As legal AI evolves from chatbots to autonomous agents that work toward objectives, make decisions, and adjust their actions based on real-time feedback, the question is no longer who is responsible, but how responsibility is applied when legal work moves from discrete tasks to ongoing, autonomous workflows?
Introduction
With the emergence of agentic AI, the legal profession has entered a new phase of AI adoption. Unlike traditional generative tools that produce text in response to user prompts, agentic systems are designed to act with a degree of autonomy, independently executing complex sequences of tasks. They can research case law, draft motions, review contracts for risks, send follow-up communications, and even initiate filings, all with minimal human intervention.
Law firms remain fully responsible for the outcomes these systems produce, just as they are when a human makes a mistake. However, while the shift to agentic AI promises substantial efficiency gains, it also introduces practical challenges in how liability, supervision, and risk are applied in real workflows, well beyond the familiar issues of hallucinations or inaccurate outputs.
The Core Liability Challenge
With traditional generative AI, the primary risk is tied to output. If a system fabricates a citation or produces inaccurate analysis, the lawyer who relies on that output is accountable under existing standards of competence, candor, and supervision. Courts and bar associations have consistently made it clear that these duties cannot be delegated to a machine. Agentic AI changes the nature of that risk. These systems operate across entire workflows, initiating actions, making decisions, and carrying work forward over multiple steps. The result is a shift from isolated output risk to broader workflow risk. A single failure is no longer contained in one task. It can propagate across an entire process, or across multiple matters, before it is detected.
For example, an agent configured to manage a discovery workflow that misapplies filtering logic could systematically exclude relevant documents across multiple matters before the issue is identified. In this scenario, the risk is not a single flawed output, but a repeated and scaled failure embedded within the workflow itself.
A similar dynamic can occur in contract review. An agent tasked with redlining a single agreement might autonomously pull in clauses from related documents, propose revisions to the counterparty, or surface positions that extend beyond the intended scope, all without explicit instructions. If those actions contain errors or exceed the client’s risk tolerance, the firm faces difficult questions about whether the mistake stemmed from poor configuration, inadequate supervision, or the agent acting within its broadly defined objective.
This is where traditional accountability models become hard to apply in practice. The core duties remain the same, but applying and documenting them effectively becomes far more difficult when errors occur at scale, across autonomous steps, and with reduced real-time visibility.
What Existing Frameworks Still Make Clear
Current legal and regulatory frameworks remain clear on one fundamental point: the standard of care in legal practice is technology-neutral. The use of AI, no matter how advanced or autonomous, does not reduce a lawyer’s professional obligations. ABA Model Rule 1.1 (Competence) requires lawyers to have the knowledge and skill “reasonably necessary for the representation,” which would include keeping abreast of the benefits and risks of relevant technology. Model Rules 5.1 (Responsibilities of Partners, Managers, and Supervisory Lawyers) and 5.3 (Responsibilities Regarding Nonlawyer Assistance) require that lawyers with managerial or direct supervisory authority make reasonable efforts to ensure that all work conforms to the Rules of Professional Conduct. Taken together, these rules make clear that the use of agentic AI does not shift responsibility from the lawyer or the firm, regardless of how autonomous the system may be.
Independent judgment and appropriate supervision are still required regardless of whether the work is performed by a human or generated by an AI system. ABA Formal Opinion 512 (Generative Artificial Intelligence Tools) reinforces this framework, confirming that lawyers must understand the capabilities and limitations of AI tools and continue to fulfill their duties when using them. In practical terms, this means that lawyers must remain actively engaged in overseeing AI-driven work, rather than relying on these systems in ways that reduce direct professional oversight.
Where Firms are Feeling the Pressure
While these responsibilities remain clear, applying them in practice is becoming significantly more complex as law firms begin to deploy agentic systems in real workflows. Several areas of tension are emerging that highlight the growing gap between existing legal accountability frameworks and the realities of autonomous systems.
How should supervision be defined when work is no longer discrete, but ongoing and system-driven?
First, supervision is becoming harder to define and document.
Traditional oversight models were designed for discrete tasks performed by individuals. Agentic systems, by contrast, operate continuously and across multiple steps and decisions. This makes it more difficult to determine what constitutes appropriate oversight and how that oversight should be documented in a meaningful way.
How should responsibility be applied when an AI agent operates outside its intended scope, similar to a human associate acting without proper oversight?
Second, scope control and containment are increasingly difficult.
When an agent operates beyond its intended boundaries, even within the same matter, it becomes difficult to determine whether that behavior reflects a design flaw, a configuration issue, or gap in supervision.
Will AI providers face increased exposure under evolving legal theories, especially if the agent’s “black box” decision-making makes errors hard to trace?
Finally, insurance and risk management are evolving rapidly.
Malpractice insurance carriers are paying close attention to how firms deploy agentic AI. Some are introducing exclusions or limitations for higher-autonomy use cases, while others warn that over-reliance without verification could affect coverage. In this environment, strong governance and process discipline matter as much as the technology itself.
How will insurers assess coverage and risk when errors stem from autonomous systems rather than discrete human actions?
Malpractice insurance carriers are paying close attention to how firms deploy agentic AI. Some are introducing exclusions or limitations for higher-autonomy use cases, while others warn that over-reliance without verification could affect coverage. In this environment, strong governance and process discipline matter as much as the technology itself.
How Forward-Thinking Firms are Responding
To address these challenges, some firms are developing more structured governance frameworks for agentic AI.
Rather than relying on traditional oversight models, they are putting in place practical measures that respond directly to the new realities of autonomous systems. Some firms are addressing supervision challenges by creating defined validation checkpoints at key decision stages, maintaining detailed audit logs that track agent reasoning and actions, adopting sampling protocols for ongoing review, and setting clear escalation triggers that automatically flag issues requiring human intervention.
On scope control, firms are implementing stricter prompt engineering, role definitions, and boundaries within agent configurations, along with real-time monitoring tools that alert supervisors when an agent begins to operate outside its approved parameters.
To strengthen vendor relationships and contracts, firms are moving beyond standard agreements by negotiating specific terms around audit rights, explainability requirements, error tracing capabilities, and shared responsibility models. Some are also requiring vendors to provide detailed logging and testing documentation before deployment.
Finally, on insurance and risk management, firms are working closely with their malpractice carriers early in the process, disclosing their agentic AI use, implementing robust governance protocols, and seeking clarity on coverage terms. Some are also building clear internal governance records that document supervision efforts and decision-making processes to support potential future claims.
By treating agentic AI governance as a core part of deployment rather than an afterthought, these firms are working to close the gap between traditional rules and autonomous technology while still capturing the promised efficiency gains.
Why This Matters Now
The real importance of these questions lies in scale. Agentic systems are designed to dramatically increase throughput, but they also scale risk at the same pace. When they work well, they reduce manual effort. When they fail, those failures can propagate quickly across multiple workflows and matters. This is not fundamentally different from other forms of operational risk, but it is amplified by the potential speed and reach of agentic AI systems.
Without clear governance, including audit trails, human oversight protocols, and updated supervision policies, firms risk heightened exposure to malpractice claims, sanctions, and regulatory scrutiny. This makes governance central to responsible deployment, not optional. Forward-thinking firms already treat agentic AI like a new class of junior colleague, one that requires training, defined supervision standards, and clear accountability.
Beyond internal governance, client expectations and disclosure obligations may further complicate deployment decisions. Where autonomous systems materially influence legal strategy, communications, or outcomes, questions of informed consent and transparency may arise, particularly as clients become more aware of how agentic systems operate in practice.
Looking Ahead
As agentic AI becomes more deeply embedded in legal workflows, governance frameworks across courts, bar associations, and regulatory bodies will continue to evolve to address its unique characteristics. Much like the evolution of rules governing electronically stored information in discovery, we can expect a gradual but deliberate expansion of standards to account for autonomy, scale, and complexity. This evolution will likely include clearer expectations around supervision, more explicit allocation of responsibility between users and vendors, and new requirements for transparency, auditability, and control. For now, the direction is clear. Firms that treat agentic AI as both a powerful capability and a serious governance challenge will be far better positioned to capture its value while managing its risks. Those that prioritize speed of deployment over structure will find that liability questions emerge faster than they can be answered.
What guardrails are your firm putting in place for agentic AI?
