lazy in relinquishing our agency and must do our due diligence on the risks and consequences. How capable or impressive an AI solution might be must not be a reason for us to relinquish agency. A challenge for law firms is that they may not have all of the capability needed to understand risks and consequences with AI, which can be very opaque technology. Guarding our agency and trust is fundamental and should inform the roles and skills that need to be in law firms as a consequence of AI adoption.

Closely connected with agency is verification – i.e. ensuring AI is accurate, secure and trustworthy. Verification is more difficult in an AI-enabled environment simply because of the scope and breadth of content AI can process versus what an individual or team can process. Just as we should not relinquish agency, we should assume a sceptical position in terms of outputs from AI. The firms that will prosper are the ones that find ways to verify AI output without creating more work than in a pre-AI era. Verification needs a combination of roles, skills, technical solutions and careful supervision and is essential for the preservation of trust.

Three-speed firms

For the first time probably since COVID-19, we are in an environment where the pull factors for technology are strong. There is appetite to adopt AI and genuine belief in its potential to address challenges in terms of productivity and profitability. This pull is coming from various areas across firms and is not limited to a certain demographic, practice group, business function or geography.

The strong pull factors are not universal and there is still work to do in driving experimentation and adoption, but the challenge for those leading firms and for those enabling AI use is to allow things to move at pace. They should balance the need not to try to do so much that nothing really sticks, and the need to continue bringing the whole firm on the AI journey. It is useful to think of firms running at three speeds – whereby we judiciously apply the brakes on one group, keep pace with the second and push the third group faster than we may have previously in order to ensure the gap between the groups does not become too wide.

Trust, roles, skills and guard rails

Law firms must focus on the preservation of trust and, in the AI era, that entails a focus on data, sense-making, speed and guard rails.

As I have previously written, now, more than ever, garbage in = garbage out. The quality of our data, what security we place around it, and what we choose to allow AI to ingest are all things in our control. Having a data strategy and the necessary supporting governance and people is critical. Law firms have typically not invested in data strategy or the people to support the strategy. Failing to address this will create significant reputational risks for firms and jeopardise the trusted position firms enjoy with their clients. Effective data management requires skills which are likely only partly represented in firms and, therefore, use of consultants and recruiting specific skillsets in this area is often necessary.

Firms must ensure they have the skills and roles necessary for sense-making. It is not wise to rely on third-party solutions and just ‘trusting the AI’. Sense-making in the AI context means having people who understand large language models (LLMs); who have a grasp of the algorithms in play; who can develop AI-based solutions; who understand quality assurance processes; and who can apply rigour to testing AI output. Of course, not every firm is of a scale that they can have the necessary in-house skills. Having external trusted advisors is one way to approach this, but take care that they are vendor neutral.

Speed is an interesting challenge and one I touched on already in this article. In order to maintain trust between law firms and clients, firms must move at sufficient pace that demonstrates an appreciation of the potential benefits and risks of AI. Firms should demonstrate an appropriate level of innovation, while also projecting a level of assurance that quality is not being compromised and that the expertise of lawyers is still front and centre in the client relationship, no matter how augmented it may be. Knowing the right pace requires nuanced judgement, and it must be market and client sensitive and authentic to the identity of the firm.

Guard rails are the other critical element in maintaining trust. I would group them as follows:

• technology – this includes all of the traditional security controls, data protection, least privilege, closed models for document management
• people – this covers compliance, policies, training, performance management, supervision and responsible use (in short, it is everything you put in place to give people guidance and ensure they understand the consequences of going outside the guidance and of failing to comply with policy)
• AI – this includes limits and controls on what your AI solutions can and cannot do – what data they have access to, how agentic they can be, where they will be applied, and how they are monitored (including anomalous agent behaviour). It is useful to separate these from the more traditional technology guard rails as the technology and people guard rails establish the foundational operating parameters.

Trust and the legal profession

We should take a degree of comfort, without becoming complacent, in the expectations our clients have of us. Our clients want humans in the loop and, while there is unquestionable fee pressure and threats to the billable hour and competition, we are not at a point where there is a universal push to completely remove humans from the loop. This is not something that can be said for every profession and industry where, for example, it is conceivable that in the relatively near future our entire transportation layer will be autonomous.

As the rate of AI adoption accelerates, we must make careful risk- and trust-based assessments of how we apply AI and the degree to which it is agentic. Consider, for example, what you are losing by applying AI; the risk if something goes wrong; your level of understanding of what the AI solution is actually doing and what limits are in place; the cost of not using AI, including missed opportunities to add additional value with the time you could save with AI; and the way you could augment the outcome with AI resulting in better outcomes. When it comes to agentic AI, the fact that it can perform a particular process is not what should determine whether you use it to perform a particular process.

In conclusion

Trust is under threat if we fail to put in place the necessary controls, guard rails and verification processes. Adopting AI and adapting the mix of skills and expertise in our firms to ensure we have the capability to guard against the threat to trust must happen in parallel and we must not blindly relinquish our agency.

Mark Andrews is Director, Global Practice of Law Solutions at Baker McKenzie. He has a varied background, including time in the public and private sectors, along with considerable professional services experience. He has held roles ranging from HR to management consulting and has previously been a guest lecturer in the business faculty of the University of Technology, Sydney – teaching at both Bachelor and Masters (MBA) level.