Our Take
The governance layer is the actual product; connecting agents to systems is commodity work.
Why it matters
Law firms are moving past AI experimentation and hitting the wall on accountability and auditability. Regulators and clients now expect proof of control, not just access to tools.
Do this week
Legal operations leaders: map your current AI agent deployments against Autologyx's permission model (user, group, process, matter, client, data set, workflow stage) before Q3 budget reviews to identify governance gaps.
Autologyx extends platform with agent governance
Autologyx announced 15 June MCP-enabled capabilities that allow AI agents to operate directly within its governance platform rather than as standalone tools. Agents now participate in workflows (record updates, task creation, document generation, matter progression) while operating under the platform's permission model and remaining auditable.
The new capabilities include granular control over what agents can access and act upon, scoped by user, group, process, matter, client, data set, or workflow stage. Organisations can determine both user permissions and what data or actions a specific agent and model are permitted to use on their behalf.
Autologyx also introduced enhanced audit and monitoring functionality that tracks interactions, context, model outputs, tool usage, workflow activity, and resulting actions. Every action remains linked to the relevant matter, process, document, or record, creating a unified timeline reviewable by operational, risk, compliance, and legal teams.
Ben Stoneham, founder and chief technology officer at Autologyx, stated that "connecting AI agents to systems is the easy part. The real challenge is governing what happens once they are connected." He framed the shift as one from AI pilots and point solutions to operationalising AI safely. The new functionality will be showcased at LegalTechTalk 2026.
The governance gap is the actual blocker for law firms
Law firms have invested heavily in AI pilots over the past two years. Most now face a different problem: they need visibility, accountability, and control across AI-assisted work, not just access to better models. Regulated organisations operate under client and regulatory expectations that agents performing actions in client matters must be attributable, auditable, and subject to human oversight.
As agents become more capable and more integrated into business processes, the ability to answer "which agent performed this action, under what authority, against which data, and with what outcome" becomes non-negotiable. Today, most AI deployments still involve significant human oversight; tomorrow, autonomous agents will require stronger mechanisms for attribution and control. Platforms that bake governance into the execution layer, rather than bolting it on afterward, will reduce both operational friction and compliance risk.
Audit your current agent deployments for permission coverage
If your firm is running AI agents in any client-facing or regulated workflow, check whether each agent operates under a defined permission model. Autologyx's scoping approach (user, group, process, matter, client, data set, workflow stage) is a useful template. If your agents today have broad access or are managed outside your primary workflow platform, you have a governance gap that regulators and clients will ask about. Start documenting what each agent can see and do, and map that against your existing role-based access control architecture. This is not a future problem; it is a current audit question.