← All insights
· Himanshu Sorout

Experiential AI Training for Lawyers Is Necessary. It's Also Not Enough.

Hands-on AI training teaches lawyers how to use the tools. It doesn't stop confidential data from leaking into them. Here's where training ends and protection has to begin.

There’s a clear shift happening in how law firms approach AI. The early instinct — ban it, block it, pretend associates aren’t already pasting clauses into ChatGPT at 11pm — has given way to something more sensible: teach people to use it well. Experiential, hands-on AI training, where lawyers actually work through real prompts on real tasks, is now the default. It’s a genuinely good development. A trained lawyer uses AI better, catches its mistakes faster, and is less likely to do something reckless out of ignorance.

But there’s a quiet assumption hiding inside the training-first approach, and it’s worth pulling into the light: that if you teach people to use AI responsibly, the risk goes away.

It doesn’t. Training and protection are two different things, and confusing them is how firms end up exposed.

What training actually does

Good experiential training changes behavior. It teaches a lawyer:

  • How to prompt well — framing a task so the model produces something useful instead of confident nonsense.
  • How to verify — treating every output as a draft to be checked, not an answer to be trusted, especially on citations and case law.
  • Where AI helps and where it doesn’t — first-pass review and summarization, yes; final judgment and accountability, no.
  • What the firm’s policy is — which tools are sanctioned, what’s off-limits, how to handle client matters.

That’s real value. A firm that trains its people is in a far better position than one that leaves everyone to figure it out alone. None of what follows is an argument against training.

What training can’t do

Training shapes intent. It does not control what actually leaves the building.

Consider the most common failure mode in a firm that has done everything right on the training side. A well-trained, well-meaning associate is under deadline. They have a 40-page agreement full of client-identifying detail and a counterparty’s confidential terms. They know the policy. They’ve been to the workshop. And in the pressure of the moment, they paste the document into an AI tool to get a fast summary — because it’s faster, because they’re tired, and because the training taught them the tool is genuinely useful for exactly this.

The training worked. The protection failed. Privileged client information is now sitting in a third-party system, and no amount of “we covered this in the session” puts it back.

This is the gap. Training operates on the human’s decision in the moment. But the moments where things go wrong are precisely the ones where judgment is degraded — deadline pressure, fatigue, the hundredth document of the day. You cannot train your way to perfect vigilance, because perfect vigilance isn’t a human capability. The exposure isn’t an education problem. It’s a control problem.

Where protection has to begin

The honest version of “responsible AI use in a law firm” has two layers, not one:

  1. Training — so people understand the tools, use them well, and know the rules.
  2. Protection — so that when a trained person makes a mistake under pressure, the sensitive data doesn’t actually leave.

The second layer is what closes the gap the first one leaves open. This is the thinking behind ACCRNOVA Safe Plus. It works at the browser — the point where data is actually about to be shared into an AI tool — and watches for sensitive client and personal information being entered. When something protected is about to leave, it stops it at the point of use, before it reaches the model.

It doesn’t depend on the lawyer remembering the policy in the worst possible moment. It doesn’t slow the firm down or block the tools people have been trained to use. It just enforces the line the training drew — so the firm gets the speed of AI without quietly handing away the confidentiality that makes the client relationship work in the first place.

The framing that actually holds up

If you’re running a firm and someone tells you “we’ve trained our people on AI, so we’re covered” — push on it. Training is the right first move. But ask the follow-up: what happens the day a trained person makes the wrong call under deadline? If the answer is “we trust they won’t,” that’s not a control. That’s a hope.

Train your people. It matters. Then put a layer underneath the training that doesn’t get tired, doesn’t cut corners at 11pm, and doesn’t forget the policy when the deadline is real.

Trained and protected is the whole point.