What is MCP and why do law firms need it?

MCP (Model Context Protocol) is Anthropic's open standard for connecting Claude to external data sources. Instead of pasting case data into Claude chat, MCP lets Claude read from Clio or your document management system while keeping data on your infrastructure. This preserves attorney-client privilege.

Is Claude safe for attorney-client privilege?

Consumer Claude is not safe. A 2026 S.D.N.Y. ruling found that information entered into public AI platforms is not protected by privilege. Enterprise Claude with training disabled, deployed via MCP on your infrastructure, preserves privilege because data never leaves your control.

How much does it cost to build an MCP server for a law firm?

A focused integration sprint connecting Claude to one practice management system (Clio, MyCase) with document automation templates runs $15,000-$25,000 over 4-6 weeks. Multi-system implementations with custom workflows run $25,000-$50,000.

What is ABA Opinion 512?

ABA Formal Opinion 512 (July 2024) is the first comprehensive national AI ethics guidance for lawyers. It requires competence in understanding AI limitations, independent verification of AI outputs, confidentiality protections for AI vendors, and honest billing that accounts for AI efficiency gains.

How to Build a Claude MCP Server for Law Firms

The problem with Claude chat for legal work

A lawyer pastes a contract into Claude. Gets a useful summary. Does it again with a client NDA. Then again with a privileged memo.

In March 2026, a New York federal district court ruled that information entered into a publicly available AI platform is not protected by attorney-client privilege. The reasoning: standard AI privacy policies preclude any reasonable expectation of confidentiality.

This isn't theoretical. Firms that built their AI workflow around copy-paste-into-Claude are now sitting on a privilege exposure problem they didn't know they had.

Meanwhile, the useful stuff that Claude could do for a law firm, like searching your own document library, drafting from your templates, or auto-populating intake forms from Clio, requires something more than a chat window.

That something is MCP.

What MCP actually is (plain language)

MCP stands for Model Context Protocol. It's an open standard from Anthropic (the company behind Claude) that lets Claude connect to external tools and data sources.

Think of it as an API bridge. Instead of you copying data into Claude, Claude reaches out to your systems and pulls what it needs. Your Clio database. Your document management system. Your contract templates.

The critical difference: data stays on your infrastructure. Claude reads from your systems via MCP but doesn't store or train on the data. This is what makes privilege-safe AI integration possible.

Without MCP, every AI interaction is a manual copy-paste that potentially waives privilege. With MCP, Claude operates within your controlled environment.

Three approaches to connecting Claude to your firm

Not all integration approaches are equal. Here's what's available, from simplest to most compliant.

Approach 1: Zapier / Make.com (Quick but risky)

Connect Clio to Claude via Zapier automations. New matter created in Clio triggers a Claude analysis. Results posted back to Clio notes.

Pros: Fast to set up. No custom code. Works in hours.

Cons: Data passes through third-party servers (Zapier). No audit trail on AI interactions. Limited to simple triggers, not real workflows. May not satisfy ABA Opinion 512 confidentiality requirements since your data touches Zapier's infrastructure.

Use when: Testing an idea internally with non-privileged data. Not for production use with client information.

Approach 2: Custom MCP server (Recommended)

Build a dedicated MCP server that sits between Claude and your practice management system. The server runs on your infrastructure (or your cloud account). Claude connects to it. Your data never leaves your control.

Pros: Privilege-safe. Full audit logging. Custom workflows. Handles complex queries across multiple data sources. ABA Opinion 512 compliant when properly architected.

Cons: Requires development work. 4-6 weeks to build and deploy. Needs ongoing maintenance.

Use when: You want production-grade AI integration that protects privilege and satisfies compliance requirements. This is the approach we recommend for any firm handling client data.

Approach 3: Harvey / Clio native AI (Enterprise SaaS)

Use a legal AI platform (Harvey at $1,200+/seat/month, or Clio's built-in AI features) that handles integration for you.

Pros: No development work. Vendor handles compliance. Pre-built legal workflows.

Cons: Expensive ($14,400+/year per seat for Harvey). Limited customization. Locked into one vendor's workflow assumptions. Doesn't connect to your specific tools or templates. 10-seat firm = $144,000/year.

Use when: You're an AmLaw 200 firm with budget for enterprise SaaS and don't need custom workflows. Most mid-market firms can't justify this cost.

What a compliant Claude + Clio integration looks like

Here's the architecture we've built for legal document systems. The same pattern applies to any practice management integration.

Architecture: Claude + Clio via MCP

MCP Server runs on your AWS/GCP account. Connects to Clio's REST API using OAuth. Exposes matter data, contacts, documents, and calendar to Claude.
Claude Enterprise connects to your MCP server. Training disabled. No data retention outside your infrastructure.
Document Templates stored in your system. Claude generates drafts from your templates, not from its training data. Engagement letters, pleadings, contracts, clause libraries.
Audit Logger records every AI interaction: prompt, response, source documents referenced, model version, timestamp, and reviewer identity. Append-only. Cannot be edited or deleted.
Verification Layer routes all AI-generated content to an attorney for review before any client-facing use. No automated outputs bypass human judgment.
RBAC ensures partners see different data than associates. Ethical walls between practice groups are enforced at the MCP layer, not just in Clio.

This architecture satisfies all four requirements of ABA Opinion 512: competence (you understand what the AI does), verification (human review before use), confidentiality (data stays on your infrastructure), and billing transparency (audit trails show exactly what AI did).

What we've built in legal tech

We've shipped three legal document and search systems. Not AI chatbots. Production platforms handling real case data.

Legal Document Search Platform

Elasticsearch implementation on 1M+ legal documents. Sub-100ms queries with legal terminology handling, fuzzy matching, synonym support, and autocomplete. The previous system took 8 seconds per query. Lawyers were spending 2-3 hours per day searching instead of billing.

Result: $220K+/year recovered in billable time. Query speed from 8 seconds to 100 milliseconds.

Compliance Automation Platform

Rescued a broken MVP for a DEA-regulated healthcare company. Built 100% automated compliance processing, biometric authentication (WebAuthn + voice ID), encrypted video witnessing, and an append-only audit trail. 65+ API endpoints. Shipped in 8 weeks.

Result: 70% faster disposal processing. Passed DEA inspection. Zero compliance failures on launch day.

ABA Opinion 512 compliance checklist

ABA Formal Opinion 512 (July 2024) is the first comprehensive national AI ethics guidance for lawyers. Every AI integration should satisfy these requirements.

Compliance Checklist

Competence (Rule 1.1): Attorneys understand the AI's capabilities and limitations. Documented training on hallucination risks and verification procedures.
Verification: No AI output used without independent attorney review. Verification workflow enforced in software, not just policy.
Confidentiality (Rule 1.6): AI vendor meets third-party service provider requirements. Enterprise tier with training disabled. Data processed on firm-controlled infrastructure.
Billing (Rule 1.5): Audit trails show exactly which tasks were AI-assisted. Firms can demonstrate honest billing for actual attorney time.
Supervision (Rule 5.1/5.3): Senior attorneys oversee AI use. Role-based access controls limit who can deploy AI tools and approve outputs.
Audit Trail: Every AI interaction logged with timestamp, prompt, response, sources, model version, and reviewer identity. Append-only. Retrievable for 3+ years.

Why 95% of law firm AI pilots fail

MIT research cited by Axiom found that 95% of AI pilots across industries fail to deliver measurable business impact. In legal, the failure modes are specific:

No use case mapping. Firms buy AI tools before identifying which workflows to automate. The tool sits unused within weeks.

Set it and forget it. One training session doesn't drive adoption. Successful implementations require 8-12 weeks of embedded support with weekly office hours and continuous refinement.

Capability confusion. Teams buy platforms with AI features but never configure them for their specific practice areas. Zero ROI despite significant spend.

The firms that succeed follow a structured pattern: map specific workflows first, build focused integrations, and invest in 8 weeks of hands-on support. One documented case: 18 lawyers reduced contract review time by 20-60% with 89% reporting improved quality. The difference was structured implementation, not the AI tool itself.

What this costs

For context on the market:

Harvey AI: $1,200+/seat/month. 12-month minimum. Enterprise only. A 10-attorney firm pays $144,000/year.
Zapier + Claude API: $50-200/month. Quick but not privilege-safe. No audit trails. Limited to simple triggers.
Custom MCP integration: $15,000-$50,000 one-time build. You own the code. Runs on your infrastructure. Includes 8 weeks of embedded support. Ongoing retainer from $2,400/month for maintenance and new templates.

The custom approach pays for itself in 4-8 months if your firm recovers even 1 hour per attorney per day in search, drafting, or intake time.

Ready to connect Claude to your firm?

30 minutes with a co-founder. We'll map your highest-impact automation opportunities.

See Our Legal AI Integration Service →