Glyphward

Contract document AI · Litigation e-discovery AI · Regulatory filing compliance AI · M&A due diligence AI

Prompt injection in legal and litigation AI

Legal and litigation AI has become the operational infrastructure of contract obligation management, e-discovery privilege review, regulatory compliance verification, and M&A due diligence across the Am Law 200 and global commercial legal market at a scale that concentrates UCC contract enforcement determination, FRCP discovery compliance, SEC and SOX regulatory filing accuracy, and securities due diligence obligation management in AI systems that process untrusted document image inputs at every critical juncture of the legal matter lifecycle: Thomson Reuters Westlaw AI and CoCounsel AI are deployed at Am Law 200 law firms and enterprise legal departments globally, processing legal research documents, contract clause images, and regulatory compliance document photographs through AI-assisted legal research, contract analysis, and regulatory compliance classification tools that govern which contract obligations are identified in due diligence reviews, which regulatory requirements apply to a client’s disclosed activities, and what legal risk factors are surfaced in deal documentation with client legal advice and professional liability consequences; LexisNexis Lexis+ AI is deployed globally at law firms, in-house legal departments, and regulatory compliance teams at financial institutions, processing legal document scans, contract photographs, and regulatory filing images through AI-assisted legal analysis, contract review, and regulatory compliance monitoring tools; Harvey AI is deployed at Am Law 200 firms including Allen & Overy, Linklaters, and Milbank through A16z-backed commercial agreements, processing contract document scans, regulatory filing images, and transactional document photographs through AI-assisted contract review, regulatory analysis, and due diligence workflows that Am Law 200 lawyers rely upon for deal execution, compliance advice, and litigation support with professional liability and bar admission rule dimensions; Relativity AI is deployed at Am Law 200 firms and corporate litigation teams in more than 40 countries, processing litigation document sets through AI-assisted privilege review, responsiveness classification, and document coding tools used in FRCP Rule 26(b) discovery compliance workflows that determine which documents are produced and which are withheld on privilege grounds with FRCP Rule 37(e) ESI sanctions, FRE 502 privilege waiver, and 18 USC §1512 obstruction of justice dimensions; Litera AI deploys contract management and document comparison tools that process contract document photographs through AI-assisted obligation extraction and change detection tools used by transactional lawyers at Am Law 200 firms for contract execution and amendment review; Ironclad AI deploys contract lifecycle management tools at more than 1,000 enterprise customers, processing executed contract document images through AI-assisted obligation monitoring, renewal term identification, and regulatory compliance flag generation with UCC Article 2 contract enforcement and commercial liability consequences; DISCO AI is deployed at more than 3,000 law firms globally, processing litigation document sets through AI-assisted e-discovery privilege review, responsiveness classification, and legal hold compliance tools used in complex commercial litigation and regulatory investigation matters; Contract Logix AI processes contract management and compliance monitoring document images through AI-assisted obligation extraction and compliance status tracking tools; Luminance AI deploys contract review and due diligence tools at more than 100 countries including HSBC, Deloitte Legal, and global law firms, processing contract document photographs through AI-assisted anomaly detection, obligation identification, and regulatory compliance classification with M&A due diligence and financial institution compliance dimensions; and Kira Systems AI deploys contract review tools at Big Four accounting firms and Am Law 200 partners, processing M&A transaction document images through AI-assisted due diligence obligation extraction and risk factor identification. Each of these legal and litigation AI platforms shares a structural vulnerability that creates adversarial document image injection exposure with direct professional liability, e-discovery sanctions, securities compliance, and transactional legal consequence: they depend on contract document photographs, litigation exhibit scans, regulatory filing images, and due diligence document images that pass through AI processing layers before their output governs contract obligation identification, privilege determination, regulatory compliance classification, and material liability disclosure — and they operate under frameworks where AI output manipulation creates UCC Article 2 contract enforcement failures, FRCP Rule 37(e) ESI sanctions exposure, FRE 502 inadvertent privilege waiver, 18 USC §1512 obstruction of justice liability, and Sarbanes-Oxley §302 CEO/CFO certification inaccuracy of substantial professional and criminal severity.

TL;DR

Legal and litigation AI platforms — Thomson Reuters Westlaw AI, LexisNexis Lexis+ AI, Harvey AI, Relativity AI, DISCO AI, Ironclad AI, Litera AI, Luminance AI, Kira Systems AI — process contract document photographs, litigation exhibit document scans, regulatory filing compliance images, and M&A due diligence document images through AI-assisted contract obligation extraction, e-discovery privilege review, regulatory compliance classification, and transactional risk identification pipelines. Adversarially crafted document images submitted through Ironclad or Litera contract management platform scan interfaces, Relativity or DISCO e-discovery document processing channels, Thomson Reuters or LexisNexis regulatory filing compliance analysis platforms, and Harvey or Luminance M&A due diligence document review interfaces can cause AI systems to suppress contract renewal obligation flags that would otherwise trigger client notification, conceal privilege markers causing inadvertent FRE 502 waiver in e-discovery production, hide SEC/SOX regulatory compliance indicators requiring reporting, and mask material liability disclosures that would affect M&A deal pricing or representation and warranty insurance coverage — triggering UCC Article 2 contract misrepresentation liability, FRCP Rule 37(e) ESI sanctions, FRE 502 privilege waiver, 18 USC §1512 obstruction of justice, and Sarbanes-Oxley §302 CEO/CFO certification exposure. Glyphward scans each image at the ingestion boundary with a threshold of ≥ 60 for contract document AI and regulatory filing AI and ≥ 65 for litigation exhibit AI and M&A due diligence AI. Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in legal and litigation AI

1. Contract document photograph injection (Ironclad AI, Litera AI, Kira Systems AI)

Contract document photograph AI processes scanned images of executed commercial agreements, vendor contracts, lease agreements, and transactional document packages submitted through Ironclad AI contract lifecycle management platforms at more than 1,000 enterprise customers, Litera AI contract management and document comparison tools at Am Law 200 transactional law firms, and Kira Systems AI contract review tools at Big Four accounting firms and Am Law 200 lawyers, extracting contract obligation identifications — renewal terms, auto-renewal notice deadlines, payment milestones, termination rights, change-of-control provisions, indemnification obligations, limitation of liability clauses — from executed contract document image inputs, generating contract obligation monitoring records, renewal notification alerts, compliance milestone tracking entries, and UCC Article 2 contract term extraction summaries that enterprise legal departments, law firm transaction teams, and accounting firm due diligence teams depend upon for contract obligation compliance management, deal due diligence, and corporate legal risk management. Ironclad AI processes executed contract document images through AI-assisted obligation extraction and renewal term monitoring tools at enterprise customers whose contract portfolios span hundreds to thousands of active vendor and customer agreements; its AI-generated obligation monitoring records are used by enterprise legal operations teams for contract renewal deadline management with commercial contract continuation or lapse consequences. Kira Systems AI processes M&A transaction document images at Big Four and Am Law 200 due diligence teams, with AI-assisted contract obligation extraction tools generating due diligence findings reports used by deal teams to identify material contract obligations, change-of-control consent requirements, assignment restrictions, and liability cap structures in target company contract portfolios.

The adversarial injection surface is the executed contract document photograph submission pathway: scanned contract images submitted through Ironclad AI contract lifecycle management interfaces or Kira Systems AI contract review tools for AI renewal term extraction, obligation identification, and UCC Article 2 contract term classification. An adversarially crafted contract document photograph — in which pixel perturbations applied to the auto-renewal notice deadline clause text region, the change-of-control consent requirement paragraph visual marker, or the indemnification obligation scope limitation text area in a scanned contract document image cause the AI to classify a contract with a 90-day auto-renewal notice deadline as a standard evergreen contract with no imminent renewal action required, or to omit a change-of-control consent obligation from the AI-extracted obligation list, when the actual document image contains a material auto-renewal deadline or a change-of-control consent right that will expire without the AI-generated reminder trigger — can suppress an obligation flag that would otherwise generate a contract renewal notification or M&A deal team consent coordination action. In enterprise contract management environments where Ironclad AI processes hundreds of vendor contract renewals per year using AI-assisted renewal monitoring without individual legal operations team review of each contract image, adversarial suppression of auto-renewal notice deadline flags allows renewal windows to lapse without client notification, creating commercial consequences including unwanted contract continuation or loss of termination rights.

The legal and liability consequences of adversarially suppressed contract obligation detection in contract management AI span UCC Article 2 contract enforcement, contract misrepresentation, and M&A deal liability dimensions. UCC Article 2 (Sale of Goods) governs commercial contract enforcement in all US jurisdictions; adversarial manipulation of contract document AI that suppresses the identification of a material contractual obligation — a payment milestone, delivery condition, warranty term, or termination right — creates a contract performance risk when the suppressed obligation triggers without the party’s AI-assisted monitoring system generating the required action alert, with breach-of-contract liability consequences for the party that failed to perform the suppressed obligation on time. M&A due diligence contract review is particularly exposed: adversarial suppression of a change-of-control consent obligation in a key customer contract that Kira Systems AI fails to identify during deal due diligence allows the transaction to close without obtaining required third-party consent, creating post-closing contract termination risk if the counterparty exercises its change-of-control termination right, with representation-and-warranty insurance claim dimensions for a breach of the “no consent required” representation in the acquisition agreement. Law firm professional liability exposure arises when AI-assisted contract review tools deployed by Am Law 200 firms generate false obligation summaries that lawyers rely upon to advise clients; adversarial manipulation of Litera or Kira Systems AI tools that causes material contract obligations to be omitted from AI-generated summaries creates professional negligence exposure for lawyers whose advice was grounded in AI-generated obligation extraction outputs. Threshold: 60 for contract document AI — reflecting the UCC contract enforcement, M&A deal liability, and law firm professional negligence dimensions of suppressed contract obligation detection.

2. Litigation exhibit document injection (Relativity AI, DISCO AI)

Litigation exhibit document AI processes scanned litigation document sets, ESI review batches, regulatory investigation document productions, and privilege log documentation images submitted through Relativity AI e-discovery platforms at Am Law 200 firms and corporate litigation departments in more than 40 countries, DISCO AI e-discovery tools at more than 3,000 law firms globally, and integrated litigation support platform document review interfaces, extracting attorney-client privilege indicators — attorney-to-client communication markers, work product doctrine qualified document identifications, joint defence privilege pattern scores — responsiveness classifications, and FRCP Rule 26(b)(1) relevance scores from litigation document image inputs, generating privilege log entries, responsiveness determination records, and FRCP Rule 26(a)(1) initial disclosure compliance documentation that law firms and corporate legal departments depend upon for FRCP Rule 26(b) discovery compliance with Rule 37(e) ESI sanctions, FRE 502 privilege waiver, and 18 USC §1512 obstruction of justice dimensions. Relativity AI processes multi-terabyte litigation document sets at Am Law 200 complex commercial litigation practices and corporate legal departments, with AI-assisted document coding and privilege review tools generating the privilege determinations and responsiveness classifications that govern which documents are produced in FRCP Rule 34 document requests and which are withheld on privilege grounds in FRCP Rule 26(b)(5) privilege logs. DISCO AI processes litigation document review at more than 3,000 law firms, with AI-assisted privilege identification, responsiveness scoring, and production classification tools used in complex commercial litigation, securities class action, antitrust investigation, and regulatory enforcement matters where the volume of documents to be reviewed makes individual attorney review of each document impracticable without AI-assisted pre-coding.

The adversarial injection surface is the litigation document scan and ESI review image submission pathway: FRCP discovery document scans and ESI production images submitted through Relativity AI or DISCO AI e-discovery platforms for AI privilege identification, responsiveness classification, and FRCP production determination. An adversarially crafted litigation document scan image — in which pixel perturbations applied to the attorney-to-client salutation text region, the work product legal strategy discussion paragraph visual marker, or the “PRIVILEGED AND CONFIDENTIAL — ATTORNEY-CLIENT COMMUNICATION” header legend in a scanned email or memorandum image cause the AI to classify a privileged attorney-client communication as a non-privileged responsive document meeting FRCP Rule 34 production criteria when the actual document image contains clear attorney-client privilege markers that the privilege review attorney would have identified and withheld from production — can suppress a privilege identification that would otherwise add the document to the FRCP Rule 26(b)(5) privilege log and withhold it from the opposing party production set. In large-scale litigation document review environments where Relativity AI or DISCO AI processes hundreds of thousands to millions of document images as the primary privilege identification mechanism with attorney review limited to spot-check validation of AI-coded privilege determinations, adversarial suppression of privilege markers across a targeted document subset causes privileged attorney-client communications or work product materials to be produced to opposing counsel without the FRCP Rule 26(b)(5) privilege log entry that would preserve the privilege.

The legal consequences of adversarially suppressed privilege detection in e-discovery AI span FRE 502 inadvertent privilege waiver, FRCP Rule 37(e) ESI sanctions, and 18 USC §1512 obstruction of justice dimensions of exceptional severity. FRE 502 (Attorney-Client Privilege and Work Product; Limitations on Waiver) provides a framework for addressing inadvertent privilege waiver in federal court proceedings; however, the inadvertent disclosure protection under FRE 502(b) requires that the privilege holder took reasonable steps to prevent disclosure — and adversarial manipulation of AI privilege review tools that causes a systematic failure to identify privilege markers may be characterised by opposing counsel as a failure of reasonable steps, creating privilege waiver risk for the produced communications even with a FRE 502(d) clawback order in place. FRCP Rule 37(e) (Failure to Preserve Electronically Stored Information) creates sanctions authority for courts when ESI is lost or destroyed; adversarial manipulation of privilege review AI that causes privileged documents to be produced and then subjected to a clawback motion may create a spoliation controversy if the clawback process results in further ESI handling complications. The most severe legal consequence — 18 USC §1512 obstruction of justice — applies when an actor knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede a federal investigation or proceeding; adversarial manipulation of DISCO AI or Relativity AI e-discovery privilege review tools with the intent to suppress privilege identification for documents responsive to federal regulatory investigation subpoenas or federal grand jury document requests constitutes an 18 USC §1512(c) obstruction predicate with felony criminal liability. Threshold: 65 for litigation exhibit document AI — reflecting the FRE 502 privilege waiver, FRCP Rule 37(e) sanctions, and 18 USC §1512 obstruction criminal liability dimensions of suppressed privilege marker detection.

3. Regulatory filing document injection (Thomson Reuters AI, LexisNexis AI)

Regulatory filing document AI processes scanned SEC filing document images, FINRA regulatory submission photographs, Sarbanes-Oxley Section 302 CEO/CFO certification document scans, and financial regulatory compliance filing images submitted through Thomson Reuters Westlaw AI and CoCounsel AI regulatory compliance analysis tools, LexisNexis Lexis+ AI regulatory monitoring platforms, and integrated regulatory compliance management system document processing interfaces, extracting SEC disclosure obligation compliance indicators — material event disclosure requirements, Form 8-K triggering event identifications, Form 10-K risk factor accuracy assessments, proxy statement compliance flags — SOX §302 CEO/CFO internal control over financial reporting certification accuracy scores, FINRA regulatory compliance requirement identifications, and applicable regulatory requirement classifications from regulatory filing document image inputs, generating regulatory compliance status records, SEC disclosure obligation monitoring entries, SOX internal control assessment documentation, and regulatory filing accuracy certifications that public company legal departments, outside securities counsel, and compliance officers depend upon for SEC and FINRA regulatory compliance management with SOX §302 CEO/CFO certification, SEC Rule 10b-5 securities fraud, and FINRA Rule 2010 standards of commercial honour and principles of trade dimensions. Thomson Reuters Westlaw AI and CoCounsel AI are deployed at Am Law 200 securities practices and public company legal departments, processing SEC filing document scans and regulatory analysis requests through AI-assisted securities law research, disclosure obligation identification, and SOX compliance review tools that guide public company disclosure decisions with SOX §302/906 CEO/CFO certification accountability. LexisNexis Lexis+ AI processes regulatory compliance monitoring document images at financial institutions, public company legal departments, and compliance consultancies, with AI-assisted regulatory requirement tracking and compliance status classification tools generating the regulatory compliance records that compliance officers use for internal control over financial reporting documentation.

The adversarial injection surface is the SEC regulatory filing document scan and compliance monitoring image submission pathway: SEC Form 8-K, Form 10-K, proxy statement, and FINRA regulatory submission document images submitted through Thomson Reuters CoCounsel AI or LexisNexis Lexis+ AI regulatory compliance analysis tools for AI disclosure obligation identification, SOX §302 certification accuracy assessment, and FINRA requirement classification. An adversarially crafted SEC Form 10-K document scan image — in which pixel perturbations applied to the material risk factor disclosure paragraph text region, the related-party transaction disclosure identification visual marker, or the internal control over financial reporting material weakness discussion text area in a Form 10-K scanned page cause the AI to classify a 10-K filing with a material omission in the risk factors or related-party disclosure sections as a complete and accurate disclosure meeting SEC Regulation S-K disclosure requirement criteria when the actual document image contains a material disclosure gap that would require 8-K amendment or proxy statement correction — can suppress a regulatory compliance deficiency flag that would otherwise generate a disclosure obligation corrective action recommendation. In public company legal operations environments where AI-assisted regulatory compliance review tools process SEC filing drafts and identify disclosure requirement gaps before the CFO and CEO sign the SOX §302 certification, adversarial suppression of a material disclosure omission flag allows the omission to proceed to the filed document with SOX §302 certification exposure for the certifying executive.

The regulatory and criminal consequences of adversarially suppressed regulatory filing compliance detection span SOX §302 CEO/CFO certification liability, SEC Rule 10b-5 securities fraud, and FINRA enforcement dimensions. SOX §302 (Corporate Responsibility for Financial Reports) requires the CEO and CFO of a public company to certify in each annual and quarterly SEC filing that they have reviewed the report, that to their knowledge the report does not contain any untrue statement of material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading; adversarial manipulation of Thomson Reuters or LexisNexis AI regulatory compliance review tools that suppresses a material disclosure omission identification allows the CEO and CFO to sign a §302 certification without being alerted to the omission, creating a §302 certification exposure when the undisclosed material fact subsequently becomes public. SEC Rule 10b-5 (Employment of Manipulative and Deceptive Devices) prohibits any person from making any untrue statement of a material fact or omitting to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading, in connection with the purchase or sale of any security; adversarial suppression of a material disclosure omission in SEC filing compliance AI creates a 10b-5 fraud exposure for the issuer when the undisclosed fact affects the security’s market price and investors suffer loss from the non-disclosure. FINRA Rule 2010 (Standards of Commercial Honor and Principles of Trade) requires FINRA member firms to observe high standards of commercial honour and just and equitable principles of trade; adversarial manipulation of LexisNexis AI regulatory compliance tools deployed at FINRA member firms to suppress applicable regulatory requirement identifications creates a Rule 2010 compliance failure with FINRA enforcement authority consequences. Threshold: 60 for regulatory filing document AI — reflecting the SOX §302 CEO/CFO certification, SEC Rule 10b-5, and FINRA enforcement dimensions of suppressed regulatory compliance obligation detection.

4. Deal document due diligence injection (Harvey AI, Luminance AI)

Deal document due diligence AI processes M&A transaction document packages — acquisition agreement drafts, target company contract portfolios, employment agreement collections, IP assignment documentation, environmental compliance record images, and disclosure schedule document photographs — submitted through Harvey AI M&A due diligence tools at Allen & Overy, Linklaters, Milbank, and Am Law 200 firm M&A practices, Luminance AI contract review and due diligence tools at HSBC, Deloitte Legal, and global law firms in more than 100 countries, and integrated M&A deal management platform document review interfaces, extracting material liability indicators — undisclosed litigation obligations, environmental remediation liabilities, pension deficit funding obligations, IP ownership gap identifications, regulatory non-compliance exposure assessments, and representations and warranties accuracy scoring — from M&A transaction document image inputs, generating due diligence findings reports, representation and warranty insurance (RWI) underwriting submissions, and acquisition agreement disclosure schedule review entries that M&A deal teams, RWI underwriters, and dealmakers depend upon for transaction risk pricing, RWI policy coverage scope determination, and acquisition agreement representations accuracy with Delaware corporate law, securities due diligence, and RWI insurance contract consequences. Harvey AI processes M&A transaction document images through AI-assisted due diligence obligation extraction tools at Am Law 200 M&A practices, with AI findings reports used by deal teams to identify material contract obligations, regulatory compliance exposures, and liability indicators that affect acquisition price, deal structure, and RWI coverage scope in transactions with enterprise values from $50M to multi-billion-dollar range. Luminance AI processes contract due diligence document images at HSBC, Deloitte Legal, and global law firms through AI-assisted anomaly detection and obligation identification tools that M&A deal teams use for target company contract portfolio diligence, IP portfolio assessment, and regulatory compliance record review.

The adversarial injection surface is the M&A transaction document photograph submission pathway: acquisition agreement drafts, target company contract images, and disclosure schedule document photographs submitted through Harvey AI or Luminance AI due diligence interfaces for AI material liability indicator identification, representations and warranties accuracy assessment, and RWI underwriting submission preparation. An adversarially crafted M&A due diligence document image — in which pixel perturbations applied to the environmental remediation obligation disclosure text region, the pending litigation exposure quantification paragraph visual marker, or the undisclosed pension deficit funding commitment clause text area in an M&A disclosure schedule document image cause the AI to classify a target company with undisclosed material environmental, litigation, or pension liabilities as having a clean liability profile meeting standard market RWI underwriting criteria when the actual document image contains material liability disclosures that would affect RWI policy pricing, exclusion scope, or coverage capacity — can suppress a material liability identification that would otherwise generate a due diligence findings report entry requiring deal team investigation, acquisition price adjustment, or RWI policy exclusion. In large M&A transaction document review environments where Harvey AI or Luminance AI processes hundreds of thousands of transaction document pages as the primary due diligence tool with attorney review limited to AI-flagged findings, adversarial suppression of material liability indicators creates due diligence gaps that close into the transaction without RWI coverage for the suppressed liability.

The legal and contractual consequences of adversarially suppressed material liability detection in M&A due diligence AI span Delaware corporate law, securities due diligence, RWI insurance coverage, and representations and warranties indemnity dimensions of exceptional severity. Delaware corporate law imposes fiduciary duty obligations on acquiring company board members to conduct adequate due diligence before approving an acquisition; adversarial manipulation of Harvey AI or Luminance AI due diligence tools that suppresses material liability identifications creates a board fiduciary duty exposure if the suppressed liability was reasonably discoverable through competent AI-assisted due diligence — the standard that Delaware courts apply in post-closing breach-of-warranty litigation. Securities due diligence obligations in public company acquisitions require counsel to conduct sufficient investigation of material facts to support the accuracy of representations made in public filing documents including Form S-4 merger proxy statements and Form 8-K deal announcement filings; adversarial suppression of material liability identification in AI due diligence tools creates a securities due diligence gap with potential SEC Rule 10b-5 and Form S-4 accuracy consequences for the acquirer’s outside securities counsel. Representation and warranty insurance coverage scope exclusions are determined by the due diligence investigation conducted before the policy inception date; adversarially crafted document images that suppress material liability identifications during the due diligence investigation window create post-closing RWI coverage disputes where the insurer asserts that the suppressed liability was in the category of “matters actually known” by the diligence team if the adversarial image suppression is later discovered in forensic investigation, even though the diligence team genuinely did not identify the liability in the adversarially manipulated AI review. Threshold: 65 for M&A due diligence document AI — reflecting the Delaware fiduciary duty, securities due diligence, RWI coverage, and representations and warranties indemnity dimensions of suppressed material liability detection.

Integration: legal and litigation AI image ingestion with Glyphward pre-scan

Legal and litigation AI image ingestion flows from Ironclad and Litera contract management platform document scan APIs, Relativity and DISCO e-discovery document processing image channels, Thomson Reuters and LexisNexis regulatory filing compliance analysis platforms, and Harvey and Luminance M&A due diligence document review interfaces into contract obligation extraction AI, e-discovery privilege review AI, regulatory compliance classification AI, and M&A material liability identification AI pipelines. Insert Glyphward’s pre-scan at the ingestion boundary before AI-generated output is committed to contract obligation monitoring records, FRCP privilege log entries, SOX regulatory compliance certifications, or M&A due diligence findings reports:

import asyncio
import base64
import hashlib
import os
import uuid
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = os.environ["GLYPHWARD_API_KEY"]
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Legal & litigation AI — UCC Article 2; FRCP Rule 26(b)(5)/37(e);
# FRE 502; 18 USC §1512; SOX §302; SEC Rule 10b-5; Delaware fiduciary duty.
# Suppression of contract obligations, privilege markers, regulatory flags,
# and M&A material liabilities create professional liability, criminal
# obstruction, and securities enforcement consequences.
THRESHOLD_CONTRACT_AI    = 60  # Ironclad/Litera/Kira; UCC Article 2; pro negligence
THRESHOLD_REGULATORY_AI  = 60  # Thomson Reuters/LexisNexis; SOX §302; SEC 10b-5
THRESHOLD_LITIGATION_AI  = 65  # Relativity/DISCO; FRE 502; 18 USC §1512
THRESHOLD_DILIGENCE_AI   = 65  # Harvey/Luminance; Delaware; RWI; securities


class LegalAIContext(str, Enum):
    CONTRACT_DOCUMENT  = "contract_document"   # Ironclad, Litera, Kira Systems
    LITIGATION_EXHIBIT = "litigation_exhibit"  # Relativity, DISCO
    REGULATORY_FILING  = "regulatory_filing"   # Thomson Reuters, LexisNexis
    DUE_DILIGENCE_DOC  = "due_diligence_doc"   # Harvey, Luminance


def threshold_for(context: LegalAIContext) -> int:
    thresholds = {
        LegalAIContext.CONTRACT_DOCUMENT:  THRESHOLD_CONTRACT_AI,
        LegalAIContext.LITIGATION_EXHIBIT: THRESHOLD_LITIGATION_AI,
        LegalAIContext.REGULATORY_FILING:  THRESHOLD_REGULATORY_AI,
        LegalAIContext.DUE_DILIGENCE_DOC:  THRESHOLD_DILIGENCE_AI,
    }
    return thresholds[context]


async def scan_legal_ai_image(
    image_path: str | Path,
    context: LegalAIContext,
    matter_id_hash: str,  # SHA-256 of law firm/CLM matter ID or deal identifier
    document_ref: str,    # e.g. "CONTRACT-IRN-88721", "DISCO-MATTER-2026-447-DOC-883"
    review_session_id: str,  # Ironclad contract ID, Relativity review session, Harvey run ID
    client: httpx.AsyncClient,
) -> dict:
    """
    Scan a legal or litigation AI document image for adversarial injection
    payloads before forwarding to contract obligation extraction, e-discovery
    privilege review, regulatory compliance classification, or M&A due
    diligence material liability identification AI systems.

    Raises AdversarialLegalAIImageError if score meets threshold:
      - CONTRACT_DOCUMENT:  threshold 60; UCC Article 2 contract enforcement;
                             M&A change-of-control consent; law firm pro liability
      - LITIGATION_EXHIBIT: threshold 65; FRE 502 privilege waiver;
                             FRCP Rule 37(e) ESI sanctions; 18 USC §1512 obstruction
      - REGULATORY_FILING:  threshold 60; SOX §302 CEO/CFO certification;
                             SEC Rule 10b-5; FINRA Rule 2010 enforcement
      - DUE_DILIGENCE_DOC:  threshold 65; Delaware fiduciary duty; RWI coverage;
                             securities due diligence; RW indemnity
    """
    image_bytes    = Path(image_path).read_bytes()
    image_b64      = base64.b64encode(image_bytes).decode()
    image_sha256   = hashlib.sha256(image_bytes).hexdigest()
    client_scan_id = str(uuid.uuid4())
    threshold      = threshold_for(context)

    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json={
            "image": image_b64,
            "source": context.value,
            "metadata": {
                "legal_context":      context.value,
                "matter_id_hash":     matter_id_hash,
                "document_ref":       document_ref,
                "review_session_id":  review_session_id,
                "client_scan_id":     client_scan_id,
                "image_sha256":       image_sha256,
            },
        },
        timeout=8.0,
    )
    resp.raise_for_status()
    result = resp.json()

    audit_record = {
        "matter_id_hash":    matter_id_hash,
        "document_ref":      document_ref,
        "review_session_id": review_session_id,
        "legal_context":     context.value,
        "scan_id":           result["scan_id"],
        "client_scan_id":    client_scan_id,
        "image_sha256":      image_sha256,
        "score":             result["score"],
        "flagged_region":    result.get("flagged_region"),
        "threshold":         threshold,
        "action":            "blocked" if result["score"] >= threshold else "allowed",
    }
    await write_legal_audit_record(audit_record)

    if result["score"] >= threshold:
        raise AdversarialLegalAIImageError(
            f"Legal AI document image blocked [{context.value}]: "
            f"scan_id={result['scan_id']} score={result['score']} "
            f"matter={matter_id_hash} doc={document_ref}"
        )
    return result


async def write_legal_audit_record(record: dict) -> None:
    """Persist audit record to legal matter compliance store (stub)."""
    import json, sys
    print(json.dumps(record), file=sys.stderr)


class AdversarialLegalAIImageError(Exception):
    """Raised when a legal or litigation AI document image exceeds the adversarial injection threshold."""
    pass

Call scan_legal_ai_image() with LegalAIContext.CONTRACT_DOCUMENT before forwarding Ironclad or Kira Systems contract scans to AI obligation extraction and renewal term monitoring tools — the integration point where adversarial suppression of a change-of-control consent obligation creates M&A post-closing contract termination risk, with document_ref linking the Glyphward scan to the Ironclad contract record for UCC Article 2 obligation monitoring audit purposes. Call with LegalAIContext.LITIGATION_EXHIBIT for Relativity or DISCO e-discovery document review images before AI privilege identification and FRCP Rule 26(b)(5) determination, preserving image_sha256 as the forensic anchor for FRE 502 inadvertent disclosure proceedings and 18 USC §1512 obstruction investigation audit documentation. Call with LegalAIContext.REGULATORY_FILING for Thomson Reuters CoCounsel or LexisNexis AI regulatory compliance document images before AI SOX §302 accuracy assessment and SEC disclosure obligation classification, with matter_id_hash encoding the public company matter identifier for SOX internal control audit trail purposes. Call with LegalAIContext.DUE_DILIGENCE_DOC for Harvey or Luminance AI M&A due diligence document images before AI material liability identification and RWI underwriting submission preparation, with review_session_id set to the Harvey deal run identifier for Delaware fiduciary duty documentation and RWI policy inception-date due diligence audit trail linkage. Get early access

Coverage matrix

Control Contract document AI injection (Ironclad, Litera, Kira Systems) Litigation exhibit AI injection (Relativity, DISCO) Regulatory filing AI injection (Thomson Reuters, LexisNexis) M&A due diligence AI injection (Harvey, Luminance)
Text-only PI scanners (Lakera, LLM Guard) No — adversarial pixel perturbations in scanned contract document images are invisible to text-based analysis No — litigation exhibit document scan pixel manipulation suppressing privilege markers is not detected by text-only scanning No — SEC regulatory filing document scan pixel manipulation affecting SOX compliance AI is not caught by text analysis No — M&A due diligence document image pixel perturbations suppressing material liability flags are not visible to text scanners
Attorney and counsel review Legal operations teams review Ironclad AI obligation extraction outputs and contract renewal alerts; do not inspect individual contract scan image pixels for adversarial manipulation before obligation monitoring record creation Privilege review attorneys review Relativity/DISCO AI privilege classifications and conduct spot-check validation; do not inspect individual document scan pixels for adversarial manipulation before privilege log finalization Securities counsel review Thomson Reuters/LexisNexis AI regulatory compliance outputs; do not inspect individual SEC filing scan pixels for adversarial manipulation before SOX §302 certification advice M&A deal team lawyers review Harvey/Luminance AI due diligence findings; do not inspect individual deal document scan pixels for adversarial manipulation before acquisition agreement negotiation
Court, SEC, and regulatory oversight Courts review contract enforcement disputes; do not inspect AI contract obligation extraction image inputs for adversarial manipulation before the breach-of-contract claim is filed Courts review privilege logs and may conduct in camera review of withheld documents; do not detect adversarial manipulation of Relativity/DISCO AI privilege review inputs before the FRE 502 production issue arises SEC reviews regulatory filings and may investigate disclosure omissions; does not detect adversarial manipulation of Thomson Reuters/LexisNexis AI compliance review inputs that affected the CEO/CFO §302 certification Courts and SEC review M&A deal documentation in post-closing disputes; do not detect adversarial manipulation of Harvey/Luminance AI due diligence inputs that affected the acquirer’s pre-closing knowledge
Glyphward Yes — threshold 60; matter_id_hash and document_ref audit trail; blocks adversarially crafted Ironclad/Kira contract scans before AI obligation extraction and renewal deadline monitoring Yes — threshold 65; blocks adversarially crafted Relativity/DISCO document scans before AI privilege identification, with image_sha256 for FRE 502 inadvertent disclosure proceedings and 18 USC §1512 audit trail Yes — threshold 60; blocks adversarially crafted SEC filing scans before Thomson Reuters/LexisNexis AI SOX §302 accuracy and disclosure obligation classification, with matter_id_hash for SOX internal control audit Yes — threshold 65; blocks adversarially crafted Harvey/Luminance deal document images before AI material liability identification, with review_session_id for Delaware diligence and RWI policy inception-date audit trail

Frequently asked questions

How does adversarial injection into Relativity or DISCO e-discovery AI differ from ordinary OCR quality errors in litigation document scans, and why do FRCP Rule 26 discovery disputes not surface adversarially manipulated privilege review inputs?

Ordinary OCR quality errors in litigation document scans — faint handwritten annotation recognition failures on scanned paper documents, photocopier resolution degradation affecting small-font exhibit stamps on produced documents, redaction mark misidentification on PDF-to-image conversions, and header/footer text cropping on document boundaries — produce recognisable AI privilege classification errors characterised by low confidence scores, incomplete text extraction, and privilege indicator fragments that fall below the AI confidence threshold for privilege determination, routing the affected documents to the attorney review queue for privilege determination by a human reviewer rather than to the AI-coded privilege log as a high-confidence non-privilege classification. The document review workflow is therefore structured to address OCR quality problems through human escalation — creating a detection pathway for quality-impaired document images that operates before the AI privilege determination is finalised.

Adversarial injection into Relativity or DISCO e-discovery privilege review AI operates at the directly opposite confidence dimension: a precisely crafted adversarial document scan produces a high-confidence false non-privilege classification — the AI assigns high confidence to the incorrect non-privileged determination for the adversarially manipulated document, because the adversarial pixel perturbations suppress the attorney-client privilege marker visual features while maintaining image quality metrics above the OCR quality escalation threshold. The adversarially manipulated document scan is therefore committed to the AI production set as a high-confidence non-privileged document rather than routed to human privilege review, with no privilege log entry generated and no privilege claim preserved. FRCP Rule 26 discovery disputes arise from production deficiencies that the producing party identifies and discloses through a claw-back motion or by the receiving party through a privilege log adequacy challenge; neither mechanism inspects the pixel-level content of the individual document images that generated the AI privilege determination. An adversarial privilege review manipulation that causes a targeted attorney-client communication to be produced without privilege log entry will not surface as a FRCP Rule 26 dispute unless the receiving party voluntarily notifies the producing party under FRCP Rule 26(b)(5)(B) upon recognising the document’s apparent privilege — which sophisticated opposing parties in complex commercial litigation are not incentivised to do. Glyphward pre-scan at the Relativity or DISCO document image submission boundary documents that an adversarial image injection detection control was active during the privilege review session, which provides forensic evidence in subsequent FRE 502 proceedings that the producing party’s inadvertent disclosure of the adversarially manipulated document resulted from adversarial technical manipulation rather than failure to take reasonable privilege protection steps.

What are an Am Law 200 firm’s professional liability obligations when adversarial injection into Harvey AI suppresses a material liability in M&A due diligence, and how does the RWI insurance coverage analysis change?

An Am Law 200 firm’s professional liability obligations when adversarial injection into Harvey AI suppresses a material liability indicator in M&A due diligence operate on the attorney competence standard dimension of ABA Model Rule 1.1 (Competence). ABA Model Rule 1.1 requires that a lawyer provide competent representation to a client, including the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation; Comment [8] to Rule 1.1 specifically provides that to maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology. When an Am Law 200 M&A lawyer relies on Harvey AI or Luminance AI due diligence tools and the AI produces false findings due to adversarial manipulation of document images, the competence analysis focuses on whether the lawyer’s supervision of the AI tool was adequate — whether the lawyer reviewed AI output critically, whether spot-checking was conducted on a sample of AI-reviewed documents, and whether the lawyer deployed appropriate technical controls including adversarial input detection. Law firm professional liability (legal malpractice) claims arising from AI-assisted due diligence failures that miss material liabilities will increasingly be evaluated against an emerging standard of AI competence that includes adversarial input detection; firms that deployed Glyphward pre-scan on their Harvey AI or Luminance AI document review inputs can demonstrate technical control compliance at a level that firms without such controls cannot.

The RWI insurance coverage analysis when adversarially suppressed due diligence creates a post-closing claim turns on the “actually known” exclusion standard in RWI policy language. Standard RWI policy forms (including AIG, Chubb, and Liberty Mutual M&A insurance RWI forms) exclude from coverage any breach of the seller’s representations that is “actually known” to the buyer or the buyer’s legal counsel as of the policy inception date; the exclusion is typically construed to capture constructive knowledge arising from the due diligence process, including knowledge that would have been identified through competent AI-assisted document review. When adversarial manipulation of Harvey AI or Luminance AI document review causes a material liability to be suppressed in the due diligence findings report, the RWI insurer in a post-closing claim will investigate the due diligence process and may assert that the suppressed liability was “in” the diligence materials and therefore constructively known, even though the AI adversarial manipulation caused it not to be identified in the AI findings output. Glyphward pre-scan audit records — including image_sha256, scan_id, flagged image records, and chain-of-custody documentation for the adversarially manipulated document images — provide forensic evidence that the due diligence process was technically compromised by adversarial document image manipulation, which is significant evidence supporting the buyer’s position that the suppressed liability was not constructively known because the AI tool’s detection was adversarially defeated, distinguishing the suppression from ordinary AI oversight failures that the “actually known” exclusion is designed to capture.

Further reading