Vol. III · No. 128 Independent LegalTech Analysis Wednesday, June 17, 2026

The Legal Stack

← Analysis Analysis · AI Tools

The Legal AI 'Overcorrection' Problem: Why Firms That Moved Fast on AI Are Now Quietly Rolling Back Access

There's a pattern emerging across AmLaw 200 firms that nobody is putting in their client newsletters: the same managing partners who stood on stage at partner retreats in 2024 talking about AI-driven efficiency are now quietly telling IT to pull access for specific practice groups....

Andy Armstrong
June 06, 2026 · 7 min read

There's a pattern emerging across AmLaw 200 firms that nobody is putting in their client newsletters: the same managing partners who stood on stage at partner retreats in 2024 talking about AI-driven efficiency are now quietly telling IT to pull access for specific practice groups. No press release. No announcement. Just a Friday afternoon email from the CIO and suddenly half your M&A associates can't log into their Harvey or CoCounsel instance.

This is the legal AI overcorrection problem, and it's accelerating in ways that should concern every legal ops director who spent the last eighteen months building something worth preserving.

Who's Losing Access First — and Why It's Not Random

M&A and litigation are the first practice groups on the chopping block, and the reasoning is instructive. These groups moved fastest, deployed most aggressively, and have the highest concentration of sensitive third-party information — deal documents, witness communications, undisclosed transaction targets. When something goes wrong, the blast radius is measurable in client relationships and, increasingly, in regulatory exposure.

Litigation groups are particularly vulnerable right now because of what I'd call the Mata hangover. The Mata v. Avianca decision in 2023 didn't kill legal AI, but it created a persistent anxiety among managing partners that one hallucination surfacing in a brief will produce a sanctions motion that ends up in the ABA Journal. That anxiety has compounded. When a junior associate at a firm I'm aware of submitted a motion with AI-drafted case citations that hadn't been adequately verified — citations that existed but were misquoted for proposition — the firm's response wasn't to fix the verification workflow. It was to revoke AI drafting access for the entire litigation group pending a "review" that has now lasted four months.

M&A faces a different pressure point: client confidentiality and data residency. Following the SEC's cybersecurity disclosure rules that took effect in late 2023 and the proliferation of state-level privacy legislation, corporate clients are asking harder questions in outside counsel guidelines about where their documents go when a lawyer uses an AI tool. When a firm can't answer that question cleanly, the safest internal move looks like access restriction. It usually isn't.

What's Actually Triggering Rollbacks

Here's what the pattern looks like on the ground. It's rarely a catastrophic incident. It's almost always a triggering event that exposes the absence of governance — and the firm's response to that absence is to eliminate the capability rather than build the structure.

The triggers clustering right now are: a client audit request the firm can't respond to, an ethics inquiry from a state bar (California and New York have both issued formal guidance that creates paper trails), a lateral hire who flags that her prior firm had formal AI policies and this one doesn't, or an insurance renewal conversation where the carrier starts asking questions about AI usage in matter files.

None of these triggers require an actual data breach or a malpractice claim. They just require a moment where someone senior realizes there's a governance gap and the fastest way to close it feels like shutting the door.

Why the Rollback Instinct Is Making Risk Worse

This is where I'll be direct: pulling AI access as a risk management strategy is often worse for your firm's risk profile than the incident that prompted it.

First, the compliance risk doesn't disappear — it migrates. Associates who've been using AI tools to manage workload don't stop needing to manage workload. They find workarounds. They use personal ChatGPT accounts. They use tools on personal devices that have no enterprise controls, no data agreements, no audit logs. Your IT team's rollback has just pushed the usage outside any governance structure you could theoretically build.

Second, the competence obligation cuts both ways. Model Rules 1.1 and comment 8 — adopted now in the vast majority of jurisdictions — require lawyers to keep up with technology relevant to their practice. Restricting access doesn't insulate a firm from a competence argument; in some fact patterns, it could create one.

Third, and most practically: you cannot get the productivity gains back. Firms that built real workflows around AI tools in 2024 and 2025 and then rolled them back are watching their write-off rates climb and their realization rates flatten, because the work is still getting done, it's just getting done slower and with less leverage. Clients who've been told their matters will be staffed efficiently have expectations baked in now.

What Legal Ops Leaders Should Do Right Now

If you're a legal ops director at an AmLaw 200 firm and you want to preserve what you've built, you need to get in front of your GC or CIO before they make a reactive decision. Here's the practical playbook.

Build an AI usage registry this week. Know what tools are deployed, which practice groups are using them, for what workflows, and under what vendor data agreements. You cannot defend what you haven't mapped. This also positions you as the person with the governance answer rather than the person who gets blamed when there isn't one.

Draft a tiered access policy, not a binary one. The answer to a confidentiality concern about M&A documents isn't to remove AI access from M&A — it's to create a matter classification framework that governs which document types and workflow stages permit AI assistance. Give your risk function a scalpel, not a sledgehammer.

Get to the state bar guidance proactively. Formalize your compliance with California's State Bar's 2024 guidance on generative AI and the New York City Bar's ethics opinions. If your firm can show it has operationalized this guidance, an ethics inquiry becomes a demonstration of competence rather than an exposure event.

Create an incident taxonomy before you have an incident. Define what categories of AI-related events require escalation, to whom, and with what response timeline. This does two things: it prevents overreaction to low-severity events, and it ensures appropriate response to high-severity ones.

The Firms That Will Win This Phase Are the Ones Who Govern, Not the Ones Who Retreat

The legal AI landscape in mid-2026 is separating into two cohorts: firms building durable governance infrastructure around AI tools, and firms oscillating between overcorrection and underinvestment. The second cohort is burning the trust of the associates and legal ops professionals who built those capabilities, and they're doing it in the name of risk management while often creating more risk than they're eliminating.

The rollback instinct is understandable. It's also a failure of legal operations leadership if it goes unchallenged. Your job right now is to be the person in the room who comes with a governance proposal before the CIO comes with an access restriction. That window is shorter than you think.

More Analysis