The first-pass legal review of NDAs, MSAs, and standard commercial contracts is largely an agent's job in 2026. The bar has not been kind to firms that pretended otherwise. Here is the use-case-by-use-case state of legal agents and the supervising-attorney pattern that holds up under malpractice scrutiny.
Where they replaced first-pass review
NDAs and DPAs
High volume, narrow form, well-known clause library. Agents extract terms, flag deviations from playbook, suggest redlines. Time saved per NDA: 30–60 minutes.
Standard MSAs
The agent compares against your playbook, flags every meaningful deviation, ranks them by risk. The lawyer reviews flagged items, not the whole document.
Procurement contracts
SaaS subscriptions, hardware leases, professional services. Pattern-rich; the agent learns your company's preferred positions and negotiates from there.
Employment offer letters and onboarding
Standardised; the agent generates from approved templates and flags any custom clauses for legal sign-off.
Where they backfired
Litigation strategy
Pattern matching on legal arguments produced confident-but-wrong recommendations. Several public failures. Agents now recommend research, not strategy.
Novel commercial deals
The first 80% looks like standard contracts; the 20% that does not is where deals are won or lost. Agents miss the novel parts.
Regulatory interpretation
Agents extrapolate from training data. New regulations are by definition not in training data. Wrong answers here are expensive.
Cross-jurisdictional
Same clause means different things in different jurisdictions. Agents trained on US law confuse English law fluently.
The supervising-attorney workflow
The pattern that the bar accepts:
contract arrives
↓
agent: extract + classify + redline against playbook
↓
supervising attorney reviews:
• flagged deviations
• novel clauses
• cross-jurisdiction notes
↓
attorney signs off (with audit log)
↓
client receives output
Two non-negotiables:
- A human attorney signs off; the agent does not.
- The audit trail captures what the agent did, what the attorney reviewed, and the basis for sign-off.
Architecture
Three layers most legal agent products share:
- Document ingest — OCR, structure detection, clause segmentation.
- Clause analysis — extraction, classification, comparison against your playbook.
- Output generation — redlines, summary memo, risk ranking.
The good products separate the layers cleanly so you can swap models or playbooks without rebuilding the rest.
Playbook is the moat
Generic legal agents are mediocre. The differentiator is your firm's playbook: preferred positions, fallback positions, walk-away thresholds. Encoding this:
clause: limitation_of_liability
preferred:
cap: "1x annual fees"
exclusions: ["IP infringement", "breach of confidentiality"]
fallback:
cap: "2x annual fees"
walk_away:
cap: "uncapped"
Apply in the agent's prompt; the redlines reflect your firm's positions, not generic ones.
What the regulator and bar actually expect
Three things, varying by jurisdiction:
- Attorney supervision — a licensed attorney is responsible for the work product.
- Confidentiality — the agent must not leak client data; HIPAA-grade controls or better. See GDPR-compliant agents.
- Disclosure — clients are told AI is involved in their matter. Increasingly mandatory.
State bars (notably California, New York, Florida) issued specific guidance in 2025–2026. Most law firms now have an AI Use Policy that mirrors the guidance.
Quality metrics
Track:
- Issue catch rate — % of real issues the agent flagged (against attorney baseline).
- False flag rate — flags the attorney dismissed.
- Time to first draft — wall-clock from receipt to ready-for-review.
- Attorney edit rate — % of agent output the attorney materially changed.
Below 90% issue catch rate is not ready for prime time. Above 30% edit rate means the playbook needs work.
Build vs buy
Three patterns:
- In-house legal teams — buy from Spellbook, Harvey, Ironclad, or similar. Time-to-value is days.
- AmLaw 100 firms — most have built or are building proprietary stacks on top of these vendors.
- Solo and boutique — buy; build is too expensive.
Most teams overestimate the value of fully custom and underestimate ongoing playbook maintenance.
Common mistakes
- No supervising attorney — malpractice and bar discipline.
- Generic playbook — output is mediocre; teams revert to manual.
- No audit trail — cannot defend the work later.
- Treating litigation like contracts — different problem, different tools.
Where this is heading
Three trends for 2027: jurisdictional specialised agents (separate models for each major bar), audit-grade output formats blessed by professional liability insurers, and per-firm fine-tuned models common at large firms.