Ask most managing partners about AI and the firm, and the answer is some version of the same thing: we’ve told everyone not to paste client information into ChatGPT.
That’s a reasonable instinct. It’s also not the part that should worry you most.
The harder question isn’t what an associate types into a public chatbot. It’s the AI already running inside the tools the firm pays for, doing work you may not be watching. And if one of those tools did something it shouldn’t, with a client matter attached, how quickly could you stop it?
Most firms can’t answer that. Neither can the people whose job is to know.
ISACA, a professional association for IT audit and security, surveyed digital trust professionals in early 2026 and asked exactly this. Almost three in five (59%) didn’t know how fast their organization could halt an AI system during a security incident. Only about one in five (21%) said they could do it inside half an hour. These are the people who secure and audit this technology for a living. If they’re unsure, a firm relying on them is in worse shape.
For a firm, this isn’t only an IT question
AI didn’t arrive at your firm as a decision. It arrived as a feature. It’s in Microsoft 365 Copilot drafting and summarizing in Word and Outlook. It’s increasingly built into Clio and the other practice management platforms. It’s in legal research through Lexis+ AI and CoCounsel. Your team didn’t install it so much as find it switched on.
That matters because of where it touches the practice. When the AI inside one of these tools is wrong, it’s wrong about a client’s matter, in a draft that may go out under your name, in a billing entry, or in a filing headed to a court that does not grant extensions for software errors.
Here is the part a partner can’t delegate. You remain responsible for the work product, no matter which tool produced it. That’s the through-line in ABA Formal Opinion 512, issued in July 2024, which applied the existing duties of competence, confidentiality, and supervision to generative AI. The California State Bar reached the same place in its 2023 guidance on AI in practice: there is no AI exception to the rules. The duty of competence already expects you to understand the benefits and risks of the technology you use. The duty to supervise, under the rules governing lawyers and the nonlawyer help they rely on, already makes you answerable for the output. A tool you can’t see, can’t stop, and don’t own is a tool you can’t supervise.
Three gaps, and why each one lands harder at a firm
The same research points to where firms are exposed.
The first is control. A compromised or malfunctioning AI tool that nobody can quickly stop keeps working. At a firm, that’s a confidentiality problem extending itself, or a flawed draft moving toward a deadline, for as long as it takes someone to figure out how to pull the plug.
The second is visibility. A third of organizations (33%) don’t require staff to disclose when AI was used in their work. At a firm, that means work product leaving the building with AI involvement nobody logged. You can’t review what you didn’t know happened, and the duty to supervise assumes you can.
The third is ownership. One in five (20%) don’t know who would be accountable if an AI tool caused harm, and only 38% point to leadership. The rules don’t leave that open. Accountability sits with the supervising lawyer and the partners whether or not anyone has claimed it. The research describes firms where nobody is holding the responsibility. The rules say someone already is.
Then there’s the part after something goes wrong. Fewer than half of those surveyed were confident they could investigate and explain a serious AI incident to leadership or a regulator. For a firm, that’s the conversation you don’t want to have with a client, your malpractice carrier, or a judge, with nothing but a shrug.
The survey behind these numbers was European and tied to the EU AI Act, which is not your law. But you don’t need a European regulator to care. Your duty of confidentiality under Business and Professions Code section 6068(e) doesn’t soften because a tool, rather than a person, made the disclosure. Clients are starting to ask how you handle their information with AI. Cyber liability carriers are starting to ask too, and the renewal gets harder when the honest answer is that nobody is sure.
Treat it like a member of staff you’re responsible for
You already know how to handle a person whose work goes out under the firm’s name. You supervise them. You know what they’re working on, who they answer to, and how to stop them if something’s wrong. An AI tool drafting and deciding inside your systems is no different in what it demands, except it can move faster and was never onboarded.
So onboard it, the same way you’d bring any new AI tool into the firm deliberately. Find out which tools in the firm are using AI, including the ones that turned it on through an update nobody read. Assign an owner for each, a real person responsible for how it’s used and what happens when it misbehaves. Confirm you can pause or shut each one off, and that someone knows how. Write down, in plain terms, how the firm would investigate and explain an incident if a client or a carrier asked tomorrow.
None of that slows the practice down. It’s the supervision you already owe, applied to software that quietly joined the staff.
So, back to the question this started with. Could you, today, tell us which tools in your firm are using AI, who owns each one, and how you’d shut one off if it went sideways? If the answer is closer to “not really” than to “yes,” that’s the gap worth closing. We help firms map where AI is running, assign clear ownership, and document how they’d stop and explain an incident before a client, a carrier, or a court is the one asking. It’s usually less work than partners expect, and far easier to do now than after one of those pressures forces it.