Why this matters now — 2026 Sullivan & Cromwell apologized to a federal judge for AI-hallucinated citations — despite policies, mandatory training, and verification requirements. Gordon Rees did the same on a bankruptcy filing. The public hallucination-cases database now catalogs 1,369+ rulings. The firms with policies still got sanctioned. Policies are not enforcement. A runtime gate is.
Pre-read for law-firm AI governance pilots

Pre-execution controls for legal AI agents.

Block unauthorized advice, conflict-check failures, privilege leaks, and unapproved model calls before an intake agent replies, fetches records, schedules a meeting, or sends data outside the firm's approved boundary.

Predictability you can put in front of a client. Pre-execution controls aren't just defensive — they make agentic-AI deployment predictable enough to sell. Innovation teams at law firms have always had to choose between speed and certainty. The runtime gate lets you have both: the agent moves at machine speed, the gate enforces firm-specific policy deterministically, and every decision ships an audit log your pricing partners can underwrite. Predictability. Insights. Value. The three things your innovation team already promises clients — extended to the agentic surface.

The gate learns from your attorneys. Every 👍 / 👎 an attorney logs on an AI answer becomes a lesson in your firm's local DB. Recurring patterns promote to deterministic rules. The next time a similar action is proposed, the rule fires before any human is asked to approve. How the feedback loop works →

No public-facing chatbot? You still have the risk surface. Most BigLaw firms don't take client intake through a chatbot — but their associates already paste matter context into Claude, Cursor, Codex, and internal LLM gateways every day. The risk isn't a bot giving public advice; it's internal agent use the firm can't see. ThumbGate sits between each agent and its next action, captures attorney 👍/👎 on every output, and produces a searchable audit log + RAG of every gated detection — queryable by ethics, risk, and innovation owners. Your conflicts DB and document systems stay where they are; we instrument what the agents inside the firm are about to do.

Already piloting an AI case tool? It makes agents capable — ThumbGate makes them auditable. Litigation & arbitration teams and in-house counsel are adopting AI case-intelligence and drafting copilots that touch privileged correspondence, pleadings, and matter files. Those tools make the agent capable; they don't give risk, ethics, and innovation owners a control point or a defensible record of what the agent was about to do. ThumbGate is the governance layer around them — a deterministic gate on the next action, attorney 👍/👎 promoted to firm rules, and an exportable audit trail — the evidence procurement (and your professional-liability review) actually ask for before agents run on multi-million-dollar matters.

Book a 25-minute pilot walkthrough Try the live gates → View the 25-minute demo plan

Button not opening your mail client? or write to iganapolsky@gmail.com directly.

Preloaded controlsFirm policy, approved disclaimers, adverse-party lists, routing rules, and model endpoint allowlists.
Pre-action checksControls run before the agent replies, fetches records, schedules intake, or calls an external model.
Reviewable evidenceEvery block, warning, override, and handoff becomes a structured audit event.
Local-first enforcement option
Works around Azure OpenAI, Claude, Gemini, and internal tools
ABA Formal Opinion 512 mapped to reviewable controls
No guaranteed-malpractice-prevention claim

Why this is credible now.

The market is not waiting for perfect AI. Large firms are adopting legal AI while ethics, security, and innovation teams are still formalizing the controls around it. ThumbGate fits that gap: it is not another research assistant; it is a control point around the assistants and agents a firm already wants to evaluate. Governance has to live outside the model's context window. If the agent can reason around the rule, it is not really a rule.

Governance

ABA Formal Opinion 512 maps cleanly to controls

Competence, confidentiality, supervision, verification, communication, and reasonable fees become concrete checks and review records.

Adoption

AI is entering normal workflows

The practical buyer question is no longer "will lawyers use AI?" It is "which actions can an agent take without review?"

Positioning

Vendor-neutral by design

The pilot can sit around internal tools, Azure OpenAI, Claude, Gemini, document systems, or purpose-built legal AI products.

The pilot is an AI-SDLC control layer, not a chatbot demo.

The strongest buyer framing is simple: the firm may already have agents, copilots, research tools, and intake experiments. What it still needs is the system around those agents: triggers, isolated runs, approved context, visibility, and controls that live outside the model prompt.

Trigger

Define what starts legal AI work

A pilot run should begin from a scoped intake event, not an open-ended prompt. The event carries practice area, jurisdiction, allowed tools, reviewer role, and done criteria.

Context

Load only approved firm ground truth

Disclaimers, adverse-party fixtures, model allowlists, routing policy, and supervision rules should be versioned inputs, not improvised chat context.

Controls

Block before the action happens

Pre-action gates stop advice-shaped replies, conflict-precheck bypass, and confidential egress before the agent sends, fetches, schedules, or calls out.

Executive takeaway: ThumbGate does not ask a law firm to trust a bigger prompt. It gives risk, innovation, and security teams a reviewable control point between the agent and the next privileged action.

Read the background-agent control-layer brief →

Yes, the pilot can start with preloaded ground truth.

The first pilot should not ask the model to discover the firm's risk posture. ThumbGate should load the approved rule pack before the first intake simulation, then prove that the agent is physically stopped when a proposed action violates that pack.

Inputs

Firm-approved source material

Disclaimers, intake scripts, escalation rules, practice-area boundaries, jurisdiction notes, model endpoint policy, retention rules, and reviewer roles.

Fixtures

Adverse-party and matter examples

A synthetic adverse-party list and red-team intake transcripts let the demo show conflict stops without exposing privileged or client data.

Outputs

Deterministic control evidence

Each demo decision shows the matched rule, proposed action, allowed or blocked outcome, reviewer path, timestamp, and exportable audit record.

Three failure modes the pilot should control.

UPL

Unauthorized-practice risk

Block outcome predictions, jurisdictional recommendations, and advice-shaped responses from non-attorney intake agents. Allow neutral collection and attorney handoff.

Conflicts

Conflict preconditions

Require configured adverse-party clearance before the agent continues intake or requests sensitive matter facts.

Privilege

Confidentiality and egress

Block or reroute outbound calls that include privileged markers, matter identifiers, or firm-classified confidential content.

25-minute walkthrough agenda.

The call should be visual. The goal is not to prove every enterprise feature. It is to show a repeatable mechanism the innovation team can explain internally.

Show these assets

  • One unsafe intake transcript and blocked response.
  • One conflict-precheck stop before sensitive facts are collected.
  • One egress block or safe in-tenant reroute.
  • One audit export with rule version, source, outcome, and reviewer.

Skip these on the first call

  • Broad platform tour.
  • Pricing page or checkout flow.
  • Unverified sanctions statistics.
  • Claims about SOC 2, BAA, carrier discounts, or guaranteed malpractice prevention.

Suggested agenda

  • 3 minutes: confirm the target workflow and risk owners.
  • 7 minutes: show blocked unauthorized-advice and conflict examples.
  • 7 minutes: show preloaded ground truth and audit evidence.
  • 5 minutes: discuss deployment boundary, data handling, and reviewer roles.
  • 3 minutes: agree on pilot inputs and next step.

Recommended ask

Ask for one practice-area workflow, one approved disclaimer, one synthetic adverse-party fixture, one security contact, and permission to build a no-client-data pilot pack.

Procurement questions to answer early.

Buyer questionPilot answerEvidence to bring
Will our data train models?The pilot can run inside the firm's boundary. Hosted services should receive only counters and rule metadata unless explicitly approved.Data-flow diagram, retention note, subprocessor list.
Who can see privileged data?Default pilot design keeps privileged payloads in the firm's environment, with access governed by their controls.Architecture note and access-control assumptions.
Can we reproduce a decision later?Each event should preserve the rule version, source policy, proposed action, decision, reviewer, and timestamp.Sample audit export.
How do we tune false positives?Use hard block, review queue, warning, and allow modes. Promote rules only after test examples and attorney approval.Rule lifecycle and override examples.

Recommended 30-day pilot.

Start narrow: one intake channel, one practice-area workflow, one adverse-party fixture, one approved-model routing policy, and one audit export format.

Deliverables: preloaded rule pack, demo agent, screenshot set, 60-second walkthrough clip, security data-flow note, pilot metrics, and a go/no-go rollout recommendation.

Pilot setup fee: $2,500 – $7,500 flat (scope-dependent). No per-seat or per-query billing during the pilot.

What you walk away with A searchable audit log + RAG of every gated detection over 30 days, broken down by rule, agent, and disposition. Defensible in front of your risk committee.
What we don't claim Not SOC 2 today. Not BAA-ready as a blanket claim. No hallucination indemnity for third-party model output. Local-first deployment makes the pilot a no-client-data engagement.
What you bring One named owner, one workflow you're already evaluating AI on, your approved disclaimer language, and read-only access to whichever conflicts DB you already run.
Book a 25-minute pilot walkthrough View the live dashboard demo

Button not opening your mail client (common on Gmail Web / iPhone)? or write to iganapolsky@gmail.com directly.

Live gate demos — try them yourself

Monitor vs enforce. Agent observability tools log what your agent did. ThumbGate gates what your agent is about to do — runtime block before execution, not retrospective alert after the harm. SIEM ingestion is the audit trail. The PreToolUse hook is the prevention.

These simulators use the exact same deterministic PreToolUse logic that runs in production. No LLM calls on the enforcement path — just fast, auditable pattern matching.

1. UPL Gate — advice-shaped output detector

Paste an advice-shaped response a bot would deliver to a client (not a client's question). The gate detects predictions, recommendations, or jurisdictional legal analysis from a non-attorney source and blocks delivery. The patterns it matches were promoted from attorney 👎 feedback.

2. Conflict Gate — adverse party clearance

Enter a prospective client or party name. In production this gate queries YOUR firm's existing conflicts DB (Intapp Open, IntelliPlan, Aderant, or a custom system) — not a vendor-hosted list. ThumbGate is the agent-side enforcement; your DB stays the source of truth. The sample list below is illustrative only.

Sample adverse list (synthetic, illustrative): Latam Real Capital S.A. (real estate #M-2847), Hospitalia Holdings (hospitality M&A #M-2911), NovaIA Latam (AI venture #M-2755)

3. Egress Gate — privilege marker detector

Paste content an agent might try to send to an external LLM (e.g. deposition summary request). The gate blocks if it detects privilege markers. Markers are firm-defined and the list grows from attorney 👍/👎 on what the gate let through.