Your firm is already using AI. The question is whether you know it - and whether it is safe.
Cullis AI consulting meets your firm where it is - from discovering undisclosed AI use and building your first policy, through hands-on training with your actual tools, to deploying a privilege-protected AI system your attorneys can trust.
An associate drafts a brief in ChatGPT. A paralegal pastes client emails into Gemini to summarize them. A partner uses Copilot to analyze a contract without knowing where the data goes. None of them told the firm. None of them thought they needed to. This is shadow AI - and it is happening in every firm that has not specifically addressed it.
Why this matters now
In United States v. Heppner (S.D.N.Y. 2026), a court found that submitting client communications to a consumer AI platform constituted a waiver of attorney-client privilege. ABA Formal Opinion 512 (July 2024) requires attorneys to understand the technology they use well enough to protect client confidentiality. The rules are being written in real time - and the firms that have not addressed AI governance are the ones taking the risk.
Privilege Waiver
Consumer AI platforms may train on submitted content or expose it to third parties. Submitting privileged communications could constitute a waiver - permanently destroying the privilege for that information.
Rule 1.6 Confidentiality Breach
Using AI tools that transmit client data to external servers may violate confidentiality obligations under Rule 1.6, regardless of intent. The breach is in the transmission, not the intent.
Malpractice Exposure
Relying on unverified AI outputs in briefs, opinions, or advice without adequate review creates malpractice risk. Courts are losing patience with AI-generated citation errors.
Competitive Disadvantage
Firms that govern AI well will work faster, at lower cost, and with less risk than those that avoid it entirely. Inaction is a strategic choice with compounding consequences.
Service Tiers
Start where your firm is. Go as far as you need.
Each tier stands alone - you do not need Tier 1 to engage Tier 2, and you do not need to commit beyond the current tier. All work is performed under a Statement of Work with a Not-to-Exceed (NTE) ceiling and written authorization required for any overages.
Tier 1 - Remote
Compliance Foundation
Focus: Shadow AI Audit + Policy Framework
$3,150 - $3,600
7-8 hours NTE at $450/hr
Remote Only
3-4 hrs
Discovery and Shadow AI Interviews
Structured interviews with attorneys and staff to identify undisclosed AI tool usage, document the current state, and surface privilege and confidentiality risks.
3 hrs
Policy Customization and Gap Analysis
Customization of the Cullis AI standardized policy library (approximately 10-15% customization for each firm). Gap analysis against Rules of Professional Conduct.
1 hr
Delivery and Review Session (Remote)
Findings and deliverables presented to firm leadership via Zoom. Q&A and implementation guidance included.
Deliverables
As-is description of current AI tool usage across the firm
Gap analysis against Rules of Professional Conduct
Risk mitigations for each identified gap
Customized AI acceptable use policy
Customized AI use and data handling policy
No DPA required. This engagement is entirely remote and does not require access to client data or firm systems beyond interviews with attorneys and staff.
Tier 2 - Remote + On-Site
Safe Implementation
Focus: Everything in Tier 1, Plus Hands-On Training Day
$6,300 - $6,750
14-15 hours NTE + travel expenses
Remote + On-Site
7-8 hrs
All Tier 1 Activities
Shadow AI interviews, policy customization, gap analysis, and delivery session - all included.
2 hrs
On-Site Training Preparation
Curriculum customized to your firm's specific tools and practice areas - Microsoft Copilot, Google Gemini, or other tools you already pay for.
4 hrs
Half-Day On-Site Training
Hands-on training for all attorneys and paralegals using the Cullis AI Methodology for safe prompting. Mandatory attendance for all legal staff.
1 hr
30-Day Follow-Up Call
Refresher call at 30 days to address adoption questions, reinforce methodology, and assess implementation.
Deliverables
All Tier 1 deliverables
Custom training curriculum for your firm's tools
Half-day on-site training session
Cullis AI safe prompting methodology guide
30-day follow-up and reinforcement call
Travel billed at cost. $200/hr travel time, $250/night lodging, $100/day per diem, IRS standard mileage. Billings-area firms incur no travel charge. No DPA required.
Tier 3 - On-Site
Digital Transformation
Focus: On-Premises RAG Chatbot Build Connected to Your Firm's OneDrive
$13,500 - $20,250
45 hours NTE at $450/hr
On-Site
10-15 hrs
Data Architecture and OneDrive Cleanup
Organize and structure firm documents for optimal retrieval. Define indexing scope, establish folder taxonomy, and prepare the document library for vector indexing.
10-20 hrs
Technical Build and API Configuration
Deploy RAG infrastructure, configure Microsoft Graph API connection, set up vector database, build chat interface, and configure system prompts tuned to your firm's practice areas.
5 hrs
User Acceptance Testing and Admin Training
UAT with firm attorneys and hands-on training for your designated internal admin on basic system maintenance.
5 hrs
Governance Documentation
Ethics compliance documentation, DPA records, billing methodology guidance, and a privilege protection memo for your firm's ethics file.
Deliverables
Deployed on-premises RAG chatbot
Microsoft Graph API / OneDrive integration
Vector database and retrieval configuration
Custom chat interface for attorneys
Governance documentation and DPA
Privilege protection memo for ethics file
DPA required. Client maintains its own Anthropic or Microsoft API account for direct vendor liability. Hardware to Cullis AI spec or existing Azure/AWS instance. Early termination after build plan approval requires 60% of remaining projected balance or $8,000, whichever is greater.
How the on-premises RAG system works
The Cullis AI RAG build gives your attorneys a private AI assistant that searches your firm's own documents without ever sending files to consumer AI platforms. Your data stays inside your own infrastructure.
📁
Your OneDrive Documents
→
⚡
Vector Database
→
💬
Attorney Chat Interface
→
🔒
Your API Account
→
✅
Answer with Source Citation
Why this matters legally: In United States v. Heppner (S.D.N.Y. 2026), a court found that submitting client communications to a consumer AI platform waived attorney-client privilege. The Cullis AI RAG build routes queries through your own API account and never transmits privileged content to a shared consumer platform - directly addressing the Heppner risk.
Monthly Retainer
$1,000 / mo
Includes up to 2 hours of on-call consultation and troubleshooting per month. Overages billed at $450/hr. Provides guaranteed response time and priority access.
Non-Retained Support
$500 / hr
4-hour minimum if travel is required, plus travel costs at cost. No guaranteed response time. Available for ad hoc system questions or updates outside of a retainer agreement.
Billing Model
NTE billing. No surprises.
Every engagement begins with a Statement of Work setting an estimated hour range and a Not-to-Exceed ceiling. Written authorization is required before any overage. Attorneys understand billable-hour economics - this model respects that.
Consulting Rate Structure
A single hourly rate applies across all three tiers. The rate is the same whether you are in a Tier 1 discovery call or a Tier 3 build sprint. NTE billing means your SOW ceiling is guaranteed.
All consulting work (Tiers 1-3)$450 / hr
Travel time$200 / hr
Lodging$250 / night
Per diem (meals and incidentals)$100 / day
MileageIRS standard rate
Non-retained post-Tier 3 support$500 / hr
How NTE Billing Works
Before work begins, Jake issues a Statement of Work with an estimated hour range and a written NTE ceiling. If the engagement approaches the ceiling, Jake stops and seeks written authorization before proceeding. You will never receive an invoice that exceeds your approved NTE without having signed off on it first.
Tier 1 NTE7-8 hours
Tier 2 NTE14-15 hours
Tier 3 NTE45 hours
Overage authorizationWritten required
Billings-area travel chargeNone
Scope change provision for Tier 3
The Tier 3 NTE assumes a reasonably organized document structure. If discovery reveals significant data architecture remediation that was not apparent at intake, a revised estimate will be provided for written approval before additional work proceeds. The analysis phase off-ramp is always available - clients may discontinue after the data architecture and analysis phase at no penalty.
Which Tier Fits You
Start with a conversation, not a commitment
Most firms start with Tier 1. The engagement naturally reveals whether Tier 2 or 3 makes sense. You are never pressured to proceed beyond your current tier.
Tier 1 - Compliance Foundation
Right for your firm if...
You have no AI policy in place
You suspect attorneys are using AI tools informally
You want to address Rule 1.1 and 1.6 compliance now
You need a policy framework before the next bar inquiry
Budget is a primary constraint
Tier 2 - Safe Implementation
Right for your firm if...
You already pay for Microsoft Copilot or Google Gemini
Attorneys are not using those tools safely or consistently
You want hands-on training, not just a policy document
Firm has 5-25 attorneys
Leadership wants accountability for AI adoption
Tier 3 - Digital Transformation
Right for your firm if...
You want a private AI that searches your own documents
Privilege protection in AI workflows is a priority
You use OneDrive and Microsoft 365
You have handled Tier 1 and 2 work already
You want a competitive technology edge
Get Started
Ready to find out where your firm stands?
Every engagement begins with a no-cost introductory call to assess your firm's situation and determine which tier is the right starting point. Reach out to Jake directly to schedule that conversation.
