I don’t want to create legal risk by using AI. AI hallucinates so I can never fully trust it so I don’t use it — anonymous in-house GC

Of course you shouldn’t let AI run with no human in the loop (especially true for legal), but that doesn’t mean legal can’t use AI to save LOTS of hours…The below chart from ICONIQ shows top AI use cases (published last week). The legal one should be much higher!

So what are the best AI use cases in legal?

I asked my new bestie (she told me I had to say that), Rachel Harris, how she is leveraging AI in legal at her company. Rachel is General Counsel and AI Governance Officer at Suzy, Inc., a Series D tech company.

How I Use AI in Legal

Every time I talk to other lawyers about AI, I hear two extremes: either it’s going to replace us entirely or it’s useless for anything serious. Both are wrong.

The truth? AI is already quietly making legal work faster, easier, and less painful…if you know where to point it. If you’ve ever spent hours fielding repeat questions, or pulling together a 50-state privacy comparison, you know where legal time goes to die.

That’s exactly where AI shines. It will stress-test your templates, automate repetitive tasks, draft usable policies, and even translate tech jargon you might not understand.

Here’s my running list of real-world AI use cases that can help make our day jobs easier.

1. Stress-Testing Templates

One of my team’s favorite use cases is using AI to red-team our own contract templates. Instead of waiting for opposing counsel to push back on the same terms over and over, we ask AI to play the part of a tough opposing lawyer. By doing so, it forces our template contracts to face their weaknesses.

Here’s the kind of prompt you can use:

“You are a seasoned contracts attorney with 40+ years of experience representing customers in highly regulated industries. Think like a risk-averse buyer’s lawyer in a draconian, compliance-heavy industry whose job is to protect the enterprise above all else. You represent the buyer/customer. My company is the vendor. My company’s risk tolerance level is [INSERT]. What’s most important to us in this template is speed to close.

Task: Identify where a sophisticated customer’s lawyer would likely object, negotiate, or slow down the deal; explain why it matters; and propose a redraft.

Instructions: Go clause by clause, one at a time, and ask me before proceeding to the next clause.”

The result? A preview of where negotiations will bog down, plus suggested rewording that speeds time-to-close.

💡Pro tip: Don’t stop with AI. Schedule a think session with your (human) legal colleagues and workshop the flagged areas in real-time.

2. Vendor Contract Reviews (That Don’t Bottleneck the Business)

Nobody going through procurement wants to wait days for Legal to redline a vendor contract. I’ve started using AI to speed up that cycle, but not just for redlines... I also have it generate quick, plain-English summaries for the business owner and for the vendor.

Here’s the structure I like:

• Legal Review & Redlines: classic mark-up based on our playbook, with explanations (insertions in bold, deletions in italics).

Act as a senior SaaS counsel reviewing this vendor MSA. Use a high risk tolerance lens — I want to close fast, minimize redlines, and preserve flexibility over [X] use. Focus on [X] rights, subcontracting, liability caps, and termination language.

• Internal Note: a short, candid summary I can drop into the ticket: “Here are the 2–3 risks that matter, here’s my pushback, here’s how I’d frame it.”

• External Note: a concise, business-friendly message the business owner can paste back to the vendor.

When I do this, deals move faster. Legal looks like a partner, not a bottleneck.

3. Summaries Business Leaders Actually Read

Lawyers think in paragraphs. Business leaders think in bullets. AI can bridge that gap.

For example, I’ll drop in an order form and ask:

“Draft a Slack message I can send to the business owner. Format it as: key risks (plain English), my recommendation, and a decision point (‘approve as-is or push back here — your call’).”

Instead of a three-page memo, they get a three-line Slack. And everyone’s happier.

If you want to push this further, AI can also help you empower business owners to negotiate simple deals on their own. Two things you’ll need for that:

• A vendor contract playbook: your preferred positions, must-haves, and flex points.

• A lightweight procurement guide: a checklist for non-legal owners reviewing vendor contracts or SOWs.

AI can help you draft both.

4. Privacy Patchwork Without the Slog

If you’ve ever been asked, “Can we launch this feature in Germany? How about Brazil?” you know the dread. Normally that means a weeks-long slog building a jurisdiction-by-jurisdiction memo that nobody wants to write (or read).

Now, I can get a first-cut tracker in hours. I built a special “Project” folder in our enterprise ChatGPT that spits out a clean markdown table: country by country, Green/Yellow/Red, with notes on registration, safeguards, localization, and transfer adequacy.

Here’s the kind of instruction I give it:

“Think like an expert privacy lawyer and DPO. Default to enabling the business with guardrails. Use Green/Yellow/Red status. Give me action items if Yellow, blockers if Red.”

The output looks something like this:

Not perfect, but it gets me 30–50% off the starting block. For lean teams, that jump is critical.

The system prompt behind this tracker bakes in:

• Default facts: controller vs. processor roles, DPA + SCCs nuances, basis of processing

• Risk posture: fast-moving, but disciplined and trust-oriented.

• Output rules: Green/Yellow/Red, concise “Legal’s Notes,” cite regulators, and ID governing law so I can verify.

• Failure modes: if unsettled, return Yellow + what would flip it to Green.

Once you’ve set this up, you can run: “France, Germany, Brazil” …and get back a jump-started analysis in minutes that you can drop straight into your tracker.

Is it final advice? Absolutely not. You (human) still have to fact-check. But as a structured first pass, it cuts down the organizational slog dramatically.

5. Policies Without the Blank Page

Like our CFO colleagues, everybody dreads drafting a compliance policy from scratch. Half the time goes into formatting, the other half into making sure it maps to the right frameworks.

Here’s the trick: we don’t just throw a policy prompt into ChatGPT. We’ve built out a project folder (you could do this as a CustomGPT, a knowledge base, or whatever flavor of AI tool you use) that already knows our world. For example, it knows:

• We follow the Secure Controls Framework with crosswalks to ISO 27001, 27701, 42001, SOC 2 Type 2, GDPR, CCPA, etc.

• We structure documentation into policies, procedures, and guidelines, each with its own template.

• We want outputs in those formats, not free-form essays.

With that foundation, I can then prompt:

“Draft a role-based access control policy aligned to SOC 2 Type 2, ISO 27001, and ISO 27701, cross-walked to the Secure Controls Framework.”

The draft comes back 60% there. From there, I can layer on more:

• “Now write the supporting procedure with placeholders for business-specific details.”

• “Now turn this into an auditor-ready evidence checklist.”

Because the AI can reference our preferred structures and frameworks, the drafts slot directly into our compliance library instead of needing to be torn apart and rebuilt. We’ve also seeded it with our pre-completed SIG and CAIQ questionnaires and our catalog of general controls under each framework. That means when I ask for placeholders or business-specific details, it isn’t guessing — it can navigate our control environment and flag the exact gaps that need human input.

The net effect: policies, procedures, and evidence aren’t scattered documents anymore — they’re a living system that’s always audit-ready.

It really does feel like having an assistant who never sleeps.

6. Automating Away Repeat Requests

At growth-stage companies, Legal can feel like a help desk. Five different people will ping you in the same day asking for the SOC 2 report, the ISO cert, or a copy of your standard DPA.

Instead of answering the same question for the fifth time, we built simple automation layers. Here’s an example:

• New request comes in through Jira → automation replies with links to the Trust Portal (for external materials) and our “Trust Brain” CustomGPT (for internal FAQs).

• If the requester still needs help, they can reengage in the ticket which triggers subsequent flows.

The result? About 40–60% of requests close themselves without anyone in Legal & Compliance touching them.

Here’s a flavor of what the auto-reply looks like:

“Thanks for submitting. Before we jump in, please check the Trust Portal [link] — it has our current ISO cert, SOC 2, and DPA. Also try the Trust Brain [link] for past Q&A. If you still need help, reply to this ticket and we’ll take it from there.”

Once you institutionalize the answer once, automation can handle the distribution 24/7.

The real win? You stop being the reactive gatekeeper and start acting like a proactive enabler.

7. Wearing Multiple Hats

Being GC often means you’re the product counsel, the privacy officer, the IP lawyer, and sometimes the AI governance lead — all in the same day. That context-switching is brutal.

I’ve started using AI as a thought partner just to help me structure my own thinking. For example, when we were evaluating migrating to a new third-party solution, I asked:

“Act as my thought partner. Write a legal memo on migrating [X] to a third-party solution. Organize the analysis by role: product counsel, IP counsel, GC, privacy officer, AI governance officer.”

The output wasn’t perfect (none of this ever is). But it forced me to look at the problem from angles I might have missed: product implications, privacy gaps, governance oversight, contract mechanics.

It felt less like AI doing my job and more like having a junior team of specialists handing me rough drafts.

General Tips

Where lawyers get tripped up is trying to boil the ocean. Dropping an 80-page complex agreement into ChatGPT and expecting brilliance is a recipe for disappointment.

AI is like a newbie lawyer:

• Smart, but only as good as your instructions.

• Strong at repetitive and templatized tasks.

• Weak at undefined, sprawling problems.

So think like a project manager and ask yourself:

• What problem am I actually trying to solve?

• Can this be broken down into smaller, repeatable steps?

• Is there an existing defined process?

• Is my process templatized enough to be automated?

• What needs to be true for this task to be automated?

The Bottom Line

AI in legal isn’t about robot lawyers. It’s about eliminating friction:

• Templates that anticipate objections.

• Summaries business leaders actually read.

• Privacy trackers that don’t eat four weeks.

• Policies and audits that don’t eat weekends.

• Brain dumps that organize themselves.

• And yes, teaching yourself new domains in real time.

Start small. Stay practical. And don’t forget your ethics.

Share

Footnotes:

• Thanks Rachel for the awesome write-up! Rachel’s one stipulation for writing this article is I have to include this message to her CFO: “Dear Rachel’s CFO, please give Rachel a $1M legal budget.” 🤣

• Share this newsletter with your legal friends as we tackle interesting legal topics (especially around AI)