PRISM Methodology
PRISM 03Legal

Document-heavy, template-bounded, approval-gated. Legal work is shaped exactly like the work AI is built for.

Legal teams at PE-backed companies drown in the routine — NDAs, vendor paper, diligence requests — while the judgment work waits. Our skills clear the routine; the judgment stays with your counsel.

45→5 min
per inbound NDA — reviewed, not drafted
100%
of claims linked to a citation the reviewer can open
≥90%
qualification accuracy before an analyst sees an output
0
unsupported claims tolerated in production

The Principle

If it can’t cite the source, it doesn’t ship.

Every output traces back to a source document — no citation, no output.

Maker-checker

Documentinbound paperGeneratordraftsVerifierchallengesagree?yesShowncitations attachednoWithheldnot guessed

The same control structure banks use for wire approvals.

Confidence gating

Calibrated to within ±5%

90–100%
Shown to the analyst
75–89%
Flagged for review
50–74%
Queued
Below 50%
Withheld — not guessed

When the system says 90%, it’s right about nine times in ten — verified, continuously.

The Skill Catalog

The first wave: six skills that clear the queue.

Named, callable workflows — a button your legal team presses, not a blank prompt box.

0145→5 min

Inbound NDA & DPA triage

Compares inbound paper against your template, flags deviations, and proposes redlines matching the language your team used last time.

Reviewed, not drafted

023 hrs→20 min

Contract redline against playbook

Accept, push back, or escalate — decided per clause, with a response email in the deal owner’s voice.

Per-clause decisions

032 days→1 hr

Vendor agreement comparison

Liability caps, IP assignment, termination triggers, audit rights — pulled from every agreement into one comparison table.

One table, not forty PDFs

041 wk→1 day

M&A diligence classification

A data-room dump routed into workstreams, with per-document summaries and a gap list against the checklist.

Data room → workstreams

054 hrs→30 min

IP & patent summaries

Each new patent becomes a marketing one-pager and an engineering claim summary; inbound claims get a defensive read.

Two audiences, one source

061 day→2 hrs

Regulatory & compliance memos

Security attestations, privacy posture, certifications — drafted from source-of-truth documents with a citation on every claim.

Every claim cited

Worked Example

An NDA lands. Watch what happens.

Compare, flag, propose, escalate — the head of legal opens a finished review, not a blank document.

Inbound NDA — triage

Inbound NDA received

Counterparty paper, 24 clauses

Clause-by-clause comparison against standard template

21 of 24 clauses match corporate position

Non-compete: 3 years vs. our standard 18 months

Redline proposed — matches the language your team used the last six times

Governing law: matches corporate position

No action required

IP assignment: broader than standard

Escalated — flagged for the head of legal with the deviation cited

Proposed redline + response email drafted

In the deal owner’s voice, ready for review

Run logged · outcome added to the eval setReview time: 5 min

The flywheel

Run loggedOutcome recordedEval set growsPlaybook tightensevery runsharpens the next

Accepted, corrected, or escalated — every outcome feeds the eval set.

The 90-Day Legal Playbook

From your last 50 contracts to a working system. Twelve weeks.

Codify what your team actually does, prove it on live paper, widen week by week — no pilot purgatory.

Weeks 1–2

Codify the playbook

Your positions extracted from the last 50 executed agreements — what you actually accepted, clause by clause. The agents learn your playbook, not a generic one.

Weeks 3–4

Triage live

NDA and DPA triage in production, with the head of legal reviewing every run.

Weeks 5–8

Redlines & comparisons

Playbook redlining and vendor comparison go live. Deviation patterns show which clauses cost the most negotiation time.

Weeks 9–12

Diligence-grade

The M&A classifier and compliance memo drafter go live. Privacy assessments complete; telemetry reviewed with the GC.

Week 12

Wave two committed

The next skills are scoped, and the eval set becomes a permanent asset every future skill inherits.

The Compliance Workstream

Two regimes, one workflow.

The workstream that keeps every deployment defensible — in any function.

United States

State privacy laws — CCPA/CPRA and their successors.

One
workflow

Canada

PIPEDA federally, plus Quebec’s Law 25 — stricter than both.

PIA

Documented before launch — not after the first incident.

Disclosure

People are told when AI affects a decision about them.

Data-subject rights

Access and deletion reach AI logs; retention set on day one.

Regulatory monitor

A named owner tracks new AI law as it lands.

Mapped before a single skill goes live — nothing built twice, nothing built wrong.

Privacy Incidents, Automated

Incident risk assessment is itself a legal workflow. We built the product that does it.

The same pattern that runs your contract queue applies to your incident queue.

Proof · Privacy incident responseA privacy-technology company

Automated multi-factor risk assessment of privacy incidents — deciding what’s notifiable, in which jurisdiction.

A breach lands and the questions cascade: which regimes apply, what crosses the notification threshold, what the clock is. For a privacy-technology company we built the system that answers them — regulation in, structured decision out: a multi-factor risk assessment producing a defensible determination instead of a scramble.

IP & Liability

Who owns what AI creates.

Six questions with written answers before the first AI-touched contract ships.

IP ownership Settled under vendor terms before the first contract ships.

Copyright exposure Evaluated for anything externally published.

Vendor indemnification Read in full — what’s covered, what’s quietly excluded.

Open-model licenses Confirmed for commercial use. “Free to download” isn’t a position.

Customer contracts Updated wherever AI is part of service delivery.

Marketing claims “AI-powered” vetted for truth-in-advertising exposure first.

One coordinated workstream with privacy — not two silos.

Guardrails by Design

The judgment never leaves the humans.

Two rules, enforced in the design — not in a policy PDF.

Mandatory human sign-off

Wherever the decision is consequential, a person signs. Hiring, credit, legal positions, safety — no confidence score overrides that, ever.

Consequence decides, not convenience

Scoped access

Legal skills read the contract repository and nothing else. No payroll, no deal pipeline, no board folder.

Least privilege, by default

Specialist Knowledge at Scale

Your best specialist’s knowledge, on every matter.

Jurisdictional expertise doesn’t scale by hiring — agents carry the whole map at once.

Proof · Regulated collections55 jurisdictions

For a collections platform serving banks and credit unions, we shipped specialist agents carrying bankruptcy handling and repossession law across all 55 US jurisdictions — tuned to each institution’s compliance requirements and tone with zero code changes, and with instant human hand-off the moment a situation changes. The specialist knowledge lives in the system, not in one person’s calendar.

State-by-state privacy obligations

Which regime applies and what changed last quarter — resolved per matter.

Employment law variations

Notice periods, non-competes, termination rules — per state, per offer letter.

Regulated-industry marketing rules

Permissible claims checked before the campaign ships, not after the complaint.

Every jurisdiction on every matter, with a human the instant judgment is needed.

Case Proof

It has already cleared a harder reviewer than your GC.

Regulated deployment · Federal banking regulation

If it can clear bank regulators, it can clear your GC.

A compliance software company needed AI to qualify community-development activities under federal banking regulation — where a wrong answer is an exam finding, not an inconvenience. We shipped a citation-backed decision engine: every determination linked to its source, every confidence score calibrated, five validation layers aligned to bank model-risk guidance (OCC SR 11-7, NIST AI RMF).

30–60 min → minutes
analyst review time per determination
5 layers
of validation aligned to bank model-risk guidance

The GC’s Dashboard

You don’t trust it because we say so. You trust it because you can see it.

Every legal skill reports into one telemetry layer — your numbers, not a vendor scorecard.

01

Turnaround time

By paper type — NDA, DPA, vendor, customer. The number the business feels first.

02

Deviation frequency by clause

Which clauses actually cost negotiation hours — where your template should move.

03

Escalation rate trend

Falling as the playbook codifies; a rising line means it’s out of date.

04

Eval pass rate

On every prompt or model change. Nothing ships on a hunch.

05

A complete run log

Every review, every override, every version. The answer is a record, not a recollection.

Wave Two

Where it goes after the queue is clear.

Each second-wave skill inherits the positions, the guardrails, and the telemetry.

Obligation calendar

Renewals, exclusivity windows, price-rise clauses — tracked so nothing lapses quietly.

Employee policy Q&A

Answers with handbook citations; regulated topics route to a human.

Litigation hold workflows

Issued, acknowledged, and tracked — with the paper trail already assembled.

Board minutes & resolutions

Drafted from the meeting record in your house style.

Insurance certificate tracking

COIs collected, checked, and chased before they expire.

Sanctions & KYC summaries

Screening results condensed into a decision-ready summary with sources.

The Bottom Line

Legal gets the redlines. And the audit trail that makes every one of them defensible.

Ready to move

Start with the NDA queue.

The fastest proof in the legal function: two weeks from your standard template to triaged inbound paper. We’ll show you the deviation report on your own contracts.

Talk to LightCI