Most in-house lawyers talk about AI as if it is a future event that will arrive with a contract, a vendor, and a clean implementation plan. The truth is far less organized. AI is already inside your company. It arrived through your employees’ browsers, their phones, their inbox extensions, their creativity, their exhaustion, and their desire to get more done in a day than the system allows. You are governing it whether you mean to or not. The only question is whether you understand what has already begun.
I recorded a “Notes to My (Legal) Self” conversation with Heath Morgan, an in-house attorney who spends his days thinking about AI governance and his nights writing speculative fiction. His book, “The Memory Project,” explores a world in which digital personas from the past and future become part of daily life. As we talked, it became clear that his fictional world is less of a leap and more of a mirror. Companies are already building their own “memory projects” without realizing it. Not curated. Not intentional. Just accumulating. Every prompt, every tool, every autopilot, every quiet workflow decision is creating a parallel record of your business.
Heath said something that stuck with me: “The question is not whether your employees are using AI. It is whether they are using it intentionally or unintentionally.” That distinction is the heart of the problem for in-house counsel. Because unintentional adoption is where risk concentrates. It is also where culture forms.
The New Latchkey Generation Is Already In Your Org Chart
Heath draws a comparison to what he calls the “social media latchkey kid generation.” For 20 years, we gave an entire population powerful technology without meaningful guidance. We are living with the consequences. In the workplace, something similar is happening with AI. Tools are being marketed directly to employees. They promise convenience. They promise saved hours. They rarely mention downstream risk.
By the time legal is ready to publish its polished AI policy, the workforce is already three steps ahead, adopting tools informally. This is how every major technology wave has entered the enterprise. BYOD. Cloud storage. Enterprise messaging. Shadow IT. AI is simply faster and more embedded than anything before it.
Heath’s point is that the legal team’s assumptions are already outdated. You cannot govern AI as if the organization started from zero. You have to govern the reality you inherited. That means mapping actual behavior instead of theoretical workflows.
Corporate Memory Is Being Built Bot By Bot
One of the most interesting ideas in Heath’s book is “conversational time travel.” He imagines a world where people talk to digital versions of themselves constructed from data and past interactions. While it sounds like science fiction, the corporate version is happening right now. Every AI tool used across your company is learning your patterns, documents, tone, internal preferences, and workflows. Even if you never approved it.
If you do nothing, that becomes your corporate memory. Not the official retention schedule. Not the carefully governed document library. The machine memory is built from prompt histories, scraped emails, and user behavior. And once that memory exists in external systems, you cannot meaningfully retrieve it.
Most organizations are not prepared for that. It affects IP strategy. It affects confidentiality. It affects investigations and discovery. It affects employment. It affects vendor risk. And it affects culture, because an organization eventually becomes what it repeats.
The Ethical Frame: Legacy Is Being Written Without Consent
When Heath talks about legacy, he means something broader than posterity. He means the record of who we are that persists in data and models long after the moment passes. The same applies to organizations. Every decision to use or ignore AI tools becomes part of a legacy of accountability.
Ignoring unintentional adoption does not protect the organization. It cedes control. It also weakens your moral authority to govern intentional adoption later. If your teams have spent two years improvising with AI, they will not welcome restrictions that arrive late and without context. Governance fails when it does not reflect reality.
Heath puts it simply: “If we do not engage now, we are outsourcing our legacy to whoever builds these tools.” For in-house counsel, that should feel familiar. It is the same lesson the profession learned with SaaS, cloud, and messaging platforms. Technology expands faster than policy. Culture stabilizes before legal notices. And by the time legal catches up, the risk surface is already shaped.
The Practical Question: How Should In-House Counsel Respond Now
The first step is acknowledging that unintentional adoption is already happening. This is not a failing. It is a signal. Employees are trying to solve real workflow pain that the business has not solved for them. That makes AI governance a partnership project, not an audit.
The second step is to map reality. Not a theoretical inventory. A real one. Which teams are using AI? Which tools. For what purposes? With what data? If you run a risk program, treat it like a shadow supply chain mapping exercise. You cannot govern what you cannot see, and you cannot see what you do not ask.
Once you know what is actually happening, you can design something livable. Lightweight approvals. Clear no-go zones. A set of recommended tools that do not expose the company to unnecessary risk. A permissions framework that reflects the actual risk of the underlying work. And a governance model that prioritizes what matters rather than policing every experiment.
Lastly, you have to think several steps ahead. Because the real risk is not the tools your employees are using today. That is the short-term headache. The long-term risk is the implicit “corporate memory” being built from those choices. You will inherit it if you do nothing. You can shape it if you intervene.
Why This Matters Right Now
Heath’s fictional world includes a moment he calls the “gray data breach.” A catastrophic exposure of intimate personal data that forces society to split into two markets. Privacy by default and privacy as a luxury. It is fiction. It is also plausible. And in the corporate context, we are already watching that divide form. Some companies treat privacy as a fundamental value. Others treat it as a premium feature. Employees are making similar choices, sometimes unconsciously, every time they choose a tool.
Fiction is useful because it lets us ask future questions early. For in-house counsel, the core question is this: What version of your company do you want the future to inherit?
If you do nothing, the answer will be accidental. You will inherit a patchwork of AI tools, fragmented data trails, inconsistent decision logic, and models trained on content you never reviewed.
If you engage, you can make your organization intentional. You can define what is protected, what is shared, what is stored, and what is deleted. You can set the tone for identity, governance, and culture long before regulators decide what the floor looks like.
This is the work of in-house counsel in the age of AI. Identify what is already happening. Shape behavior. Protect the organization. And build a legacy that the future will not regret inheriting.
Olga V. Mack is the CEO of TermScout, where she builds legal systems that make contracts faster to understand, easier to operate, and more trustworthy in real business conditions. Her work focuses on how legal rules allocate power, manage risk, and shape decisions under uncertainty. A serial CEO and former General Counsel, Olga previously led a legal technology company through acquisition by LexisNexis. She teaches at Berkeley Law and is a Fellow at CodeX, the Stanford Center for Legal Informatics. She has authored several books on legal innovation and technology, delivered six TEDx talks, and her insights regularly appear in Forbes, Bloomberg Law, VentureBeat, TechCrunch, and Above the Law. Her work treats law as essential infrastructure, designed for how organizations actually operate.
The post Unintentional AI Adoption Is Already Inside Your Company. The Only Question Is Whether You Know It. appeared first on Above the Law.