This is the fifth post in the Honswer editorial series. The previous post, The boring automation that makes AI work, argued that deterministic process design should come before generative AI. This post turns to what happens when AI does enter the picture: the specific risks it introduces, and the control architecture that contains each one.
Risk is not one thing
Most partners approach AI risk as a single, undifferentiated worry. “Is it safe?” The honest answer is that the question is malformed. AI does not carry one risk. It carries several distinct ones, and they do not share a control strategy.
This matters because a single-worry framing produces two failure modes, both expensive. The first is paralysis: the firm treats “AI is risky” as a reason to do nothing, and watches competitors recover capacity it leaves on the table. The second is recklessness: the firm decides the risk is overblown, pastes a privileged document into a public chatbot, and discovers the specifics the hard way.
Neither response is risk management. Risk management means naming each distinct exposure and matching it to a control. A firm that has done this can say precisely what it has protected against and how. That is the difference between a system and a toy.
There are five risk categories that matter for law, accounting, and medical practices. Each gets its own section below, with a concrete scenario, the control that neutralizes it, and the Honswer pillar it maps to. None of these risks is a reason to avoid AI. Each is a reason to architect it.
Risk one: hallucination
A language model generates fluent, confident, plausible text. Fluency and accuracy are not the same property, and the model does not know the difference. When it lacks a fact, it does not stop. It produces something that reads exactly like the truth.
The scenario is now familiar enough to have its own case law. An associate asks an AI tool to find supporting authority for a motion. The tool returns three cases with names, citations, and quoted holdings. Two of them do not exist. The brief gets filed. The court does not find the cases amusing. The same failure shows up in accounting as invented figures that foot perfectly, and in medicine as a confidently summarized contraindication that the source never stated.
The control is a verification layer, not vigilance. Telling staff to “double-check the AI” is a policy, and policies erode under deadline pressure. The architectural answer is to require every factual claim to be traceable to a source the system can link to, to gate high-stakes outputs behind mandatory human review, and to run deterministic checks that confirm a cited case, code section, or figure actually exists before the output is allowed to proceed. The model proposes; the system verifies; the human approves.
This is a Programmatic Intelligence problem, the deterministic layer described in AI alone is not a system. The fix is structure around the model, not a better model.
Risk two: data leakage
Sensitive client information enters a model that is not private, and the firm loses control of where it goes. A public AI service may retain prompts, use them to train future models, or route them through infrastructure the firm has never assessed. For a practice that handles privileged communications or protected health information, that is a breach in waiting.
The scenario rarely looks dramatic. A paralegal pastes a full client matter into a consumer chatbot to “get a quick summary.” A tax associate uploads a return to a free tool to “check the math.” No malice, no warning, and now privileged or regulated data sits on a third party’s servers under terms nobody at the firm has read.
The control is deployment architecture and data classification, set before anyone touches a tool. Private or dedicated model deployments keep data inside the firm’s tenant. Data classification at the point of ingestion determines what is allowed to reach which system, so privileged content can never travel to a public API by accident. The rule is enforced by the system, not left to the discretion of whoever is under deadline: privacy is an infrastructure decision made up front, not a behavior requested after the fact.
Risk three: procedural drift
This is the risk that compounds, and the one firms notice last. In a multi-step workflow, each step builds on the output of the one before it. A small AI-introduced deviation at step one becomes the foundation for step two, which adds its own small deviation, and so on. The errors do not stay small. They accumulate. By the end of a long workflow, the output can sit far from what anyone intended, with no single obvious mistake to point to.
Consider an automated matter-handling sequence: intake, issue classification, document assembly, and a draft client letter, each stage feeding the next. A minor misclassification at the start is not caught, so the wrong template loads, so the draft addresses the wrong obligations, so the letter is confidently, coherently wrong. Every step did its job correctly given the flawed input it received.
The control is checkpoint architecture. A checkpoint is a structured sync point along the workflow where a human or a rule engine validates the state before the next step proceeds. The economics are decisive: catching a deviation at step one costs a moment of review, while unwinding it after step four means reconstructing everything built on the unsound foundation. The path with checkpoints wobbles but stays close to intent and finishes well aligned. The path of full autonomy drifts further at every step and finishes far from the target. It is cheaper to correct at each checkpoint than to rebuild from unsound foundations.
This is the case for oversight over autonomy, and it is a governance decision. Checkpoints are the Programmatic Intelligence and Human Intelligence layers working together.
Risk four: compliance and regulatory exposure
AI can produce an output that is useful and still impermissible. A summary that is accurate but reveals privileged information to the wrong recipient. A workflow that processes protected health information without a Business Associate Agreement in place. A document trail that an auditor cannot reconstruct. The output looks fine. The regulatory posture is not.
The scenario for a regulated firm is rarely the headline breach. It is the quiet accumulation of practices that would not survive scrutiny: AI handling of client data with no record of what was processed, no documented basis for a decision the system influenced, and no way to demonstrate to a bar association, a regulator, or an auditor that controls were in place. The exposure is invisible until the moment it is examined, at which point it is not invisible at all.
The control is compliance-by-design and audit trails. The regulatory requirements are translated into deterministic guardrails the system enforces every time, not guidelines staff are asked to remember. Every AI-influenced action is logged: what triggered it, what data it touched, which rule governed it, who approved it, and when. When the question comes, the answer is a record, not a recollection.
This is Programmatic Intelligence again, applied to obligation rather than accuracy. Compliance is an architecture problem, not a policy problem.
Risk five: over-automation
The final risk runs the opposite direction from the others. It is not that AI does its job badly. It is that AI is assigned a job it should never have held. Some work in a professional practice requires judgment, empathy, or accountability that cannot be delegated to a model regardless of how well it performs. Automating it does not save time. It removes the human from a decision where the human was the point.
The scenarios are the ones that damage trust rather than accuracy: an AI system delivering a difficult diagnosis without a clinician, an automated tool making a final call on a sensitive client matter that turns on context no model holds, a chatbot handling a distressed client where presence was the service. The task may even be performed competently. It was still the wrong task to automate.
The control is the decision matrix from Human, AI, automation, or hybrid: a decision framework for professional firms. Before automating anything, the firm places the task on the matrix and confirms it belongs in the automation quadrant: high frequency, low need for human judgment. Work that turns on judgment, relationship, or professional accountability stays with the professional, possibly assisted by AI, never replaced by it. Knowing what not to automate is a design decision, and it is the Human Intelligence layer doing its job.
These are controls, not reasons to wait
Five risks, five different controls. A verification layer for hallucination. Deployment architecture and data classification for leakage. Checkpoints for procedural drift. Compliance-by-design and audit trails for regulatory exposure. The decision matrix for over-automation. The list is not a warning against AI. It is a specification for deploying it responsibly.
The firms that get hurt are not the ones that took AI seriously. They are the ones that treated it as a single yes-or-no question and answered too fast in either direction. A practice that can name its five exposures and show the control on each is not being cautious for its own sake. In a regulated profession, that is what competence looks like, and it is what makes everything built on top of it defensible.
