Agents at the Gate: The State of Agentic AI in Legal Practice

Something fundamental has shifted in how artificial intelligence operates, and it extends well beyond the legal industry.

For most of the past three years, AI tools across every sector have been reactive. A user provides a prompt. The system generates a response. The user evaluates, adjusts, and prompts again. Whether the context was writing code, analyzing financial data, drafting legal documents, or diagnosing medical images, the interaction model was the same: human directs, machine responds, human carries the work forward.

That model is giving way to something architecturally different. Agentic AI — systems that interpret an objective, decompose it into steps, select and use tools to execute those steps, evaluate their own output, and adapt — is moving from research concept to production deployment across industries. In software engineering, AI agents are writing, testing, and deploying code with minimal human intervention. In financial services, autonomous systems are monitoring regulatory changes, flagging compliance risks, and executing multi-step audit workflows. In healthcare, agentic systems are coordinating diagnostic pathways across imaging, lab results, and patient history simultaneously.

The shift from assistant to agent isn't incremental. It's structural. And the legal profession — characteristically — is watching from a cautious distance while other industries move ahead.

That caution isn't entirely misplaced. Legal work carries professional liability, ethical obligations, and confidentiality requirements that make autonomous AI deployment genuinely more complex than in most other domains. But caution is becoming difficult to distinguish from inaction. The agentic tools are here. Some are delivering real value in legal practice today. Others are sophisticated demos dressed up as products. And the infrastructure questions this essay series has explored are more relevant than ever — because agentic systems are the most infrastructure-dependent AI tools the industry has ever encountered.

Here's where the landscape actually stands as of March 2026.

Where agentic AI is delivering real value

The honest assessment of the landscape starts with acknowledging that certain categories of agentic legal AI are no longer speculative. They're in production, and the results are meaningful.

The enterprise platforms have moved fastest. Harvey, now valued at roughly $11 billion after raising over $760 million in a single year, has progressed beyond single-prompt interactions into workflow agents that execute multi-step processes — contract review chains, deep research tasks, document analysis across large collections. Their partnership with A&O Shearman to build domain-specific agents for antitrust filing analysis, cybersecurity, fund formation, and loan review represents one of the most concrete examples of agentic AI in production legal work. These aren't general-purpose chatbots. They're specialized agents that incorporate deep practice-area expertise into systems capable of multi-step reasoning over matter-specific documents.

Thomson Reuters has launched agentic workflow capabilities within CoCounsel, including autonomous research that generates research plans, explains its reasoning, and delivers structured reports. LexisNexis's Protégé deploys specialized agents — including an orchestrator, a legal research agent, a web search agent, and a customer document agent — that collaborate on complex workflows. The architecture is notable: rather than a single monolithic model trying to do everything, these systems use multiple specialized agents coordinating through an orchestration layer. That design pattern will matter more as systems grow more complex.

Beyond the enterprise platforms, the most mature agentic applications are in document-intensive workflows — the areas where the volume of information exceeds what human attention can reliably process. Medical records review for personal injury firms. Due diligence in transactional work. Contract analysis across large portfolios. These are domains where agents can chain multiple steps — identify relevant documents, extract key data, cross-reference against case details, produce structured output — with meaningful autonomy and measurable accuracy. The pattern recognition capabilities I described in the leverage line essay become dramatically more powerful when they operate as part of an autonomous workflow rather than a manually prompted sequence.

Intake and triage automation is another area seeing genuine adoption, particularly in high-volume practices. Agentic systems that qualify leads, gather preliminary information, route matters to the right team members, and schedule consultations — operating around the clock through platforms clients already use — are reducing a significant operational bottleneck for firms that handle substantial inquiry volume.

None of this is transformative in the way the most breathless commentary suggests. But it's real, it's in production, and for the firms that have deployed it effectively, the impact on both capacity and quality is measurable.

The open-source wildcard

OpenClaw deserves separate attention because it represents something fundamentally different from the enterprise platforms — and because its implications for legal practice are both more exciting and more concerning.

OpenClaw is an open-source autonomous AI agent — at the time of writing, the most-starred non-aggregator project on GitHub with nearly 250,000 stars — that runs on the user's own infrastructure and communicates through messaging platforms already in use: WhatsApp, Telegram, Slack, Discord. Unlike enterprise legal AI platforms that operate within their own walled environment, OpenClaw is designed for persistent, autonomous operation. It doesn't wait for prompts. It runs continuously, managing workflows, triaging communications, executing tasks, and building on its own memory over time.

For law firms, the appeal is immediately obvious. An AI agent that runs on the firm's own hardware, controlled by the firm, with data staying on premises. It can manage intake qualification around the clock, coordinate scheduling, monitor deadlines, automate routine communications, and handle workflow coordination — all through the messaging platforms staff already use. Early law firm deployments have reported striking breadth of application, from lead qualification to calendar management to research coordination.

The risk is equally significant. OpenClaw's power comes from the broad system permissions it requires — access to email accounts, calendars, messaging platforms, file systems, and other sensitive services. Security researchers have raised serious concerns. Cisco's AI security team found third-party OpenClaw skills performing data exfiltration and prompt injection without user awareness. Over 340 malicious skills were discovered in the ClawHub marketplace in early 2026. The Chinese government restricted state agencies from running it entirely, citing security risks. And the autonomy questions go beyond security: reports have surfaced of OpenClaw agents taking actions — creating profiles on external platforms, initiating communications — without the explicit direction of the user who deployed them.

In a legal context, where client confidentiality is a professional obligation and unauthorized actions carry malpractice implications, these aren't theoretical concerns. They're threshold questions that have to be answered before deployment.

The honest assessment: OpenClaw represents the future architecture for general-purpose personal automation — local execution, persistent operation, tool use across systems, autonomous workflow management. It also represents every governance and security question the profession needs to answer before that architecture can be responsibly deployed for client-facing work. Watching OpenClaw closely is essential. Deploying it without rigorous controls, particularly for anything touching client data, would be premature for most firms.

The orchestration layer most firms aren't watching

Most legal industry commentary on agentic AI focuses on what individual agents can do. Almost none addresses the infrastructure layer that determines whether agents can work together — and this is where the most consequential developments are happening.

Two emerging standards are shaping the foundation of how agentic systems will operate across the technology landscape, and their implications for legal practice are significant.

The Model Context Protocol, or MCP, was created by Anthropic and is now housed under the Linux Foundation's Agentic AI Foundation. MCP standardizes how AI agents connect to external tools, data sources, and services. The analogy used most often is USB-C: a universal interface that replaces the custom-built, proprietary connections that have historically required bespoke engineering for every integration. By early 2026, MCP had crossed 97 million monthly SDK downloads and been adopted by every major AI provider — Anthropic, OpenAI, Google, Microsoft, and Amazon.

The Agent-to-Agent Protocol, or A2A, was created by Google and has also been brought under the same foundation, with over 100 enterprise supporters including Atlassian, Salesforce, SAP, and ServiceNow. If MCP standardizes how agents use tools, A2A standardizes how agents work together — discovering each other's capabilities, delegating tasks, and coordinating on multi-step workflows.

Together with the emerging WebMCP standard for web access, these protocols are forming a three-layer stack that will determine the architecture of agentic AI systems going forward.

Why should a managing partner or firm COO care about protocol standards? Because the choices their technology vendors make about these standards will determine whether the next generation of legal AI tools can interoperate, share data, and coordinate — or whether the profession ends up locked into another generation of siloed products that don't talk to each other. The integration tax I described earlier in this series was driven by proprietary, disconnected systems. MCP and A2A represent the potential antidote: standardized connective tissue between tools. The question is whether legal tech vendors adopt them substantively or treat them as another checkbox on the feature list — the same dynamic I explored in the architecture problems behind legal tech's disappointing track record.

Firms don't need to understand protocol specifications. They need to ask their vendors a simple question: are you building on open standards, or are you building another walled garden?

What's real, what's hype, and what to watch

The landscape as of March 2026 rewards honest assessment more than enthusiasm.

What's real and delivering value now: document analysis at scale, structured data extraction across large file sets, research workflows that chain multiple steps autonomously, and intake automation for high-volume practices. These applications are in production, producing measurable results, and improving as the underlying models improve. They are not speculative.

What's promising but early: complex legal reasoning agents like the domain-specific systems Harvey and A&O Shearman are building, multi-agent orchestration for full matter lifecycle management, and autonomous compliance monitoring. The demonstrations are impressive. The production deployments are still limited in scope and heavily supervised. The gap between demo and deployment — the central theme of this essay series — remains wide.

What's overhyped for the current moment: fully autonomous legal work without meaningful human review, AI-first law firms replacing traditional practice at scale, and the notion that agentic AI somehow reduces the need for the operational infrastructure this series has described. It does the opposite. Gartner's prediction that over 40% of agentic AI projects will be canceled by the end of 2027 due to escalating costs or unclear business value deserves serious attention from any firm planning significant investment.

And the largest unresolved question: governance. Agentic systems that act autonomously, access sensitive client data, and produce work product with professional liability implications need governance frameworks that most firms haven't begun to develop. Ethical walls, audit trails, data isolation, human oversight checkpoints, explainability requirements — these aren't optional features to be added later. They're preconditions for responsible deployment. The EU AI Act taking effect in August 2026 and the Colorado AI Act in June 2026 will begin formalizing requirements that most firms haven't started preparing for. The gap between what's technically possible and what's responsibly deployable is, for many firms, the most important gap to close.

Lessons the legal industry hasn't borrowed yet

Legal is not the first knowledge profession to navigate this transition. Other industries are further along the path that law firms are just beginning to traverse, and the data they're generating deserves more attention than the legal profession is currently giving it.

Healthcare is perhaps the closest parallel. Medicine has been deploying AI pattern recognition and diagnostic support systems in production for longer than legal has been experimenting with document review. The profession went through the same existential panic — will AI replace doctors? — and landed on a hybrid model where AI handles data synthesis and pattern identification while humans handle diagnosis, treatment decisions, and patient relationships. The outcomes data is starting to come in, and it's instructive for how legal should think about quality improvements, not just efficiency gains.

Software engineering offers the most concrete productivity evidence. AI-assisted development tools have produced well-documented gains in professional output — with the most striking finding being that junior practitioners often see the largest improvements, because AI provides a scaffolding that accelerates their learning curve. The pattern is consistent: AI didn't replace developers. It shifted their work toward higher-order thinking — architecture, design decisions, code review — while AI handled more of the implementation. The leverage line, with real numbers behind it, in a knowledge profession that shares more structural similarities with legal practice than most lawyers realize.

Financial services has been forced, by the nature of its regulatory environment and the consequences of autonomous system failures, to develop governance frameworks for AI agents making consequential decisions. Algorithmic accountability, audit trail requirements, explainability standards, and human oversight protocols — the banking and insurance industries have navigated these questions under regulatory pressure that legal is only beginning to encounter. The frameworks they've built aren't directly transferable, but the principles are. And the legal profession doesn't have to develop them from scratch.

Each of these parallels deserves deeper exploration, and I intend to give them that in future essays. For now, the point is straightforward: law firms that only watch their own industry for signals about where AI is heading are missing the most useful data. The most instructive lessons about how agentic AI will reshape knowledge work are coming from professions that started the journey earlier — and are far enough along to have real results, real failures, and real governance frameworks to learn from.

Where this leaves us

The state of agentic AI in legal in March 2026 is exactly what you'd expect at an inflection point: enormous potential, uneven execution, legitimate risks, and a widening gap between firms that are building the infrastructure to support these tools and firms that are watching from the sidelines.

The pattern from every essay in this series holds. The technology is not the bottleneck. The infrastructure is. Agentic AI doesn't reduce the need for connected systems, structured data, and standardized workflows. It intensifies it. An autonomous agent operating in a fragmented environment isn't just ineffective. It's potentially dangerous — making decisions based on incomplete information, executing actions across disconnected systems, producing work product that no one can fully trace or audit.

The firms that have been investing in operational maturity — connecting their systems, structuring their data, standardizing their processes, building the foundation this series has described — will find themselves positioned to adopt agentic AI effectively as it matures. The firms that deferred that work will discover that the most powerful tools in the market are useless without the infrastructure to support them.

That was true for the first wave of AI tools. For agentic systems — which are more autonomous, more interconnected, and more dependent on the quality of the data and systems around them — it is profoundly more true.

The infrastructure question is no longer theoretical. It's urgent.