AI Agents Are Doing Legal Work Without a License. Are You Supervising Them?
Blog post description.
5/28/20268 min read
AI Agents Are Doing Legal Work Without a License. Are You Supervising Them?
By Angeli Fitch, AI Compliance & Ethics Attorney | 20+ Years of Trial Experience | Creator of the State Bar-Approved CLE Course "AI Ethics for Attorneys"
What is an AI agent, and why should lawyers be paying attention?
An AI agent is not the same thing as a chatbot you prompt and review. It is an AI system that takes actions autonomously — planning a sequence of steps, making decisions along the way, using tools like web search or document access, and completing tasks with little or no human input between start and finish.
If you have asked an AI tool to draft a contract, review a set of documents, summarize deposition transcripts, send a follow-up email, or manage a research workflow from beginning to end — you may already be using an agent, whether or not your vendor calls it that. The defining characteristic is not the label. It is autonomy: the system is making consequential decisions on your behalf without you reviewing each one in real time.
That distinction matters enormously for lawyers. Every time an AI agent makes a decision in the course of your legal work, your professional responsibility obligations are implicated — and the agent has none of its own.
What ethical rules apply when a lawyer uses an AI agent?
The same rules that have always applied. AI agents do not create a parallel ethics framework. They create new ways to violate the existing one.
The duty of competence under Rule 1.1 requires that you understand the tools you use well enough to supervise their output. An AI agent that autonomously drafts correspondence, analyzes documents, or makes strategic recommendations is doing work you are responsible for. If you cannot evaluate whether that work is accurate, complete, and consistent with your client's interests, you are not competently supervising it.
The duty of confidentiality under Rule 1.6 applies to every piece of client information an agent accesses, processes, or transmits. Agentic systems are often designed to pull data from multiple sources, connect to external tools, and send outputs to other systems. Each of those connections is a potential confidentiality exposure. The question is not whether the agent is authorized to do something technically — it is whether the attorney has evaluated whether that data flow is permissible under the client's confidentiality protections.
The duty of communication under Rule 1.4 requires that clients be kept reasonably informed about the means by which their matters are being handled. As AI agents take on more substantive tasks, the question of what clients are owed in terms of disclosure is becoming harder to avoid. Several bar ethics opinions issued in 2024 and 2025 have addressed AI disclosure generally, and the direction of travel is consistent: clients have a legitimate interest in knowing when AI is doing meaningful work on their matters.
The supervisory obligations under Rules 5.1 and 5.3 apply in full. If an agent is doing work that a paralegal or associate would otherwise do, the supervisory standard is the same. The fact that the agent is software does not reduce your responsibility for what it produces — it may increase it, because the agent has no professional judgment, no license, and no awareness of what it does not know.
What makes AI agents riskier than standard AI tools from an ethics standpoint?
The risk with a standard AI tool is primarily about output quality — the attorney prompts the tool, receives a result, and is responsible for reviewing it before it goes anywhere. The failure mode is predictable: an attorney who does not review AI output carefully enough files something inaccurate or incomplete.
AI agents introduce a different category of risk: consequential action taken without attorney review at each step.
An agent managing a document review workflow might flag certain documents as privileged or non-responsive without an attorney reviewing each call. An agent drafting and sending client communications might dispatch correspondence the attorney has not approved. An agent conducting legal research and summarizing results might present a synthesis that contains errors the attorney never sees because the attorney only received the summary, not the underlying sources.
The harm is not just that the output might be wrong. It is that by the time the attorney becomes aware of a problem, the action has already been taken. A document has been produced. An email has been sent. A filing deadline has been missed because the agent misread a docket entry and no one was watching.
This is the operational risk of delegation without supervision — and it is the same risk that has generated malpractice claims and disciplinary actions for decades, now running at machine speed.
Can an AI agent engage in the unauthorized practice of law?
This is one of the most serious questions the profession is working through right now, and as of May 2026, no jurisdiction has definitively resolved it. But the analytical framework is clear enough to guide responsible practice.
The unauthorized practice of law prohibitions exist to protect the public from unqualified entities making legal judgments that affect people's rights and obligations. The question is not whether an AI agent is a person — it obviously is not. The question is whether the output of an AI agent, when delivered to a client or used in a legal proceeding, constitutes legal advice or legal services provided without adequate attorney supervision.
If an agent drafts a legal memorandum that goes to a client without meaningful attorney review, it has functionally rendered legal advice. If an agent makes a litigation strategy recommendation that an attorney adopts without independent analysis, the agent has influenced a legal judgment. If an agent communicates with a client about the status or strategy of their matter without attorney oversight, it is engaging in client communication that courts have traditionally treated as part of the practice of law.
The attorney does not escape responsibility in any of these scenarios by pointing to the agent. Under the current framework of every state that has addressed this, the attorney who deploys the agent is the responsible party. The unauthorized practice analysis runs against the attorney's supervision of the agent — not against the agent itself.
What specific risks do agentic systems create for client confidentiality?
Several, and they are not all obvious.
Data scope creep is among the most common. Agents are often given broad access to firm systems — email, document management, calendaring, billing — to accomplish tasks efficiently. That access means the agent may encounter and process confidential information from multiple client matters, not just the matter it was deployed for. If the agent's architecture does not isolate client data rigorously, information from one matter can influence outputs in another.
Third-party tool connections are a significant exposure. Most commercially available agentic systems integrate with external tools — web search, database access, cloud services, API connections to other platforms. Every external connection is a potential data flow outside the firm's control. Attorneys who deploy agents with these connections without reviewing what data leaves the firm's environment, where it goes, and how it is handled have not met their confidentiality obligations under Rule 1.6.
Logging and auditability present their own problem. If an agent takes a series of autonomous actions on a client matter and something goes wrong, can you reconstruct what the agent did and why? Many agentic systems do not produce the kind of decision log that would allow an attorney to explain to a client, a court, or a disciplinary authority exactly what occurred. That opacity is a governance failure — and in a disciplinary proceeding, the inability to explain what happened is not a mitigating factor.
What do bar ethics opinions say about AI agents as of 2026?
Bar ethics bodies were still largely addressing generative AI in its simpler forms — chatbots, research assistants, drafting tools — when they issued the wave of formal opinions in 2023 and 2024. The ABA's Formal Opinion 512, issued in 2024, addressed AI use broadly and established the framework that has guided most subsequent state bar guidance: attorneys must understand the tools they use, must supervise AI-assisted work as they would any delegated work, and remain personally responsible for all AI-assisted output.
As of early 2026, several state bars have issued or are drafting supplemental guidance specifically addressing agentic AI systems. The California State Bar's AI Working Group has flagged agent supervision as a priority area. The ABA's Standing Committee on Ethics and Professional Responsibility has indicated that additional guidance on agentic systems is forthcoming. While no formal opinion specifically governing agents has been finalized at the national level as of this writing, the principles in existing opinions apply — and the direction of the guidance being developed is consistent with a higher, not lower, supervision standard for autonomous systems.
Practitioners should not wait for final guidance to establish governance practices. The existing rules are sufficient to define the obligation. Agentic AI is doing legal work. You are responsible for that work. The supervision standard is the same one that has always governed delegation to nonlawyers — and the consequences for failing to meet it are the same.
What should a law firm do right now to use AI agents responsibly?
Define the scope of agent authority before deployment, not after. Every agentic system your firm uses should have documented parameters: what tasks the agent is authorized to perform, what data it can access, what actions it can take without human review, and what triggers mandatory attorney review before the agent proceeds. Autonomy without defined limits is not a feature — it is an unmanaged risk.
Build human review checkpoints into agent workflows for any action that is consequential and hard to reverse. Sending client correspondence, producing documents in litigation, filing court submissions, making billing entries — these are not tasks that should run to completion without an attorney reviewing the output. The efficiency gain from removing those checkpoints is not worth the exposure they prevent.
Audit what your agents are actually doing. If you cannot pull a log of the actions an agent took on a client matter — what it accessed, what it produced, what it sent — you do not have the visibility you need to supervise it. Require vendors to provide audit logs as a condition of deployment. If the vendor cannot provide them, that is material information about whether the tool meets your supervisory obligations.
Train your attorneys and staff on the difference between using AI and supervising AI. These are not the same activity. Using AI means prompting a tool and reviewing its output. Supervising AI agents means understanding what the agent is doing, having checkpoints to catch errors before they become actions, and maintaining accountability for the agent's work product. The attorneys in your firm need to understand which mode they are in and what each requires.
What is the core principle lawyers should apply when evaluating whether their AI agent use is ethical?
If a first-year associate took the same autonomous actions your agent is taking, without checking in with you, would you consider that adequate supervision of their work?
If the answer is no — if you would require the associate to get approval before sending that email, flag that research for partner review before it went to the client, or hold that filing until you had read it — then the agent needs the same checkpoint.
The standard for supervising AI agents is the standard for supervising people doing legal work. It does not go down because the entity doing the work is software. In some respects, given that the agent has no professional judgment and no license, the argument runs the other way.
How can attorneys get structured guidance on AI agent compliance?
This is the leading edge of AI ethics in legal practice, and it is moving quickly. The attorneys and firms getting ahead of it now are the ones who will be positioned to use these tools confidently and defensibly when the guidance catches up to the technology.
I address AI agent supervision, agentic risk frameworks, and the evolving ethics obligations around autonomous AI in my State Bar-approved CLE course, AI Ethics for Attorneys. I also work directly with law firms to build AI governance structures that address both current tools and the agentic systems that are rapidly becoming standard. [Contact me] to discuss what your firm needs.
Angeli Fitch is an AI Compliance & Ethics Attorney and trial lawyer with more than 20 years of experience. She is the creator of the California State Bar-approved CLE course "AI Ethics for Attorneys" and advises law firms and legal professionals on ethical AI adoption, compliance, and governance. She is Of Counsel at Infinity Law Group and available for speaking engagements, CLE instruction, and advisory work.