Vol. III · No. 128 Independent LegalTech Analysis Wednesday, June 17, 2026

The Legal Stack

← Analysis Analysis · AI Tools

The Legal AI Guardrails Arms Race: Why Law Firms Are Paying for the Same Safety Layer Twice

If you're running technology for an AmLaw 100 firm right now, there's a reasonable chance you're paying Microsoft for Copilot's responsible AI features, paying Harvey for its proprietary citation verification and hallucination containment, and then paying a third vendor — Perceive AI, Docugami, or one...

Andy Armstrong
May 30, 2026 · 7 min read

If you're running technology for an AmLaw 100 firm right now, there's a reasonable chance you're paying Microsoft for Copilot's responsible AI features, paying Harvey for its proprietary citation verification and hallucination containment, and then paying a third vendor — Perceive AI, Docugami, or one of the half-dozen legal-specific output validators that appeared between late 2024 and early 2026 — to catch what the first two missed. You have bought safety three times. You trust it approximately zero times. That is not a procurement strategy. That is institutional anxiety expressed as a line item.

The double-spend pattern is real, it is accelerating, and almost every conversation I have with law firm CIOs eventually arrives at the same uncomfortable confession: they don't actually believe the safety assurances baked into their enterprise AI platforms, but they can't say that publicly without rattling their partnership committees or spooking clients who just signed AI governance addenda to their engagement letters. So they buy another layer instead.

The Failure Incidents That Changed the Calculus

The trust deficit didn't emerge from abstract anxiety. It emerged from specific, documentable failures that circulated through legal technology channels in late 2025 with the velocity of malpractice horror stories.

The most cited involved CoCounsel's contract analysis module producing a confidently worded summary of indemnification provisions in a commercial lease that materially mischaracterized the tenant's liability cap — not by hallucinating a case citation, which everyone was watching for, but by accurately quoting clause language while drawing an analytically wrong inference about how two provisions interacted. The vendor guardrails flagged nothing because the output was textually grounded. The associate caught it. The question that ricocheted through legal ops Slack channels was obvious: what about the document the associate didn't re-read?

Harvey experienced a separate class of problem. In at least two reported instances from Q4 2025, the platform's citation verification layer — one of its marquee safety features — passed citations that existed but were contextually inapplicable, sourced from jurisdictions the matters had nothing to do with. The citations weren't fabricated. They were real cases doing work they couldn't actually do. This is a subtler failure mode than hallucination, and it's precisely the kind that vendor-level guardrails are structurally unprepared to catch, because catching it requires understanding the specific matter context, not just verifying that a Westlaw entry exists.

Microsoft's Copilot for Legal, meanwhile, continued to struggle with what one managing partner at a mid-size litigation firm described to me in March as "confident irrelevance" — outputs that were accurate, safe, and completely wrong for the actual task, produced without any signal that the model had departed from the user's intent. The vendor guardrails did their job. The output still needed to be thrown away.

What CIOs Are Actually Saying

Here is a composite of what I've heard, with names and firms redacted because these are people who have to sit across from their vendors at renewal negotiations:

"The vendor safety documentation is written for their legal team, not mine. I can't take 'our model is regularly evaluated against responsible AI benchmarks' into a partnership meeting and tell them that's why we're comfortable with this for client work."

"We bought the overlay because we needed something we could point to in our AI governance policy. Honestly, I'm not sure it catches things Harvey doesn't. But it gives us a second signature on the output."

"The problem is that all the guardrails we've purchased are optimized for the failures we were worried about in 2023. Hallucinated cases, fabricated statutes. The actual failure modes we're seeing now are more like bad judgment than bad facts."

That last observation is the important one. The guardrails arms race is being fought against last year's threats. The legal AI failures that matter in 2026 are not primarily about fabricated citations. They are about analytical errors, missed contextual dependencies, and misapplied precedent — outputs that are factually defensible and professionally dangerous.

What a Coherent Guardrails Strategy Actually Looks Like

The firms that are handling this well have stopped treating AI safety as a vendor procurement problem and started treating it as a workflow design problem. The distinction matters enormously.

A coherent strategy starts with a tiered matter classification system that determines, before any AI tool touches a document, what level of human review the output requires and what specific failure modes are most consequential for that matter type. This isn't novel — it's how you'd think about any quality control system. What's novel is insisting that your AI vendors provide output metadata that supports this classification, not just confidence scores that have repeatedly proven uninformative.

Second, coherent strategies invest in internal evaluation capacity rather than external overlay vendors. The firms building this well have hired or designated legal technology analysts whose job includes red-teaming AI outputs on live matters on a rotating basis — not just testing vendor platforms in sandboxes, but auditing production outputs for the contextual failures that no automated layer catches.

Third — and this is where I will be blunt — a coherent strategy requires having a direct, documented conversation with your AI vendors about their guardrail limitations, in writing, before renewal. If your Harvey or CoCounsel contract doesn't include specific SLA language about the failure modes they are not warranting against, you have signed a document that is considerably less protective than you think.

The Disease, Not the Symptom

The double-spend is a symptom of a trust deficit that law firms are not yet willing to confront directly with their vendors. That conversation is uncomfortable because enterprise AI contracts are expensive, partnership buy-in is fragile, and admitting that your $2 million platform requires a $400,000 safety overlay is an awkward thing to explain.

But the alternative is worse. You are building AI governance infrastructure on a foundation you don't believe in, paying to paper over that disbelief, and hoping the failure that eventually matters happens on someone else's matter. In legal practice, that is not a risk management strategy. It's a deferral. And deferrals in this profession have a way of becoming malpractice claims.

Stop buying safety twice. Start demanding transparency once.

More Analysis