It’s a double agent day. Compliance agent developer, Norm Ai, has joined Stanford’s CodeX legal tech group. Meanwhile, Exterro has kindly explained to AL why its new ‘agents’ are actually agentic (see below).
First Exterro the data risk analysis pioneer, which has launched a range of ‘domain-specific AI agents’, which includes a Sensitive Data Detection Agent that identifies PII; and a Jurisdiction Mapping Agent that applies GDPR and HIPAA rules.
Exterro CEO, Bobby Balachandran, commented: ‘The future of AI is agentic AI and Exterro is leading the way. While the rest of the industry focuses on using third-party models such as OpenAI as a wrapper for their artificial intelligence, or talking about the concept of agentic AI, we are delivering actual solutions that lower risk, reduce cost and increase speed, security, and control.’
AL then asked if the company could explain a bit more about their approach to agentic AI here so that readers could be more clear about what is actually on offer and how it all works, e.g. how autonomous (i.e. with their own ‘agency’) are these tools?
Is this agentic solution actually autonomous?
Not in the way that typically causes concern for legal and compliance professionals. Our agentic system operates with action-level autonomy, not workflow-level autonomy. This is a distinction that needs to be clear and proves crucial in legal and compliance environments.
Exterro Assist for Data provides action autonomy with ‘Human-in-the-Loop’ oversight. Each Domain-Specific or ‘Expert’ Agent used by Exterro Assist for Data can independently complete specific, well-defined tasks such as data classification, privilege detection, custodian mapping, or anomaly flagging without needing human intervention at every step. This comes with an important distinction – they are NOT outsourced to third-party LLMs.
These expert agents have legal and regulatory logic embedded directly into their operational models – built by Exterro. However, the overall workflow always includes Human-in-the-Loop decision points. These are the controls that our audience needs for actions like matter and discovery strategy, final legal judgments, escalations, or approvals. This approach ensures that: legal and compliance professionals maintain oversight, customer data never leaves the Exterro environment, and Exterro Assist for Data operates in a transparent, controllable, and defensible manner.
How does it plan on its own?
The orchestration layer acts as the planner. When a user specifies an outcome, the system decomposes it into subtasks and routes them to the right expert agents. For example, in a breach response:
1. A Sensitive Data Detection Agent identifies PII.
2. A Jurisdiction Mapping Agent applies GDPR, HIPAA, or PDPL rules.
3. A Validator Agent reviews ambiguous cases.
4. The autonomy here is that the system itself sequences the agents and actions, the user doesn’t have to manually direct each step.
Can it adjust its actions autonomously without human input?
Yes, within clear, defensible boundaries. Agents can loop, refine, or escalate based on confidence thresholds. For example, if a classifier’s confidence score falls below a set level, the system can automatically route those items to a Validator Agent or flag them for human review. This is adaptive autonomy, but always explainable and always under human oversight.
Can it orchestrate with other tools and data selections on its own?
Yes. Agents are designed to work together and hand off tasks automatically. In
a litigation review, for instance:
1. A Classifier Agent organizes by relevance.
2. A Privilege Agent flags sensitive items.
3. A Validator Agent confirms results before they’re surfaced.
4. Because the entire process happens within Exterro’s own environment – without sending data to external LLMs, the orchestration is both powerful and compliant.
–
Many thanks to Exterro for being so transparent here and explaining what they are doing in relation to agentic features. It’s really helpful to get this level of clarity.
—
Now, back to Norm Ai. The CodeX membership ‘will allow Norm Ai to participate in and provide an industry perspective for CodeX’s research agenda on legal and compliance topics related to AI agents’.
‘[Their] participation in CodeX’s affiliate program will provide us with a unique perspective from a leader at the forefront of legal AI as we advance our research in this critical domain,’ said Roland Vogl, Executive Director of CodeX.
‘Norm Ai’s clients face some of the most demanding regulatory obligations worldwide. Working with researchers at CodeX will help us balance innovations in AI agents with the practical realities of legal frameworks,’ added Patrick Vergara, Norm Ai COO and who is also Stanford Law School graduate.
—
So, there you go: agents, agents, and more agents. Whether you like them or not, they’re here to stay and will only grow and improve. AL will also be asking vendors for more detail, unless already explained, in upcoming announcements on this subject in order to help readers evaluate what’s on offer.
—
Legal Innovators Conferences in London and New York – November ’25
If you’d like to stay ahead of the legal AI curve then come along to Legal Innovators New York, Nov 19 + 20 and also, Legal Innovators UK – Nov 4 + 5 + 6, where the brightest minds will be sharing their insights on where we are now and where we are heading.
Legal Innovators UK arrives first, with: Law Firm Day on Nov 4th, then Inhouse Day, on the 5th, and then our new Litigation Day on the 6th.
Both events, as always, are organised by the awesome Cosmonauts team!
Please get in contact with them if you’d like to take part.
Discover more from Artificial Lawyer
Subscribe to get the latest posts sent to your email.