Claude Integration for a Chicago Law Firm
A governed Claude integration that triages a busy attorney inbox, surfaces urgent matters, and produces native Outlook drafts for attorney review, with matter isolation, deterministic policy enforcement, and no auto-send.
What we set out to solve.
A solo-practice attorney was losing hours each day to high-volume inbox triage and routine drafting, with real risk of missing deadlines, dispute notices, and client emergencies. Off-the-shelf AI assistants over-collect privileged content, treat prompts as security controls, and create unacceptable confidentiality and malpractice risk inside a regulated legal practice.
How we built it.
Governance before code
Phase 0 of the engagement delivers a written data inventory, vendor processing register, approved Anthropic commercial and ZDR arrangement, AI-use policy, retention and legal-hold rules, and an attorney-labeled evaluation set. No client content is processed until every governance gate is signed off by the responsible attorney.
Deterministic policy first, model second
A policy engine enforces account allowlists, matter authorization, recipient locks, attachment rules, and risk classification in deterministic code. Claude is only invoked where the rules cannot confidently classify a message, and never owns the security boundary. Outputs are schema-validated and pass through post-generation validators that reject unsupported deadlines, fees, commitments, or new recipients.
Native Outlook drafts, no auto-send
The system watches the firm mailbox via Microsoft Graph change notifications reconciled by delta query, then writes native Outlook drafts for the attorney to review and send manually. It holds Mail.ReadWrite only, with no Mail.Send permission, so no model response can ever cause an outbound email.
Matter isolation by design
Matter membership comes from an authoritative case-management source. Unknown or low-confidence messages are quarantined and never enriched with another matter's context. Database workers run without BYPASSRLS, transaction-local authorization is set and cleared per transaction, and adversarial isolation tests gate every release.
The numbers.
What it changed.
A drafting and triage system the firm can actually defend: governance approved before code, the model treated as a supervised drafting component rather than the security boundary, and every send still happening from Outlook by the attorney. The pilot is structured as gated phases so each capability earns its way into production against real accuracy, safety, and confidentiality evidence.