Warning: Legal AI Risks Exposed — Expert Tips to Avoid Costly Build vs Buy Mistakes

Legal AI in Practice: Governance, Build vs Buy Decisions

By Nayan Savaliya • January 15, 2026

Don’t get blindsided by vendor pitfalls. Troutman Pepper’s AI lead reveals governance gaps, when to build vs buy, and essential due diligence steps — listen to The Good Bot now or risk costly mistakes.

Legal firms must prioritize governance frameworks before deploying AI; weak oversight creates regulatory and ethical risk.
Build vs. buy decisions hinge on speed, cost, control, and risk appetite; many firms underestimate vendor dependencies.
Vendor due diligence — data handling, IP, security, and model provenance — is now table stakes for legal AI procurement.
Practical steps and governance playbooks were discussed by Leigh Zeiser on The Good Bot podcast, sharing lessons for law firms.

Legal AI in Practice: Key takeaways from The Good Bot podcast

What happened

On The Good Bot podcast, host Brett Mason interviewed Leigh Zeiser, director of AI and automation at Troutman Pepper Locke, to unpack how law firms are approaching governance, the trade-offs between building versus buying AI, and best practices for vendor due diligence. The conversation highlighted practical governance priorities and warned that rushed AI adoption can expose firms to compliance, ethical, and security risks.

Firm governance: start with guardrails

Zeiser emphasizes that governance should lead any AI initiative. That means clear ownership, documented policies for acceptable use, and cross-functional review processes that include legal, security, privacy, and practice-group leaders. Without these guardrails, AI projects can drift from purpose to liability — creating predictable reputational and regulatory exposures.

Build vs. buy: a pragmatic framework

The podcast outlines the core decision factors firms must weigh: time-to-market, total cost of ownership, need for customization, and control over data and IP. Building in-house offers control but demands ongoing engineering and governance investment; buying expedites capability but introduces vendor risk and potential lock-in. Zeiser recommends a hybrid approach in many cases: buy standard building blocks and invest internally where competitive advantage or client confidentiality demands bespoke solutions.

Questions to guide the decision

Is the capability core to the firm’s competitive advantage?
Can the firm sustain ongoing model maintenance and monitoring?
How sensitive is the underlying data and what protections are required?

Vendor due diligence: what to insist on

Zeiser underscores that vendor vetting must be rigorous. Key diligence areas include data provenance and retention policies, model training sources, security certifications, SLA terms, liability allocation, and exit/transition plans. Contracts should address IP ownership of derivative outputs, permitted uses, and audit rights. These safeguards reduce surprises and preserve client confidentiality.

Practical next steps for firms

Start small with pilot projects governed by a cross-disciplinary review board, codify policies for acceptable AI use, and standardize vendor assessment checklists. Maintain transparency with clients about AI use where appropriate to protect trust and comply with ethical obligations.

Why this matters

As legal AI matures, firms that pair cautious governance with pragmatic build-vs-buy choices and rigorous vendor due diligence will avoid costly mistakes and gain sustainable advantage. The Good Bot episode with Leigh Zeiser serves as a timely reminder: speed is important, but control and oversight are non-negotiable.

Listen to The Good Bot podcast episode for fuller insights and practical examples from a leading in-house AI practitioner.

Image Referance: https://www.jdsupra.com/legalnews/legal-ai-in-practice-firm-governance-b-69306/