Traditionally, the relationship between a company and its outside advisors, law firms, consultants, and financial advisors has been governed by confidentiality agreements, attorney-client privilege, and codes of professional ethics. These agreements assure that these outside advisors have access only to the information necessary for the scope of the project. However, artificial intelligence is becoming a mainstay in these working relationships, dismantling that clear separation.
AI-powered productivity tools are increasingly deployed not just within a single organization, but across shared digital workspaces, the collaborative platforms where companies and their external advisors jointly draft documents, manage new projects, exchange data, and make decisions. This shift represents a fundamentally new risk landscape, one that most organizations and their advisors have not yet adequately mapped.
This post identifies the three primary risk categories that arise when AI enters these shared spaces and the key considerations to mitigate them.
Risk 1: Confidentiality
When AI tools operate within a shared workspace, there are two primary threats to client confidentiality:
1) Cross-client training and model contamination, and
2) over-input of information.
Cross-Client Training Model Contamination
Many AI tools learn continuously from user interactions. For example, if a law firm’s AI assistant is trained, even implicitly, on documents, queries, and outputs across multiple client engagements sharing a platform environment. In this case, client information can become embedded in the model’s behavior. The AI may begin surfacing language, structures, or strategic approaches drawn from one client’s confidential materials when assisting another. This is an example of cross-client training contamination.
Over-Input of Information
When processing the information above, AI tools may ask follow-up questions, or the user may want to include additional context and guidance for the tool. These prompts and the need for greater contextual clarity may drive users to input additional information, information that may not normally be shared or be strictly necessary for the task at hand. This could lead to AI tools being trained on, and potentially re-sharing, information that is not strictly necessary.
Risk 2: Overexposure
AI processes operating across shared workspaces introduce a new failure mode: overexposure through automated workflow. When an AI agent is tasked with summarizing documents, preparing briefings, or surfacing relevant materials, it may draw on content from across the workspace without respecting the role-based and project-based permissions designed to contain that information.
Misconfiguration and Permission Gaps
AI tools in shared workspaces are typically configured by IT or platform administrators, not by the lawyers or compliance officers who understand the sensitivity of the underlying information. Permissioning structures that may be technically correct for human access often fail to account for how AI agents traverse and aggregate information. A consultant with project-scoped access to a workspace may, through the AI layer, receive synthesized summaries that draw on materials outside their authorized scope.
Role and Project Segmentation Failures
Even well-intentioned configurations can break down when AI tools are updated. For example, this could occur when team membership changes or when workspace structures evolve mid-engagement. Unlike a human employee who is subject to ongoing supervision, an AI system with broad access will continue operating at that level until it is explicitly restricted. The moment of overexposure may be difficult to trace, making the discovery of these failures especially challenging.
Risk 3: Accountability
Who is Responsible when AI makes the decision? Professional service relationships often assign responsibilities clearly; for example, the lawyer is responsible for legal advice, the auditor for the audit opinion, and the consultant for the recommendation. These lines of responsibility are the foundation of malpractice liability, professional licensing, and regulatory compliance. However, AI tools make this division more complicated.
The Absence of Auditable Decision Trails
Many AI tools used in professional services do not generate decision logs or explainable outputs in a meaningful sense. When a deal recommendation, a compliance conclusion, or a litigation strategy is influenced by an AI-generated analysis, there may be no record of what data the AI considered, what it weighted, or what it excluded. If the decision is later challenged in litigation, a regulatory proceeding, or a malpractice claim, the AI’s contribution cannot be reconstructed or audited.
Diffused Liability Across a Shared Platform
In a shared workspace involving the company, its law firm, its auditors, and potentially a technology platform provider, an AI-assisted error may have no clear owner. Did the AI fail because of a platform defect? Because the law firm configured it incorrectly? Because the company provided bad inputs? Because no human professional adequately reviewed the output? Engagement letters, platform terms of service, and professional liability policies may not be drafted to answer these questions.
Key Considerations in Light of these Risks
The risks described may be present in any organization that has extended its advisory relationships (law firms, consultants, and financial advisors, to name a few) into AI-enabled collaborative platforms. To minimize these risks, organizations may want to consider the following tips:
Consider…
- Auditing shared platforms and tools currently used with outside advisors to identify any AI features, and map what data those features can access.
- Reviewing engagement agreements, NDAs, and platform terms of service for AI-specific confidentiality provisions.
- Assessing whether AI access controls in shared workspaces respect role-based and project-based information silos and construct limitations where they do not.
- Establishing AI decision-logging protocols with outside advisors, including requirements for human review and sign-off before AI-influenced advice is acted upon.
- Negotiating clear contractual allocation of liability for AI-related errors across the full advisory chain, company, advisors, and platform providers.
- Briefing executive leadership and the board on AI-specific risks in advisory relationships, particularly in regulated industries where privilege and data protection obligations are most acute.
Establishing governance frameworks for AI early in advisory relationships may enable companies to reduce their own exposure and hold advisors accountable if one of the risks of use materializes.