Research Report — March 2026
Why Non-Auditable AI Concentrates Liability on the Firm
Your firm has a human in the loop. When the system fails, that human is you.
Oversight Requires the Capacity to Oversee.
Regulators mandate that a human oversee AI output before it reaches a client. Decades of cognitive science research show why that mandate breaks down in practice: AI systems produce errors that look correct on the surface. At volume, the human reviewing that output cannot sustain the cognitive load required to catch them. The longer the review, the more errors pass through.
The Harvard JOLT analysis published February 2026 identifies the legal consequence. Under the Learned Hand negligence formula, a party is liable when the cost of prevention is less than the expected harm. But when the firm has no independent way to verify what the AI did, the burden of precaution (B) approaches infinity, rendering the formula void. The formula stops working as a human-only oversight standard.
In a cloud deployment, the lawyer has no independent access to inference logs or a firm-controlled audit trail. When something goes wrong, the firm cannot reconstruct what happened without the vendor's cooperation. The duty to verify remains. The ability to verify does not.
Under Harvard's framework, that lawyer becomes a liability sponge: positioned to absorb the blame for a system they had no independent ability to verify.
"When a regulator mandates a task that a human cannot reliably perform, they are effectively mandating a breach of duty and setting the industry up to fail."
— Nanda Min Htin, Harvard JOLT Digest (Feb 2026)The Human Brain Was Not Built for This Job.
Two phenomena make passive AI oversight structurally unreliable. Both are documented in aviation disasters and confirmed in human factors research.
Vigilance Decrement — Uber Tempe (2018)
The safety driver was streaming The Voice on Hulu. That sounds like negligence until you understand the dynamic: passive monitoring of a reliable system produces vigilance decrement. The human brain disengages — not because the operator is careless, but because that is what human brains do when asked to watch something that appears to be working. Uber reached a civil settlement. The driver was charged with negligent homicide (later resolved via a guilty plea to endangerment in 2023) and became the liability sponge for a systemic design failure.
Automation Bias — Sriwijaya Air SJ182 (2021)
When the autothrottle malfunctioned, the pilots failed to monitor the engine instruments for over a minute. By the time the autopilot disengaged, the aircraft entered an upset condition and the crew did not recover. 62 people died. The pilots were not untrained. They were lulled by a system that had been reliable — until it wasn't.
The Learned Hand Formula Collapses in Cloud AI.
Under the Hand Formula (United States v. Carroll Towing Co., 1947), a party is negligent if the Burden of precaution (B) is less than the Probability of harm (P) multiplied by the gravity of the Loss (L).
When B — the burden of verifying AI output — approaches infinity because the system's decision logic is not human-verifiable, the formula ceases to produce a meaningful standard. The Harvard JOLT analysis concludes this renders the negligence calculus void as a human-only oversight standard. In a third-party cloud deployment, this opacity is compounded by the lawyer's inability to independently access vendor-side inference telemetry or logs.
Interactive: How Architecture Changes the Formula
Select a deployment architecture. Watch what happens to B.
Calabresi: Who Is the Cheapest Cost Avoider?
Calabresi's rule is simple: if you could have prevented the harm and you didn't, the liability is yours.
In a cloud deployment, privileged client data sits on infrastructure the firm does not control. If a vendor breach exposes that data, the firm must explain why it placed privileged material on a third party's servers when a locally deployed option existed. The cost of prevention was the air gap. Air-gapped deployment removes the third-party cloud inference attack surface, gives the firm sole custody of client data, and provides a complete audit trail the firm controls — without depending on vendor cooperation to reconstruct what happened when something goes wrong.
Choosing cloud when a locally controlled option exists is like booking a client on an airline with a known safety record problem when a safer carrier flies the same route.
Architecture Determines Whether Oversight Is Real.
The same lawyer reviewing the same AI output has fundamentally different oversight capacity depending on where the inference runs.
SaaS Cloud (Multi-Tenant)
Firm-Controlled VPC
On-Premises / Air-Gapped
Air-gapped deployment is the most direct architecture to restore the full oversight capacity the Hand Formula requires. A forward-deployed engineering model means the firm gets the infrastructure without building it from scratch.
Three Pillars to Replace Theater with Verifiable Duties.
The Harvard JOLT framework proposes replacing passive oversight mandates with concrete, verifiable obligations distributed across the AI supply chain. All three require the human to engage with the system in a verifiable way — which a third-party cloud deployment often limits on the deployer side.
Technical Robustness
Developers must build systems capable of being overseen. In legal AI deployments, this pillar can translate to confidence scoring, citation traceability, cryptographic logs, and interpretability endpoints. The cost to implement these at the model level is lower than the aggregate cost of downstream oversight — making the developer the cheapest cost avoider for inference-level failures.
Human-Systems Integration
Deployers must implement genuine collaboration between human and AI: friction roles that force active engagement, resilience roles with cognitive handrails, and failure-specific training. Training lawyers on how the system works when it's right is insufficient. They must be trained on what happens when it fails.
Post-Market Monitoring
Continuous monitoring and adverse event reporting — modeled on FDA post-market surveillance — to quantify the Probability of Harm (P) in the Hand Formula over time. As failure modes accumulate in centralized databases, the standard of care rises. Under this framework, ignorance of the database ceases to function as a defense.
The Vendor Arguments. And Why They Don't Restore Verifiability.
"We have SOC 2 Type II and ISO 27001."
Third-party audits prove security controls are effective. The law firm doesn't need underlying log access.
Security ≠ Auditable Inference.
SOC 2 attests that security controls were effective over a review period. It does not prove the AI correctly grounded its output to a specific case citation. It does not provide the evidentiary readiness a lawyer needs when a court examines their methodology.
"We use Confidential Computing."
Hardware-level isolation means even vendor admins cannot see inference data. The data is mathematically safe.
Six Layers of Trust You Cannot Verify.
Confidential computing protects data from the vendor's own employees. It does not protect data from the vendor's hardware supply chain, firmware vulnerabilities, attestation infrastructure, key management operations, or a CLOUD Act order. The firm is trusting six layers it cannot independently verify. If a federal order compels the provider to assist in accessing the data, the encryption is irrelevant. The law supersedes the technology.
"We don't train on your data. Zero data retention."
The data is processed and discarded. Nothing is stored. The firm's privileged material is never at risk.
Retention Policy ≠ Exposure Prevention.
Zero data retention governs what happens after processing. It says nothing about exposure during processing. During inference, privileged content exists as plaintext in vendor-controlled RAM. Retention policy does not eliminate the window of exposure. It just determines how long the vendor keeps a copy afterward.
"We have contractual protections (BAA/DPA/MSA)."
Binding agreements prevent the vendor from misusing client data. The firm is legally protected.
Contracts Don't Control Who Gets the Order.
A subpoena can reach the firm regardless of where data is stored. The difference is who receives it. With air-gapped deployment, the order goes to the firm. The firm asserts privilege and controls the response. Under the CLOUD Act, the government can compel the cloud vendor directly. The vendor may not know what is privileged. The firm may not know the order was issued.
The question is not whether your firm has a human in the loop.
The question is whether that human has anything real to oversee.
Architecture determines the answer. Not policy. Not contracts. Not vendor assurances.
That is what CloseVector is built to solve.
The Duty Exists.
The Capacity Depends on Architecture.
CloseVector provides air-gapped AI infrastructure designed for deployment inside your firm's walls. Firm-controlled observability. Firm-controlled audit trail. No third-party vendor-side inference dependency. The lawyer becomes a supervisor — not a sponge.
Schedule Assessment →Sources Cited
Application of the Harvard JOLT framework and Calabresi's cheapest cost avoider principle to cloud legal AI deployment architecture is the author's own analysis extending these sources. This page does not constitute legal advice.