Are Your Information Barriers AI-Ready?
It’s one of the most pressing questions we hear from customers right now: what do ethical walls actually look like when AI is embedded in the way your organisation works?
The answer is more complicated than most people realise, and the stakes are higher than they've ever been.
The numbers make the case
The iManage Knowledge Work Benchmark Report found that 85 percent of organisations are piloting AI in some form. That's an extraordinary adoption rate for any technology.
But here's the number from the Benchmark Report that should give pause: 36 percent of those organisations have already experienced a data leak or compliance issue. Not because of a sophisticated external attack, but because of the AI tools they're using every day.
It’s clear that AI adoption has outpaced AI governance. And for organisations that depend on information barriers to do business — law firms, financial services, professional services — the gap between where your AI maturity is and where your governance is can be the thing that lands you in that 36 percent.
The security challenges that existed before AI arrived
Before we get to the AI-specific problems, it's worth noting the security issues that were already there.
Many organisations still operate with largely open document management systems. Most content is accessible by default; only a handful of highly sensitive matters are locked down. That model worked for years — it encouraged knowledge sharing, made collaboration easier, and meant people could find what they needed quickly.
But with AI arriving on the scene and complicating access permissions, many organisations are starting to see the necessity of putting more guardrails in place to secure their content.
The only issue is that moving toward restricted environments is operationally difficult. Access requests multiply. Compliance teams define the requirements but IT teams still carry much of the execution burden. Cultural resistance is real. And when people can't get access through the proper channel, they find less-secure workarounds.
These are the challenges iManage Security Policy Manager (SPM) was built to address. SPM provides a centralised security and governance layer that cascades policies to every downstream system: iManage Work, finance and practice management systems, Microsoft Teams, and AI tools. Ethical walls can be set at a matter, client, or team level. Access request workflows are automated with full audit trails. The admin burden that comes with locking content down doesn't disappear, but it becomes much more manageable.
What AI has changed
The pre-existing challenges are real. But AI introduces three new ones that deserve specific attention.
First: some content should never reach an AI tool. This is probably our most-requested roadmap item right now. Certain matters — child protection cases, for example — carry data privacy implications that make AI involvement unacceptable regardless of governance controls. Today, SPM enforces information barriers across the iManage platform and connected systems. The roadmap work we're doing will extend that to block AI tool access at the client, matter, department, or office level.
Second: AI vaults don't respect ethical walls. Some AI collaboration tools allow users to upload iManage documents protected by an ethical wall to a vault and then share that vault with colleagues. The problem is that a user can share a vault with someone who isn't on the underlying ethical wall, and suddenly, content that was supposed to be restricted is visible to someone who should never have seen it.
We've been working directly with AI vendors on this. It's early, but things are moving in the right direction.
Third: agents are operating without governance. This is the one that concerns me most, because the scale is moving faster than most organizations realize. In one eyebrow-raising example, a senior stakeholder at one global organisation told us that thousands of agents were created inside their organization in mere months.
To illustrate the risk of ungoverned agents: consider an e-signature agent that runs automatically when a document is tagged as ready for signature. Then that agent picks up the wrong file. It builds the signature package around this incorrect file, sends it to the lawyer for approval, the lawyer scans it quickly and misses the error, and the wrong document goes to the other side. The human was in the loop, but they just didn't catch it.
Today, most agents inherit the security of the person who triggers them. But when agents operate autonomously that inheritance breaks down. Humans in approval loops become rubber stamps. Misplaced documents end up in the wrong ethical wall without anyone noticing. And when the underlying model gets updated, agent behaviour can shift overnight without anyone checking.
iManage is actively working with organisations to shape what governance for agents actually looks like in these types of use cases, and for the use cases coming down the road. If your organisation is building or planning to build agents, this is a conversation worth having now.
What you can do today
In our era of rapid growth of AI use, the organisations that avoid having a data leak or compliance issue will be the ones that treat AI governance as an operational requirement, not an afterthought.
To get started on your journey to better governance, sign up for one of our upcoming webinars.
Tuesday, July 07, 2026 | 11:00 AM British Summer Time
Information Barriers in an AI-Enabled World
Tuesday, July 07, 2026 | 10:00 AM Central Daylight Time
Ethical Walls in an AI-Enabled World
Want more personalised information on what iManage Security Policy Manager could do for your organisation? Book a demo with us today.
Scott Nicholson
Senior Product ManagerScott Nicholson has spent more than 10 years working in legal technology, helping legal teams solve complex problems through better products and workflows. His experience spans legal information providers, a global law firm, and enterprise SaaS providers, giving him a practical understanding of how legal work gets done and where technology can make the biggest impact.