Three things traditional firms get wrong about AI

I want to be careful here, because “what law firms get wrong about AI” is the kind of headline that usually precedes a lecture from someone who has never sat in a partners’ meeting. The firms I work with are not stupid, and many are not even slow. The mistakes I see most are made by the keen ones - the firms that are investing, experimenting, and genuinely trying.

Which is what makes the three errors worth naming. They aren’t the errors of laggards. They’re the errors of people moving fast in a direction that quietly doesn’t lead anywhere.

One: they treat AI as a thing to buy, not a capability to build

The first instinct is procurement. AI gets framed as a category of product, like document management or e-signature - something you evaluate, purchase, roll out, and tick off. The firm runs a process, picks a vendor, signs a contract, and considers itself to be “doing AI.”

The trouble is that AI isn’t really a product you buy. It’s a capability you build - the institutional ability to spot a task worth automating, design the workflow around it, draw the judgement boundary correctly, get fee-earners to actually use the result, and do it again next quarter for the next task. That capability is the asset. The tools are just the current expression of it, and they’ll be replaced within eighteen months by something better and cheaper.

Firms that buy a tool get a tool. Firms that build the capability get a tool and the ability to keep getting the next one. Years from now, the gap between those two firms won’t be which software they licensed. It’ll be that one of them learned how to do this and one of them learned how to sign a purchase order.

Two: they automate the easy part and leave the painful part alone

The second error is subtler and more frustrating, because it looks like progress. A firm picks an AI use case by asking “what’s easy to automate?” rather than “what’s actually painful?” - and those two questions have almost completely different answers.

The easy-to-automate tasks are easy precisely because they’re already mostly fine. They’re clean, bounded, and not that costly to do by hand. Automating them produces a nice demo and almost no real value, because you’ve optimised something that wasn’t the bottleneck.

The painful tasks - the ones that genuinely eat time, cause errors, and make people miserable - are painful because they’re messy: ambiguous inputs, awkward handoffs, a judgement lurking in the middle, real consequences for getting it wrong. They’re harder to automate, which is exactly why automating them is worth so much. The firm that does the hard, valuable thing beats the firm that did ten easy, worthless things and has the demos to prove it.

Easy and valuable are not the same axis. Most firms optimise for easy and wonder why the value never shows up.

Three: they think the risk is using AI, when the bigger risk is how they use it

The third error is about risk, and it’s the one I’d most like firms to rethink. The instinct in a regulated profession is to treat using AI at all as the risk to be managed - hence the moratoria, the committees, the cautious pilots fenced off from anything that matters.

But “should we use AI” is increasingly not the real risk question, because the answer is being decided for the firm by clients, competitors, and the simple economics of the work. The real risk - the one that actually causes harm - is how you use it. It’s putting the judgement boundary in the wrong place, so the machine decides something a human should have. It’s deploying a tool with no way to check its output, so a confident wrong answer sails through. It’s automating a task without anyone owning what happens when it fails.

Those are real, specific, manageable risks - and they get worse, not better, when a firm bans AI officially and then has its people use consumer tools unofficially, with no governance, no audit trail, and no boundary at all. The cautious posture often produces the least safe outcome. The genuinely lower-risk path is to use AI deliberately, in the open, with the boundary drawn carefully and the output checkable - not to pretend you can opt out.

What the keen firms should do differently

If you’re one of the firms genuinely trying, the correction for all three is the same move: stop asking “which AI should we buy?” and start asking “which painful task should we get genuinely good at doing differently, and how do we make that safe and repeatable?”

That question forces you toward capability rather than procurement, toward value rather than ease, and toward managing the real risk rather than the imagined one. It’s a slower-sounding question that produces faster-compounding results - which is, awkwardly, the opposite of how most firms are currently spending their AI budgets.