I spoke yesterday to the Digital Entertainment Group or DEG about NFT legal strategy - here is the video below - I step through numerous weighty legal-tech issues for any NFT project beginning at about the seven minute mark. I hope you find it helpful. youtu.be/YazOOzLQacI

Mythos is getting pushback from the legal AI folks for not having ZDR, and that critique matters. It’s also ironic that most legal SaaS tools that call LLM APIs, after pages of privacy‑protective language, still reserve the right to retain, analyze, and disclose lawyer–client data when they believe it’s necessary to comply with law or protect their own rights and safety. That’s not a heckle—those clauses are prudent—but it shows just how much trust lawyers already place in their SaaS providers who are in the AI agent workflows.

Welcome to the clickstream monitoring era of lawyers using AI. If lawyers use AI agents, every workflow step requires logging —- the need for quality control, risk reduction, and supervisory obligations require your firm to know what the agent was doing behind the scenes while you weren’t looking, and to make sure you’re not over-delegating to the AI. Ironically, AI work is loggable by default - the clickstream already exists whether you want it or not. So it’s no longer “should we log this,” it’s “do we dare delete it” - and deleting it looks far worse than never having it. Insurers will require it before the bar does. Regulators will likely require judges to log AI interactions and workflows and to store them. But the same clickstream that is evidence you supervised also suggests when you didn’t - one minute to approve a 60 page brief or contract is not a good look for a lawyer under oath - and these logs may be discoverable and not privileged in certain contexts. Don’t log and you can’t defend your work. Log and you’ve built a forensic record of your own lapses. Either way, the lawyer’s judgment is no longer invisible the way it used to be. You’re not just adopting AI - you’re putting a clickstream analyzer on yourself and your law firm. This AI logging era will be particularly challenging to the design evolution of platforms like Harvey and Legora.

Kirkland with a 500M investment in AI legal is important in signaling a big advantage and controlling their own AI intelligence layer and hybrid search and document stores. Harvey and Legora, while very robust and helpful early wrapper platforms for firms needing a quick AI infusion, may end up being an AI concept prover for some firms -but still hugely helpful to firms without the budget and talent to build their own platform. Once big firms ramp up they may very well see that they need to own their intelligence layer and workflows and market that they are different and better or more AI native than other firms in the AI tech space who use only mass AI legal vendors.

AI legal platforms contain dual use data that can be turned against lawyers. The same AI legal platform that lets one associate review 300 contracts can also prove they barely read them. I build AI legal tools. That’s the paradox that keeps me up at night. Do we instrument the “lawyer in the loop”? Log which documents they opened, which flagged clauses they actually dwelled on, how long passed before they hit approve and sent the email? One minute to approve hundreds of contract reviews or a major brief is not a good look! The moment we build that telemetry or clickstream, we built a forensic record of lawyer supervision — which is also a forensic record of non-supervision. Shield and sword, the same feature. Better than a camera following the lawyer around the office, because it captures not just that they were there, but what they touched and for how long and in many cases it’s logged, time stamped, and stored in a database. There’s a word for that type of trail: clickstream. I have some history with it. More than 25 years ago I was co-lead counsel in one of the first internet privacy class actions in the US — In re DoubleClick — where “clickstream” was central to the case: the behavioral trail companies were quietly recording about ordinary users. I never expected to spend my older years writing the code that records a clickstream on lawyers instead. Similar mechanism, different target — except this time I’m the one building it. So here are the eleven questions that are important to the future of AI legal workflow usage I keep circling: 1.What level of supervision including lawyer clickstream monitoring is actually required — and does “reasonable assurance” of review now mean assurance you can demonstrate? 2.Should a firm turn this monitoring on at all, knowing the same record that proves diligence also exposes rubber-stamping? 3.Can a firm turn it off — and is disabling a capability you have worse than never having built it in the first place? 4.Are the AI legal platform vendors required to offer this monitoring, or do they build it purely to sell defensibility and shift liability onto the firm? 5.Will malpractice insurers require it — and won’t they move faster than the bar, since coverage conditions bite harder than ethics rules? 6.Where does the insurer draw the coverage line: any use of AI, undocumented use, or only over-delegation severe enough to be recharacterized as unauthorized practice of law and excluded? 7.Why don’t the lines match — the bar drawing it at the substance of judgment, regulators at system design, and liability courts retrospectively on whatever record happens to exist? 8. How does “AI-native” marketing change the math, when boasting about rigorous human oversight is itself a standard-of-care admission you then have to back up? 9.What happens when client promises convert these soft professional norms into hard contractual obligations you can be sued on? 10. Is any of this protecting clients — or just protecting firms and their insurers? 11.The endpoint: do we turn the AI workflow back on the lawyer — gating the final document until the human “complies” with the system’s requirements? At which point supervision of the AI quietly becomes the AI supervising the lawyer. We asked for a human in the loop. We might end up with a loop that keeps the human in line.

Some law firms are sleepwalking into AI agent MCP risk. The Anthropic Claude MCP uses are powerful perhaps too powerful. MCPs are lower resistance APIs. The challenge for any law firm is for IT and cybersecurity pros to control the data entry and exit points to their tech stack — MCPs without oversight can make a law firm vulnerable at scale. Each MCP call involving law firm data can transmit sensitive and privileged information to a third-party vendor where it can be logged, retained, or misused. Ask: “What can this MCP actually see?” Then compare that access against the vendor’s terms of use, privacy policy, logging practices, retention rules, subprocessors, and enterprise agreements before making an informed risk-benefit decision. Looking only at MCP (or API) calls, an adversary can often stitch together litigation strategy, negotiation posture, investigative priorities, or vulnerabilities. Good AI governance is not “trust the defaults.” It is: • least-privilege access • documented data flows • minimized logs • human approval layers • negotiated enterprise protections Here is an AI-generated infographic from my notes.

The best Legal AI is ironically entities who may not know it yet - such as Qdrant, pinecone, Weaviate, and Databricks etc. They can standardize the AI law hybrid search - vector stores- RAG layer or AI Harvey like “vault” law firms can own - and make available for a variety of AI workflow tasks from multiple vendors with minimal lock in.

AI legal tech thoughts O’ the day. With the Anthropic AI law stack roll out it and broad mcp support for Westlaw, document clouds, and free caselaw, it seems inevitable that Claude will catalyze lawyers building their own custom and more simplified Harveys. The tech for the missing “glue tool” is in place - the hybrid search and vector store to replace “vaults” - once that layer gets easier and controlled by law firms it seems like large AI platform lock in will be unwise opening a climate where AI legal vendors compete in areas of minimal lock in. Ironically box, Egnyte, and imanage (and all Ediscovery platforms) may be in the best position here to provide standardized vector store mcp functionality as a natural extension of document management and search /retrieval.

Test x.com/i/spaces/1nKOLEZgEzAGR

Replay of our .2 SiliconHolly spaces. Agentic commerce, NFTs, stablecoin, AI law hallucinations. Is B to C AI agent commerce useful?

Set a reminder for my upcoming Space! x.com/i/spaces/1YxNrZVdyVzxw

Warning: Your Firm’s Knowledge Should Outlive Your AI Vendor The major legal AI platforms are building genuinely impressive products. They are also building something the legal industry should think carefully about: closed institutional intelligence layers that compound in value the longer firms use them, and that firms cannot meaningfully take with them when they leave. This is the lock-in paradox of the current legal AI moment. A vector store built during eDiscovery review — enriched with thousands of attorney tagging decisions, privilege calls, issue codes, and witness associations — should not have to be rebuilt for AI agents drafting briefs, for prompting to surface supporting evidence at deposition, for trial preparation, for chronology generation, for appeal, or for the next related matter. One review. One intelligence layer. Every downstream use. Read more here... x.com/rothken/status/2053980…

The arguments behind every landmark Supreme Court ruling have never been freely available to the public… until now. Thanks to a gift from the Wolf Law Library at William & Mary Law School, more than 125,000 #SCOTUS records & briefs are now freely freely available on the Internet Archive, spanning 1830 through 2019. The arguments that shaped America, including Brown v. Board of Education. Loving v. Virginia. Read the full announcement ⤵️ blog.archive.org/2026/04/20/… @WMLawSchool #SupremeCourt #DemocracysLibrary