Attorney AI Library

AI refers to systems that mimic human intelligence, such as reasoning, learning, and language processing. In law, AI can:

• Streamline research by analyzing large volumes of case law.
• Draft documents like contracts, pleadings, and memos.
• Predict outcomes based on historical data.
• Automate administrative tasks such as billing and scheduling.

• Generative AI:
  • Creates new content based on prompts.
  • Best used for drafting contracts, summarizing cases, creating client letters.
  • Examples: ChatGPT, Microsoft Copilot, Claude, Perplexity.
• Large Language Models (LLMs):
  • Advanced AI trained on massive text datasets.
  • Examples: OpenAI GPT, Anthropic Claude, Google Gemini.
• Specialized Legal AI Tools:
  • Legal Research: LexisNexis, Westlaw Edge.
  • Case Prediction: Lex Machina, Premonition.
  • Document Automation: HotDocs, Contract Express.
• Administrative AI Tools:
  • Automate client intake, scheduling, and billing.
  • Examples: Clio, Smokeball.

Before using AI in any client matter:

• Explain the role of AI: Clarify that AI is a tool for efficiency, not a substitute for legal judgment.
• Disclose potential risks: AI may produce errors or hallucinations.
• Obtain informed consent: Document client approval for AI-assisted work.
• Maintain transparency: Include AI use in engagement letters or client communications.
• Client agreement: Written agreement by the client is required to charge for AI services. 

Step 1: Define Your Objective

• Be clear about what you want AI to do (e.g., summarize a case, draft a clause).

Step 2: Provide Detailed Prompts

• AI works best with specific instructions.

Example:

• Poor prompt: 'Summarize this case.'
• Good prompt: 'Summarize this U.S. Supreme Court case focusing on the majority opinion, key precedents, and implications for contract law.'

Step 3: Review and Refine

• AI outputs are starting points, not final answers.
• Always verify against authoritative sources.

Prompt engineering is the art of crafting effective instructions for AI. 

Tips:

• Include context: Jurisdiction, type of document, tone.
• Specify format: Bullet points, paragraphs, or legal memo style.
• Ask for citations: Request references to cases or statutes.
• Iterate: If the output is incomplete, refine your prompt.

Example: 
“Draft a 2-page legal memo analyzing whether a non-compete clause is enforceable under Kentucky law. Include relevant statutes and case law. Use only reputable sources and avoid hallucinations.”

What Are Hallucinations?

• AI may generate incorrect or fabricated information.

How to Prevent Them:

• Verify all AI-generated content.
• Cross-check citations with official sources.
• Avoid asking AI for definitive legal advice.

• Confidentiality: Do not input sensitive client data into public AI tools.
• Competence: Lawyers must understand AI limitations and verify outputs.
• Bias: AI may reflect biases in training data.
• Transparency: Disclose AI use and costs to clients when appropriate.
• Compliance: Follow SCR 3.130(1.1), (1.4), (1.5), and (1.6), and KBA E-457.

• Case Prediction: Lex Machina, Premonition.
• Contract Analysis and Drafting: Harvey AI, Spellbook, Luminance, LawGeez, Ironclad AI, LexCheck, Kira Systems.
• Demand Letters: EvenUp.
• Depositions: FileVine, Skribe.
• Discovery: Everlaw, DISCO, Co-Counsel, Protégé.
• Due Diligence and Corporate Governance: Athennian, Board Intelligence, Boardable, BoardPro, Equilar Insight, Governance.io, Hyperproof.
• Generative AI: ChatGPT, Microsoft Copilot, Claude, Perplexity.
• Language translation: ChatGPT, HeyGen.
• Legal research: LexisAI+, Westlaw Edge, Harvey AI.
• Practice management: Clio, Smokeball, Smith.ai.
• Regulatory compliance: Ascent RegTech, Ayfie Inspector, Behavox, ClauseMatch, ComplyAdvantage, CUBE RegPlatform, Databricks Compliance AI, Evisort, IBM OpenPages, LogicGate Risk Cloud, Regology, Relativity Trace, Theta Lake, Workiva. 
• Summarizing and note taking: Fathom, Otter, Plaud.

• “Summarize the key holdings of Kentucky cases on breach of contract. Provide citations and explain how each case applies to commercial agreements.” 
• “Draft a sample motion to dismiss for lack of jurisdiction under the Kentucky Civil Rules. Include headings, legal standards, and a short argument section.” 
• “Create a compliance checklist for a small business operating in Kentucky under state employment laws. Include wage, hour, and anti-discrimination requirements.” 
• “Review this contract clause for enforceability under Kentucky law. Identify risks and suggest alternative language to reduce liability.” 
• “Draft a client-friendly letter explaining the steps in a civil lawsuit in Kentucky, using plain language and avoiding legal jargon.” 
• “Explain the Kentucky Rules of Professional Conduct on candor toward the tribunal and how they apply when using AI tools for drafting.” 
• “Generate a sample set of interrogatories for a plaintiff in a personal injury case in Kentucky state court. Include 10 questions relevant to damages and liability.” 
• “Create a step-by-step checklist for filing an appeal in Kentucky, including formatting, service requirements and deadlines.” 

• Define the task clearly.
• Craft a detailed prompt with context.
• Verify all outputs against authoritative sources.
• Check every citation for accuracy.
• Document AI use in client files.
• Obtain client consent before using AI if charging for AI services or court disclosures required.
• Avoid inputting confidential data into public AI tools.
• Stay updated on ethical rules and court orders.
• Maintain human oversight at all stages.

• Integrate AI with document management systems (NetDocuments, iManage).
• Use automation tools and APIs to streamline contract review and compliance checks.
• Fine-tune LLMs on firm-specific data for tailored outputs.
• Combine AI with RPA for batch processing of pleadings and discovery documents.

• Connect AI platforms via REST APIs for automated drafting and research.
• Example: Use OpenAI API to generate first drafts, then push to document management systems.
• Implement secure authentication and encryption for client data protection.

• Include jurisdiction, audience, tone, and purpose.
• Request structured outputs (e.g., 3-part analysis with citations).
• Use chain-of-thought prompts for complex reasoning.

• Obtain client consent before using AI if required under KBA E-457.
• Protect confidentiality: Avoid uploading sensitive data to public AI tools.
• Verify outputs: AI hallucinations can lead to sanctions.
• Monitor bias and follow SCR 3.130(1.1), (1.4), (1.5), and (1.6) and KBA E-457.

Litigation

• Draft a motion to dismiss under Rule 12(b)(6) for a securities fraud case in the Western District of Kentucky. 
• Prepare a summary judgment motion for a breach of contract claim under Kentucky law.
• Generate deposition questions for a corporate witness in a product liability case.
• Outline arguments for opposing a motion to compel arbitration in Alabama.
• Create a litigation timeline for a federal employment discrimination case.
• Review appellate briefs filed and state strong and weak arguments to address in oral arguments. 

Contracts

• Draft a confidentiality clause for a SaaS agreement under Delaware law.
• Generate a non-compete clause for healthcare employment under Wyoming law.
• Prepare a termination clause for a commercial lease agreement in New York.
• Review this M&A agreement for indemnification risks and summarize findings.
• Create a force majeure clause tailored for pandemic-related disruptions.

Compliance

• Audit this vendor agreement for GDPR compliance and highlight risks.
• Prepare a HIPAA compliance checklist for telehealth contracts.
• Generate a summary of CCPA obligations for a SaaS provider.
• Review this employment agreement for wage and hour compliance under California law.
• Draft a compliance memo for SEC reporting requirements for a public company.

Client Communication

• Create a client-friendly explanation of indemnification clauses in SaaS agreements.
• Draft an email summarizing litigation risks in plain language.
• Prepare a FAQ document for clients about arbitration vs. litigation.
• Generate a one-page summary of a complex contract for a non-legal audience.
• Write a letter explaining the implications of a recent regulatory change.

Legal Research

• Summarize recent Kentucky Supreme Court decisions on non-compete clauses.
• Provide a comparative analysis of arbitration laws in Indiana and Ohio.
• List top 10 federal cases on enforceability of clickwrap agreements.
• Summarize trends in punitive damages awards in product liability cases.
• Generate a memo on recent developments in trade secret law.

Risk Assessment & Strategy

• Prepare a risk matrix for pursuing arbitration vs. litigation in a cross-border IP dispute.
• Analyze potential exposure in a class action under the TCPA.
• Generate a cost-benefit analysis for early settlement vs. trial.
• Outline strategic considerations for filing in federal vs. state court.
• Prepare a litigation hold notice for a corporate client.

Discovery & Evidence

• Draft a request for production tailored to electronic communications.
• Generate a privilege log template for complex litigation.
• Prepare deposition outlines for expert witnesses in a medical malpractice case.
• Summarize key evidentiary objections under Federal Rules of Evidence.
• Create a checklist for e-discovery compliance under FRCP.

• SCR 3.130 (1.1) requires lawyers to provide competent representation.
• Competence requires staying up-to-date on law and technology, which includes an understanding of how to use AI to provide better, faster and more efficient legal services, and risks associated with its use.
• Failure to use available AI tools that improve efficiency and quality may breach the duty of competence.

• Routine use of AI-generated research does not require disclosure unless the client is charged for AI costs or disclosure of the use of AI is required by tribunals.
• Client-informed consent is required when outsourcing AI services or sharing confidential information with third parties.
• Lawyers must consult with clients about means of achieving objectives and provide enough information for informed decisions.

• Fees must remain reasonable under SCR 3.130(1.5).
• Efficiency savings from AI use should be passed to clients. Inflated time claims are unethical.
• AI-related expenses can be charged only if the client agrees in advance and the agreement is confirmed in writing.
• Costs for learning AI and maintaining AI services are considered overhead and cannot be billed to clients.

• Lawyers have a continuing duty to safeguard client confidentiality under SCR 3.130(1.6).
• Avoid inputting identifiable client information into AI tools unless adequate security measures exist or client consent is obtained.
• Review AI provider’s terms of use and disclaimers to ensure data is not shared or used for training.
• Using hypotheticals is permissible only if they cannot reasonably identify the client.
• AI use may expose cybersecurity risks. Lawyers should proceed cautiously and consider informed consent when risks exist.

• Generative AI may produce false or fictitious citations, often referred to as “hallucinations.” Under SCR 3.130(3.3), lawyers must verify the accuracy of all AI-generated content before filing with courts. 
• Lawyers may be required to certify that filings using AI have been reviewed for accuracy. 
• Attorneys must stay updated on jurisdiction-specific rules regarding AI use in filings.

• Partners and supervising lawyers must ensure firm-wide compliance with ethical rules.
• Firms should implement AI policies and procedures to prevent disclosure of confidential information and define permissible uses and risks.
• Supervisors must train lawyers and non-lawyer staff on AI policies and cybersecurity practices.
• Lawyers remain responsible for reviewing and verifying AI-generated work product, similar to supervising nonlawyer assistants.
• Supervising attorneys are responsible for educating third parties (i.e., vendors, independent contractors) who provide AI services to law firm clients about the Rules of Professional Responsibility, especially with respect to confidentiality. 

Before investing in AI tools, determine where they can add value and what risks they pose.

• Consider tasks AI could improve, such as billing, research, document drafting, or timekeeping.
• Assess the potential benefits of AI against your firm’s risk tolerance.
• Understand risks like inaccurate outputs (hallucinations), privacy concerns, and implementation challenges.

Research and compare AI tools to ensure they meet your needs and provide long-term value.

• Check reliability and performance of each AI tool.
• Compare initial costs versus long-term benefits.
• Confirm vendor reputation and available support options.

AI tools require quality data and additional resources for successful implementation.

• Determine what data the tool needs and whether you can provide it.
• Plan for data preparation and management costs.
• Identify extra resources like staff training or new hardware/software.

Vendor agreements should protect your firm and clarify responsibilities.

• Clarify ownership of data, inputs, and outputs.
• Ensure data security and confidentiality obligations are included.
• Define performance expectations and accuracy standards.
• Include indemnification and liability limitations for AI-specific risks.
• Confirm termination rights and access to your outputs after contract ends.
• Require vendor assistance for regulatory compliance if needed.

AI tools need continuous monitoring and updates to remain effective and compliant.

• Assign responsibility for monitoring AI outputs.
• Schedule regular reviews of tool performance and compliance.
• Stay informed about evolving AI regulations and best practices.

AI can produce wrong information, like fabricated case citations or misinterpreted legal sources. Relying on these outputs without verification can lead to malpractice claims or ethical violations.

• Review AI work against trusted sources: Always cross-check AI-generated research, citations, and summaries with authoritative legal databases (e.g., Westlaw, Lexis). 
• Use clear prompts: Ambiguous prompts increase the risk of inaccurate outputs. Train attorneys and staff to craft precise, context-rich prompts. 
• Verify AI Responses Using a Second Tool: When you receive feedback or comments from one AI tool, copy that output into a second AI tool. If the two tools provide different answers, question both—ask each one to explain its reasoning and why its response differs from the other.
• Create internal checks: Implement a mandatory review process for any AI-assisted work before it reaches clients or courts. 

Entering client details into public or unsecured AI tools can expose sensitive data, violating attorney-client privilege and data protection laws.

• Choose secure vendors: Use AI platforms that comply with legal industry standards and offer encryption. 
• Add confidentiality clauses in contracts: Ensure vendor agreements explicitly address data handling, storage, and breach notification obligations. 
• Remove client identifiers before using AI: Remove names, addresses, and unique identifiers from prompts to minimize exposure risk. 

AI models trained on biased datasets can perpetuate discrimination, potentially violating anti-discrimination laws and professional ethics.

• Check outputs for bias: Review AI-generated recommendations or analyses for language or conclusions that could disadvantage protected groups. 
• Use diverse training data: Prefer vendors that disclose efforts to mitigate bias in their training datasets. 
• Choose tools that explain decisions: Opt for AI systems with explainability features to understand how outputs were derived. 

AI should augment, not replace, legal judgment. Over-reliance can lead to errors and liability for inadequate representation.

• Create an AI policy: Define acceptable uses, prohibited tasks, and supervision requirements in a formal policy. 
• Train staff on AI limits: Educate lawyers, paralegals and staff about AI’s capabilities and shortcomings. 
• Set up quality control processes: Require human oversight for all AI-assisted outputs before client delivery. 

Failure to disclose certain AI use may breach ethical duties of transparency and informed consent.

• Create a disclosure policy: Establish when and how to inform clients about AI involvement. 
• Add language in engagement letters: Include clauses explaining AI’s role and limitations. 
• Get consent when AI affects representation: Obtain explicit client approval for AI-driven decisions or strategies. 

Before adopting any AI tool, lawyers should verify the vendor’s data protection measures. Key questions include:

• Data Handling: How is data transmitted, stored, and processed? Is encryption used?
• Access Controls: Who can access the data (e.g., vendor employees)?
• Model Training: Is client data used for training? Ensure this can be disabled.
• Certifications: What security standards do they meet (e.g., SOC 2, ISO 27001, ISO 42001, HIPAA)?
• Retention & Deletion: What are their policies for data lifecycle management?
• Incident Response: What is their plan for data breaches?
• Contractual Safeguards: Include strong clauses on data protection, confidentiality, limits on data use (especially prohibiting training on client data), and audit rights.

To safeguard sensitive information and maintain compliance, firms should implement the following controls when using AI tools:

• Role-Based Access: Grant AI tool permissions only to individuals whose responsibilities require it.
• Data Encryption: Protect all data in transit to and from AI services with strong encryption protocols.
• Secure Connectivity: Ensure all interactions occur over approved, secure network connections.
• Activity Monitoring: Continuously track AI usage to detect and respond to unusual or suspicious behavior.
• Integrated Protection: Align AI security practices with the firm’s broader cybersecurity framework.

• Share only the minimum client data necessary for the AI task.
• Where possible, de-identify or anonymize data to reduce privacy risks.

SCR 3.130(1.6) and Ethics Opinion E-457 require lawyers to safeguard client information when using AI tools:

• Do not input identifiable client data into public AI platforms. Change client names, fact patterns, and jurisdictions.
• Use secure, vetted vendors and anonymize data.
• Review vendor contracts for confidentiality clauses and compliance with security standards.
• Educate third parties working on client files about the Rules of Professional Responsibility.

Under KRS § 365.732, any person or entity that conducts business in Kentucky must:

• Notify affected clients of any data breach without unreasonable delay.
• Inform consumer reporting agencies if more than 1,000 residents are impacted.

Applicability
If your firm handles Protected Health Information (PHI), such as representing healthcare clients or handling medical malpractice cases with access to patient records, HIPAA applies. 

PHI Handling with AI
Any AI tools processing PHI must comply with HIPAA’s requirements for administrative, technical, and physical safeguards. 

• Ensure any AI vendor processing PHI qualifies as a HIPAA Business Associate and has executed a Business Associate Agreement (BAA).
• Verify vendor compliance certifications (e.g., HITRUST, SOC 2 Type II).
• Implement strong access controls, audit logs, and encryption for PHI used with AI.

Training Requirements
HIPAA mandates workforce training on privacy and security. Firms should adopt formal HIPAA training within 60 days of employment and refresh annually to address risks associated with AI use.

Overlap/Differences
Kentucky’s Consumer Data Protection Act (KCDPA) exempts HIPAA-covered data but applies broadly to other personal data sets. Understand whether HIPAA or Kentucky privacy law governs each dataset, especially when handling mixed health and consumer data.

An AI policy sets expectations for how your team uses these tools. It reduces uncertainty, promotes ethical practices, and ensures compliance with legal and professional obligations.

1. Define the Purpose
   • Explain why your firm uses AI while emphasizing that human judgment remains essential.
   • Specify tools and policies to which the policy applies.
2. Outline Acceptable Uses
   • Examples of appropriate tasks:
     • Reviewing large sets of documents.
     • Drafting simple letters for attorney approval.
     • Summarizing lengthy materials.
     • Conducting preliminary research.
   • Prohibited activities might include:
     • Entering confidential client details into unsecured platforms.
     • Relying on AI outputs without verification.
     • Using AI for tasks that require legal analysis or judgment.
3. Training and Competence
   • Require staff training on how AI works, its limitations, and potential risks like bias or hallucinations. 
   • Keep training current as technology evolves.
   • Assign someone to oversee education and compliance.
4. Human Oversight
   • Every AI-generated document or recommendation must be reviewed by a qualified attorney.
   • Verification should include:
     • Checking citations and sources.
     • Confirming facts.
     • Ensuring compliance with professional standards.
   • Determine applicable tribunal rules for using AI before filings are made. 
5. Data Security
   • Establish strict rules for handling client information.
   • Only use AI tools that guarantee strong privacy protections.
   • Avoid prompts that reveal client identities unless safeguards and consent are in place.
6. Vendor Evaluation
   • Assess vendors for:
     • Security measures (encryption, access controls).
     • Compliance certifications.
     • Clear data handling policies.
     • Transparency in how AI operates.
     • Confidentiality protocols.
7. Ethical Standards
   • Address risks like bias and discrimination.
   • Ensure AI use aligns with professional duties of competence, confidentiality, and supervision.
   • Comply with Rules of Professional Responsibility and educate non-lawyer staff and independent contractors about these rules. 
8. Monitoring and Enforcement
   • Define consequences for policy violations.
   • Conduct regular audits or assign oversight responsibilities.
9. Documentation
   • Keep records of vendor reviews, client approvals, and verification steps for AI-generated work.

The following sample policies are intended to serve as guidance for firms when drafting and enacting their own AI policies.

Detailed Sample AI Policy (PDF)

Concise Sample AI Policy (PDF)

• Bring up AI use early, ideally during the first meeting or in the engagement letter.
• Update clients if AI use changes or new tools are added.

• How AI will be used: Example: “We may use AI to review documents or draft initial responses, but attorneys will review everything.”
• Benefits: Faster turnaround, lower costs, improved efficiency.
• Risks and Limits:
  • Confidentiality: Explain how data is protected and any remaining risks.
  • Accuracy: AI can make mistakes; all outputs will be checked by attorneys.
  • Bias: AI may have bias; the firm works to reduce this.
• Safeguards: Attorney review, vendor vetting, and strong data security.

• If AI is a major part of representation or involves sharing data with third parties, get informed consent.
• Written consent is required if a client is billed for AI expenses (engagement letter or contract for representation, addendum, or email).

• Use plain language.
• Avoid technical jargon.
• Reassure clients that AI supports, but does not replace, attorney judgment.

• Be ready to explain alternatives or avoid AI if the client objects.

• Record when and how AI use was discussed.
• Note consent in the client file.
• Update clients if AI practices change.
• Make sure client file confirms attorney verification of AI materials.

Subject: How We Use Technology to Support Your Case

Dear [Client Name],

To provide you with efficient and high-quality legal services, our firm may use advanced technology tools, including Artificial Intelligence (AI). These tools help us with tasks like reviewing large volumes of documents, organizing case information, and performing initial legal research.

Please know:

• AI is only a tool to assist our attorneys—it never replaces their judgment.
• All AI-generated work is reviewed and approved by a licensed attorney before use.
• We take strict steps to protect your confidential information and only use secure, vetted systems.
• Your data will never be shared with public AI platforms without your consent.
• You (will/will not) be billed for AI-related expenses. 

If we plan to use AI in a way that significantly affects your case, we will discuss it with you and obtain your consent.

Feel free to ask any questions about how we use technology in your matter.

Sincerely,
[Attorney Name]
[Law Firm Name]

• Begin with Targeted, Low-Risk Applications: Start small with tasks like summarizing documents, drafting template letters for attorney review, or providing questions for initial client interviews.
• Select Purpose-Built Legal AI Tools: Use platforms designed for legal work, trained on vetted data, and tested for accuracy and security.
• Ensure Continuous Human Oversight: Attorneys must review all outputs and remain responsible for final decisions.
• Prioritize Data Security and Confidentiality: Verify privacy protections and consider anonymizing sensitive client information.
• Invest in Ongoing Training and Education: Provide regular training on AI capabilities, limitations, and ethical considerations.
• Communicate Transparently with Clients: Inform clients when AI tools are used and explain their role in supporting legal services.
• Monitor for Bias and Fairness: Audit AI systems regularly to identify and correct bias.
• Collaborate and Share Best Practices: Engage with peers and organizations to exchange insights and ethical guidelines.
• Pilot, Measure, and Refine: Implement controlled pilots, collect performance data, and refine processes before scaling.
• Maintain a Human-Centered Approach: Ensure technology enhances—not replaces—personal interaction and empathy.

• Document Automation: Draft petitions, letters, and forms for attorney review.
• Legal Research Assistance: Summarize case law, statutes, and large document sets. Verify results through independent research. 
• Client Intake and Triage: Streamline intake forms and route cases efficiently.
• Chatbots and Virtual Assistants: Provide plain-language answers to common legal questions.
• Multilingual Support: Translate legal materials and client communications.
• Content Management: Keep self-help resources current through automated updates.

• Confidentiality: Protect client data through secure systems and vendor compliance.
• Accuracy and Reliability: Validate AI outputs and maintain attorney review.
• Bias Mitigation: Test and monitor AI tools to prevent discriminatory outcomes.
• Transparency: Clearly disclose AI use to clients and explain its role.
• Competence: Train staff and volunteers to understand AI’s strengths, limitations, and ethical implications.
• Oversight: Ensure attorneys remain accountable for all substantive work.

AI offers transformative potential for improving access to justice by reducing repetitive tasks and expanding service capacity. Success depends on thoughtful implementation, ethical safeguards, and ongoing human involvement. By starting with low-risk applications, collaborating across the legal community, and prioritizing client trust, attorneys can integrate AI responsibly into legal aid and pro bono work.

The AI & Access to Justice (AI+A2J) Initiative at Stanford Law’s Legal Design Lab aims to leverage artificial intelligence to close the justice gap. It combines research, design, development, and evaluation to create responsible AI systems that improve legal help for underserved communities. The goal of the AI+A2J Initiative is to empower individuals to understand rights and resolve legal issues early while also supporting legal aid providers through development of a responsible AI infrastructure.

The Initiative is currently studying AI performance and usability in real-world settings and creating prototypes for intake, triage and document drafting. It recently launched “JusticeBench,” a research and development platform aimed at advancing access to justice through AI. It also hosts an annual AI+A2J Summit to align standards and share best practices.

The AI+A2J Initiative’s vision is to create a safe, equitable and sustainable AI ecosystem that makes legal help affordable and accessible by 2030.

• Making AI Work for You—When and How to Use it
• From Drafting to Done
• AI Tools for Litigators
• Navigating the Latest AI Development and Practical Applications for Legal Practice—An Interactive Town Hall
• Generative AI: Navigating the Latest Developments and Practice Applications for Legal Practice in 2025