Cybernomics Radio
Welcome to Cybernomics, the podcast where we break down the latest enterprise innovations and challenges shaping the Information Security industry. Whether it’s AI, cloud computing, or digital transformation, we dive deep into the forces driving businesses forward.
Join host Josh Bruyning as he engages with industry experts and technology leaders to explore how businesses are leveraging technology for growth. From cutting-edge advancements to the economic impact of tech decisions, Cybernomics delivers insights that keep you ahead of the curve.
Tune in for expert analysis, compelling discussions, and a front-row seat to the future of Information Security.
Cybernomics Radio
#43 - Securing Law Firms, Legal Data Security, AI, Job Security, FedRAMP - Dean Sapp, CISO @FileVine
Ever wonder what happens when centuries-old legal practices collide with cutting-edge technology? Dean Sapp, CISO at FileVine, pulls back the curtain on the digital transformation revolutionizing law firms worldwide.
Beyond just modernizing paperwork, Dean reveals why attorneys have become prime targets for sophisticated hackers and nation-states. "Law firms are data aggregators of some of the most valuable information on the planet," he explains, detailing how insider knowledge of M&A deals, patents, and major developments makes legal data irresistible to cybercriminals. With attacks from Russia, China, and North Korea occurring daily, the stakes couldn't be higher.
The conversation takes a fascinating turn when Dean shares how purpose-built AI is dramatically reshaping legal processes. Tasks that once took legal teams 4-6 weeks now complete in a single day. Immigration paperwork that required 4-6 hours now finishes in under an hour. These aren't minor improvements—they're transformative shifts in how legal services can scale to help more people.
What sets this discussion apart is the rare glimpse into the specific security challenges of government legal agencies. With FileVine serving approximately 40 government agencies that require FedRAMP certification, Dean offers insights few security professionals ever witness. The intersection of legal compliance, national security, and political implications creates a security environment unlike any other.
Whether you're a legal professional wondering how to stay ahead of technology trends, a security expert curious about specialized industry challenges, or simply fascinated by how AI is reshaping traditional professions, this episode delivers eye-opening perspectives on the future of legal services.
Ready to discover how your organization can better protect sensitive information while dramatically improving efficiency? Join us for this revealing conversation about the technologies reshaping an entire profession.
Welcome to another episode of Cybernomics. I'm Josh Bruning and I'm here today with Dean Sapuza-Sisso at Filevine. And so, dean, when we talked the last time, you described Filevine to me and I'm going to put it in my words, and then I'll give you a chance to put it in your words because, let's be honest, I don't always do it justice, but what I understand Filevine to be is a platform that allows lawyers, law firms I don't know, legal experts, maybe you roped into that a whole bunch but primarily law firms. And I understand quite a lot of law firms around the world are using Filevine to organize the processes that go into all the legalese right. So the lawyers are documenting, they're putting together files, they're keeping all their clients stuff straight, and Filevine is just this platform that helps them to do that and do it securely.
Speaker 1:So let's imagine the old days when you go into the lawyer's office and there's a huge filing cabinet that and I'm thinking even of like a John grisham novel right where he always points to like the giant file cabinet, and there's all kinds of stuff in there, and there's even someone who is responsible for organizing all that information the poor uh, you know whether it's a, a paralegal or there's some old lady again referring to, referring to the John Grisham novels who is just really good at organizing all that stuff. But the old days are over, the new days are in, and law firms are no longer managing the complexities of everything that goes into handling their cases and their files, and so that's when you need technology to help make sure they're not missing anything. And of course, you, being the CISO, you're responsible for the security of that platform, of the technology and also staying ahead of new technologies, including AI. So that's my long-winded, imperfect way of describing Filevine. How would you describe Filevine way of describing?
Speaker 2:Filevine. How would you describe Filevine? I would say that, in its simplest terms, what Salesforce is to sales professionals, filevine is to legal professionals. You can run your entire firm from a single platform, from intake, conflict checking, onboarding, a client, doc management, matter management, contract lifecycle management. It's a full-service suite of products. We have e-signature products. We have at least six AI products that are very feature-specific for different cases in the legal space. So it's really designed to be an entire ecosystem to run a law firm, a legal department, even do legal research for expert witnesses, et cetera. So it's the 2.0 version of lawyering in 2025.
Speaker 1:What is the history of Filevine? How did it come about? What were the founders thinking? And you know why them. And then we can talk about the business case and the problems that you're solving today.
Speaker 2:Sure. Well, two of the founders were partners of the law firm, so Ryan Anderson and Nate Morris. They were practicing attorneys. They were running a large personal injury firm out of Las Vegas called Bighorn Law, and the nature of personal injury is it's often very transactional. It falls into a line of business or legal work.
Speaker 2:It's called contingency law, which means the case is contingent upon winning.
Speaker 2:So the lawyers are taking all of the risk.
Speaker 2:They might get 300 accidents where someone was injured, the insurance isn't paying up and the person's out of work and is in real financial distress because of the injury of someone who hit them in a hit and run or something like that.
Speaker 2:So contingency law means you really need to know your facts about the case.
Speaker 2:You need to know that if you can help this individual and that you can recover the fees such that the firm doesn't lose money, isn't going out of business because they took on a large case and they didn't have sufficient facts and then they lost, well, the firm eats all of those fees, and so contingency law means you have to really know your client. You really have to know the facts of the case, and so, with a transactional type casework, they needed to be able to handle all of these new matters that were coming in, get them in the right location, do all of their conflict checking to make sure that they didn't represent the other insurance party, and so forth. So we've been around for about 10 years and expanding from the PI space to corporate legal offices around the world and businesses that are in the Fortune 50, as well as expanding to what's called the AM100, the AM200, the top largest law firms in the country that all need to get efficient with what they're doing with case and matter management.
Speaker 1:How many law firms do you service today?
Speaker 2:You know that number is a little fluid, but it's somewhere between 4,500 and 5,000. And it's been growing since I've been at Filevine. I've been at Filevine for about and it's been growing since I've been at Filevine. I've been at Filevine for about five and a quarter years and we're constantly. We have a channel, our closed one channel, whenever we have new customers sign on board and it's like popcorn at the end of any particular month or quarter with the new firms that are joining the ranks or expanding to use some of our new AI technology or new services.
Speaker 1:So, generally, what is the business case for those decision makers that are switching to Filevine, and is security a part of that decision-making criteria?
Speaker 2:I believe security and privacy are two of the critical decisions that firms consider when they're making a switch. Often we find that it's usability Our product is extremely flexible. It's also configuration settings. How many ways can you make the case go up for the respective people? Because the paralegal may need to see the document section and make sure that they're getting the right documents to the attorneys to review. The attorneys are redlining these documents. They need to make sure that those correct red lines are sent to opposing counsel. So then you need to make sure opposing counsel can see the documents and, if you want them to, to redline them and then send them back or you know and being able to do all of that in like a portal where the customer sees what's related to them, the attorney attorney sorry, opposing counsel or co-counsel sees what they need to see. It's really about making a process it's very paper centric and slow by nature and optimizing it. Because if you can, if you can redline contracts in the contract life cycle management tool and everybody can see the edits and then you can just agree to incorporate that new language into the contract. Everybody saves time, right? So you know when firms bill by the hour. You know you would think that they don't really care how long it takes, but the reality is they want to be efficient 80, 100-hour weeks and be able to do the same, you know, service as many people, as many clients, as they can with the staffing that they have. And so when firms are looking at becoming more efficient, you know Filebind is one of the top choices right now in the legal space for efficiencies from these technological gains.
Speaker 2:We have unlimited storage, so it doesn't matter how many documents you want to store. We don't charge extra for storage. We have a very robust security program and, like you said, in the day and age we live in with state laws mandating security requirements or privacy requirements. It's top of mind for many, many firms. And, of course, requirements. It's top of mind for many, many firms. And, of course, avoiding a material data breach. Many of the law firms out there that I read reports on of them getting breached, and it's almost a weekly occurrence.
Speaker 2:And so by separating out your firm's local network from a cloud service provider where everything's hardened and secured, it reduces the risk to the firm, because we've had several firms that said you know what, if we had not moved to Filevine, we would have been in big trouble because we copied all of our documents and moved them up into the Filevine cloud and then two days later, our entire network was ransomed.
Speaker 2:All of our local file storage, our servers, our backups was ransomed. All of our local file storage, our servers, our backups, everything was encrypted. And they wanted five Bitcoin and we didn't have five Bitcoin to give them and there was no guarantee, even if we paid them, we would even get our documents back. But fortunately we made the move. We went out to Costco or Walmart or Sam's Club and bought a bunch of new laptops Everybody wanted a new device anyway and they were up and working in a matter of minutes. So it really has been a business saver for many of our clients and also helping to get them more efficient with the current staff they have get them more efficient with the current staff they have.
Speaker 1:Wow, you know, dean, you speak legal very well. At least to my layman's monkey brain. It sounds like you're a legal expert and I know you're not a lawyer, but you've been around all of this lawyer stuff for a number of years. Do you kind of feel like they you know they should give you an honorary, you know, pass on the board or you know some kind of something, because you do have to know your stuff, like what was your background and how did that even prepare you to do this job?
Speaker 2:Thanks, great question. Well, I will say I have been designated as a you know, an expert witness in Utah. I've been involved with several cases and of course that takes a lot of time and effort and the court is the only one that can determine if you are an expert or not. But my background prior to working at Filevine has been in the legal space. I spent the greater part of a decade working at an AM100 law firm and so building both their IT and security practices. This law firm had a very large client that was in a regulated environment and so the regulated industries have the most laws about cybersecurity. So they pushed those cyber requirements down to our firm and then my job was to make sure that the firm was meeting all of these requirements. So I did that for over eight years. And then I also spent about eight years with a very large multinational, helping their finance and legal department, amongst others, and so working to protect the lawyers they had attorneys in 120 countries and making sure that their technology was good and secure, making sure that all of the networking between these different offices around the world were hardened and firewalled and protected. So I've been doing quite a bit there. And then I spent about three years building a cybersecurity startup called Braintrace, and then we were solely focused on helping to protect law firms.
Speaker 2:Because, if you think about it, law firms are data aggregators of some of the most valuable information on the planet. I mean M&A deals to play the markets, information on the planet. I mean M&A deals to play the markets, patents, trademarks, copyrights all very valuable intellectual property and, of course, lawsuits with big businesses and VIPs, or real estate deals knowing where that next big mall is going to go, knowing where those interstates are going to be built or roadways. You could take farmland that's worth $15,000 an acre. Well, if there's going to be 10,000 acres developed for a new mall or a new school or new expansion, that property is immediately worth more. And so the bad guys, they want to monetize anything that they can and a lot of that insider information. Well, not a shocker here. The lawyers have it because they're the ones writing the contracts, the agreements, the stock purchase plans. They're the ones that have the most insight and because of that Russia, china, organized crime groups they target the law firms because the lawyers have money and they have data that they can quickly turn into cash or Bitcoin. So, having that contextual awareness, that company Braintrace. We work with many, many law firms to help them recover from data breaches and help them protect themselves from these bad actors out there. And ultimately the company was solid enough with enough patented technology that Sophos bought the company a few years ago.
Speaker 2:So I've just been in this space for quite some time. I also spent a year at a couple of billion-dollar fintech companies, each as their chief information security officer, trying to help them and help them get compliant with PCI and other important regulations. So I've got a lot of experience there. But fortunately in my career I've also been able to do a considerable amount of penetration testing. I've also been able to do a considerable amount of penetration testing.
Speaker 2:So basically putting my hacker hat on and trying to determine can I get into this system, can I steal data and of course I always did it with permission.
Speaker 2:Getting permission in advance is super important, but having that mindset of if they tell me it's really secure, can they back that up or are there ways for me to get into the system? And so the attorneys appreciate that, because they want to have someone acting as a bad actor, but with good intent, to see if their defenses are actually functional or not. And the sad thing is I've probably been involved with 40 penetration tests and we got in 39 times out of the 40. So very, very rarely are companies if this is their first pen test or if this is the first time they're really taking a look at it very rarely will they keep the bad actors out. And I've been involved with Pentest, where the company was worth hundreds of billions of dollars and because of the same thing, you know, the hackers only have to find the one way that hasn't been protected and the CISOs have to think about every way that the bad guy can get in. And so it's even those, you know, billion dollar, trillion dollar companies. They also get breached all the time.
Speaker 1:All important things to consider when you're thinking about protecting your law firm and your clients especially. You know you remind me a lot of my friend over at Solera. His name is Mike Levin and Mike was just so. He went into Solera about six months ago as their CISO and then a few months in the general counsel left. So now he is CISO and general counsel because he happens to be a lawyer.
Speaker 1:So we just talked about this maybe like a week ago and there's this interesting intersection between cybersecurity and legal you know. So just side note, shout out to Mike it sounds like you guys would have a really good conversation. If you share a beer, share a beer or a coffee together, you might have some things to talk about. So do you spend more of your time thinking about the technology right, so the bits and bytes of the platform of Filevine or do you spend more time thinking about the attorney's office? So are you perusing the code? Or are you visiting various law firms and looking through and looking at their filing cabinet and sort of performing a risk assessment that way? Where do you spend most of your brain energy the technology or the firm? Where do you spend most of your brain energy the technology or the firm?
Speaker 2:I would say it's probably a hybrid of those two, because, at the end of the day, the employees are the weakest link at the firm. It's the employee that, even though, if you think about attorneys, they have to open up documents. They get documents from their clients, they get documents from opposing counsel, they get documents from the court system, and so they're natively opening and reading content every single day. So, of course, anyone that you can get to open a file may put that firm at risk, and so it's kind of this challenge. So I spend a lot of time thinking about how am I properly protecting our people from themselves, from the fact that they still use password 123, you know from the last 35 accounts that they've opened and so I think a lot about human behavior and expediency, because, at the end of the day, attorneys do want things to happen quickly. So knowing that they want to do things quickly means they want to turn off two-factor authentication. They want to turn off any kind of filtering that prevents them from doing research on websites that may or may not be good. Right, there's a lot of information out there online and a lot of it's been poisoned. A lot of the public, ais and the large language models have been poisoned with bad data. We are even seeing coding tools where there are binaries in these coding tools that are malicious and they're designed to go around the normal security rules. So I do spend time reviewing code. We have code scanning tools. We have what's called observability tools. They give us a high-level view of potential risks and then I do a lot of my own threat hunting, like I mentioned, and pen testing to see does this control actually stop a bad actor? So it's kind of a 50-50 blend.
Speaker 2:I worry about the people quite a bit, but I also am on calls all the time from these large firms and their CISOs because they want to have assurances that the Filevine platform is secure. They want to have assurances that we're compliant. So we have a robust auditing program where we do a SOC 2 type 2 every year, all five of the trust services criteria. We're doing four ISO audits this year 27001, 27701, 27018, and 17. So privacy, personally identifiable information, cloud security, information security so very robust audits and this year we're actually going to. We're already in the process of working on our FedRAMP moderate ready status and as soon as we acquire a sponsor we'll be going through authorization.
Speaker 2:So we take security very, very seriously, probably more seriously than any of our competitors, and I think that's one of the big moats or differentiators between the file line product stack and other technology out there is. They simply haven't had the funding or the investment approved by their boards to get to this level of security and because of that we're winning large government contracts. Uh, foreign governments have bought our software. I mean there's just a wide spectrum of clientele where you have fully functional Salesforce-y kind of capabilities in a legal tech stack where we can completely configure the platform. And my team we even use FileVine to run our own third-party vendor risk assessments and to generate reports and to generate compliance artifacts.
Speaker 1:And you practice what you preach. I mean that's pretty reassuring, right. If you weren't using FileVine to scrutinize yourself, then people might go, okay, what technology are you using to scrutinize yourself? And maybe we'll go with them. Well, when you said FedRAMP, it did make me think the government route. So what is the difference between government attorneys or government? I didn't even know there was such a thing. So what is the inside story there? I mean, what is the difference between a government attorney? I'm even trying to like wrap my head around this, Like the attorney general's office. What is what? Who are the attorneys that are in the government that need this kind of technology?
Speaker 2:Sure, well, we'll kind of start small. So at a city level, there are city attorneys that have to help defend, for example, the fire department. If somebody parks in front of a fire hydrant, it's the only place to get water. The office, the, the firemen or firewomen might have to run that hose right through the car, right, they break the two windows, they run it through, they hook it up and and, unfortunately, that vehicle might be stuck there for a day while they're dealing with all of the, you know, putting out the fire or whatever, and sometimes they have to deal with litigation or someone is harmed. So there's attorneys at a city level and then, of course, at many states, there's the state attorney general's office, like you mentioned, and many AG offices are our clients because they need to help represent the city and the state when it comes to litigation, when it comes to any kind of new purchases Maybe they're trying to do deals to bring in new investment, new businesses to come into the state.
Speaker 2:So the attorney's offices deal with a lot of things. One of them that they deal with is a lot of crime, right? So tax fraud If the state AG needs to prosecute tax crime, the IRS published an updated rule 1075, last year or perhaps the year before, basically says that you cannot handle federal taxpayer information, fti data unless that data is stored in a federal moderate system. So now you have attorney generals, they want to prosecute tax crime and they're being told by the IRS. You can do it, but you have to protect it at a very, very high level. Well, if you go to the Amazon marketplace or if you go to the FedRAMP marketplace, there aren't a lot of vendors that can meet that standard.
Speaker 1:Yeah, because it's really expensive. To get FedRAMP certified is like 50 grand minimum. It's like, wow, just so I can get one or two government contracts. But if you're doing loads of government contracts it makes sense and that's just for the first audit, that kind of 50, the 100 grand.
Speaker 2:That's just for the very first audit and that's assuming you already knew all of the things that had to happen to be FedRAMP moderate. So we have. We've been selling CJIS criminal justice information services customers with FileVine for several years. Many, many states around the US are using our software to help their attorneys handle the cases, to handle all of this sensitive stuff. And if you think about government has a lot of attorneys across the board and now we're working toward trying to get federal government agencies that have attorneys and lawyers and think of, like the JAG in different military groups they have attorneys that have to handle the legal matters as well. So across every, I think, segmentation of attorneys, the government has a lot of them and so it's very, very popular and so we have again clients across the spectrum probably 40 government agencies so far and we're working to get the trust and the FedRAMP authorization for more.
Speaker 1:Now I see why you guys have to be so secure, because if you're protecting government agencies and government legal law government, what is the best way to put this? Government law offices? And you know it can get political really quickly because, let's say, you know, we know we have the red team and the blue team. This is the other red team and the blue team, not the defense and the offense penetration testers, but the Democrips and the Rebloodlicans, as Jesse Ventura puts it. If you are a bad actor and if this thing gets really political really quickly, you can mess with the processes and the information of one team over the other. Right, you can get access to information.
Speaker 1:That's not good. That's not good and I'm always really cautious whenever I talk about this kind of stuff with my guests, because in cybersecurity you can. Somebody's listening to this podcast, the wrong person listening to it might get an idea, but we have to talk about it anyways. But if your technology isn't ironclad, doesn't have a superior standard for security, some bad actors can really get in there and do damage to the opposing side or their opposing party. Call them hacktivists. Whatever they are. They're criminals and I can see now why. Even beyond protecting the information of the run of the mills attorney, your friendly neighborhood lawyer. It makes more sense that you guys are holding so much data that in some way, a bad actor can use as a partisan weapon in order to attack the other side.
Speaker 2:They certainly can try and I can tell you we see attacks from Russia and China and within the United States and North Korea every day. I mean, china's been the number one attacker for years. I mean millions and millions of attacks a day. So you know, they know where data is that's valuable. They know that they go after the law firms. The law firms are sort of the soft underbelly of the US economy when it comes to threats like that.
Speaker 2:And we do know that there is espionage and that there are, you know, politically motivated events and things. Our goal is stop all of them. We don't care who it is, we don't want anyone to get access to any data. But it's also a shared responsibility model, because we could build all the security protocols in the world and we certainly try to have many, many layers of security. But if that attorney does not allow their IT team to turn on two-factor and they have a password, that's simple, it will be compromised.
Speaker 2:I mean the one thing about the hackers they listen to their moms when they were kids and they share, so after they pop, you know 15 million accounts from TJ Maxx and 30 million accounts from Target and you know 150 million accounts from Experian breaches or Equifax breaches or whatever.
Speaker 2:They put all that data on the dark web and they share it. Now they might charge for it, but they still share the data so that the bad guys can say well huh, I see Dean's got a live email account from 2004 and it looks like he's got a PayPal account and he's got a Roblox account for his kids. Let's just try the same passwords across those accounts. I actually think I have like 170 online accounts and so I try to have a password strategy or passphrase strategy so that they're different. But a lot of people don't even think about it. They'll use the same exact password for their personal email as their work email, as their bank account, and all the bad guys have to do is just figure out okay, well, we know this is his email. Let's just try the last 30 passwords we've seen from these data breaches.
Speaker 2:Try the last 30 passwords we've seen from these data breaches and invariably, if there's bad habits on the part of the attorney, they're going to get compromised and then whatever they can see online is free game. We take it very seriously and we look at things like like are two people logging into this account at the same time from different parts of the world? That's a hard no right are. Are they trying to get in? Are they password spraying? Are they brute forcing? You know? And and then by we all have one of the best identity services, protecting file vine and allowing customers to connect in with their Azure AD or their Okta IAM tool or ping, whatever identity platform they use, so that they can enforce the rules that they want. Like, we enforce four factors or five factors on our employees, depending on a risk-based approach, so that there's never one thing that can be used.
Speaker 2:You have to have them all in sequence. You have to be coming from a device that we've issued you. That device has to have a valid certificate. You have to have the standard username and password. You have to have a multi-factor auth. You must be coming from a network that we've seen before. That we expect. I mean, there's all these different things that make it so that a bad actor, even if they stole a device, could not use that device to do anything.
Speaker 2:dola device could not use that device to do anything, and so that's the approach that we take.
Speaker 1:But many attorneys are just like no, I just password 123 is good for me. Here we go, yeah. Yeah, I feel like that strategy of having sort of a philosophy or a system that is the real replacement for a password. Right, if you can come up with. You know, some people sort of come up with like a code, almost like a cipher, that they could remember so that you know and that is really easy to remember and you can apply it to so many different phrases or so many passwords.
Speaker 1:But it's a simple fix, a simple solution that a lot of people really don't think about. I'm sure the lawyers and the attorneys aren't really thinking about. So, around that, what are you doing to educate your customers? Because a lot of times they don't know what they don't know and as much as the technology can help support them and you can throw all the bells and whistles at them, all the best code, like you said, they might do something stupid because of human error or just you can't blame them because they're not security experts. So what do you do and what are you doing to educate those buyers, to ensure that that human factor, that human risk is under control.
Speaker 2:Well, we do put a considerable amount of material together. We do webinars like these for our customers. We also talk about, you know, email that goes out to our clients with best practices. We remind them about Cybersecurity Month coming up and other things to try and help educate. We also have produced a large number of classes online called Filevine University, where we talk about the different things. Here's how you should log in to the platform. You know, here are ways to properly protect documents you send out, because you can password protect documents you send through Filevine. You can time bomb them. You can have a share link that only goes to employees. I mean, there are a lot of different controls that are in place, and then we even do things like tell people look, we are scanning your files with three different scan engines for malware technologies. We don't rely on a single thing, a single control, because in in a security world, no single control is foolproof and that's super important to have these layers of defenses yeah, it's the underrated solution, which is just educational information.
Speaker 1:I love that you guys have a file vine University, because you can get ahead of a lot of risks just by getting in front of people and you know showing them how it's done. All right, in the time that we have left, I want to cover AI. Right, ai is really big. Everybody's talking about AI, ai, ai. Okay, all right, we get it, it's important. But how is Filevine implementing AI and what are your plans for the future?
Speaker 2:Yeah, well, to underscore what you said, not only is AI important, ai is critically important when you're comparing documents and text, because AI is very, very good at looking at text. And then the way an AI model typically works is you'll take text and you'll convert it into these vectors. These vectors go into databases and then the databases are able to use the LLMs to determine accuracy and to create new documents. So if you have 30 years of, say, demand letters at your firm and you have a folder of demand letters for State Farm and you have a folder for demand letters for Allstate or whoever Farmers Insurance, whoever it might be, and then you can sub-break out okay, those demand letters for State Farm, I need the ones from Florida and I need them from this particular circuit court. So now you can basically say like for like, we have 12 cases involving this insurance company where their client was at fault for this type of an accident, and here was the demand letter that actually closed the deal. Well, that would take a legal research team quite a bit of time. It's not uncommon for that to be a four to six week exercise and you might have an attorney, a couple of paralegals, a legal researcher, and then you have to make sure that they have access to all of the different file folders or cabinets or whatever. However, you're storing it. So we tell people, digitize everything you have ingested in the FileVine and then let the AI in FileVine tell you what are the awards that have been granted. What are the awards that have been granted? You can ask it prompts or you could just say here's 1,500 demand letters that apply to this case. Write me a new one, and the AI that's been trained on private data, not trained on the customer data is able to then go through all of their information, synthesize a new demand letter and then we have a legal researcher, a demand letter expert, that works at Filevine and then they do the final review before it goes back to the firm. So we're seeing it go from a four to six week period to a one day or nextday service. You can get that demand letter back. So tremendous scale reduction, tremendous efficiency gains.
Speaker 2:And that's similar, for we have an immigration product. Typically, it would take four to six hours to fill out an immigration packet by an attorney, because it might be in a hundred languages, it might have a hundred different types of national IDs or passports. So by using AI that's specifically tailored to immigration. We can get that. We actually asked one of our largest immigration firms. They can get that process down to under an hour per packet immigration firms. They can get that process down to under an hour per packet. So again, now they can service four or five times as many clients just by leveraging it.
Speaker 2:And the great thing about the AI is it doesn't get tired. It doesn't say no, I don't want to go look at 10,000 pages of case data. The AI will do it. It will look at it and then you can say tell me the 10 most important things about this case or tell me what are the due dates coming up. What's our current strategy on a particular case? The AI can become contextually aware and can then generate a remarkable accurate, 90 plus percent accurate product. Most people are not 90 percent accurate, let's be honest. Particularly when it's labor intensive, when you're having to read and synthesize a large amount of written information in a short time period, ai is very good for that.
Speaker 1:How are your clients reacting to that AI shift? Are they skeptical, are they worried or do they completely embrace it?
Speaker 2:I think they're always skeptical until they see it work and they see the quality.
Speaker 1:And they know how it improves their revenue Exactly.
Speaker 2:Exactly Because public AI has a tendency to cause hallucinations. Public AI is largely creative and less analytical. We train all of our AI or tune, I should say, all of our AI models to zero creativity and as much analytical comparison as they can, and some of these AI models are better than others. So we use like four different AIs with enterprise contracts. So if we use the AI, the AI is never going to keep their information. It's never going to put it into the public domain. It's immediately designed to write the response back into FileVine and then delete it from memory so that there's no customer data that ever leaves a trusted, secured environment Excellent. So that's one of the few things that very few companies are doing that and that's going to be critical for the attorneys to have a high confidence that their data, their client's data, is not going to ever be exposed.
Speaker 1:How do you personally feel about AI? Are you worried about anything? Is there anything about AI that keeps you up at night?
Speaker 2:Well, I do worry, but I also feel for the legal space. It's going to make the biggest leaps and bounds to improve legal services so that people who are underserved today can get the care, the legal care that they need, and it should drive the costs of certain things down, like the cost to get a goodwill right. A cost to get certain documentation that's fairly standard should drive that down considerably and it will allow the attorneys and paralegals to focus on work that needs more experience and thought and precedence that, frankly, only humans can do really, really well right now that the AI cannot. But in the next 10 years it'll be another discussion entirely.
Speaker 2:I do believe you have to have guardrails because we know there have been cases where AI has been bullying children. It has said horrible things that they should probably go kill themselves. So anytime AI, the AI was annoyed because you know, in a couple of cases, kids were asking it questions and it copped an attitude and started attitude and started really going off the rails. So we have to be aware that public AIs get poisoned. And training and prompt engineering and all the things that we do. We have data scientists, prompt engineers, data warehouse experts, modeling experts. If you don't have those teams, then you're using it in a very risky way. But we put a tremendous amount of thought and we've been working on it for about two years last question.
Speaker 1:So now that file vine basically has steroids injected into it, that's basically the ai. The ai beefs it up right and it's doing all these marvelous things and much better than humans can should is this going to erase anyone's job? I'm thinking specifically the paralegals. What is something like Filevine that is so powerful, that delivers so much efficiency, doesn't get tired, doesn't sleep, doesn't ask questions unless it's been poisoned? It's not messing with your kids. Ask questions unless it's been poisoned. You know it doesn't. It's not messing with your kids. What is that going to do to those employees who it's their bread and butter every day to get up and do a lot?
Speaker 2:of that manual labor. I would say there's probably an intersection in the future where that becomes more relevant. I think today those paralegals can leverage the technology to do more work Right. So it would allow their firms today to take on a greater workload. And because you still need qualified, skilled people that can can take data out of context or in context and fact check it.
Speaker 2:Sometimes the AI will do its best and it still isn't quite there.
Speaker 2:I would say speed and quantity are the AI's benefit. Quality sometimes still takes a step back and that's where we actually have to work with the client to make sure that the data science model is good for their particular use case, if they're using it for something new, because we have very purpose-built AIs and if it's outside of that purpose, you still need really capable people. So I would say it is going to be a risk. I don't know that it's a risk as much today, but this is another reason why paralegals I would strongly encourage them get tech savvy, do as much as you can to upskill yourself, because learning how to use the technology now you have a real force multiplier, somebody who's knowledgeable and skilled, that can also use the technology better. They're going to better themselves and better their clients and ultimately help more people. I think a lot of lawyers simply want to help people through the worst times in their lives and be paid fairly to do so lives and be paid fairly to do so.
Speaker 1:Dean Sapp says so at Filevine. Thanks so much for being with us today and being so gracious with your time. And if people want to find Filevine and learn more about you, follow you. Where can they go to follow you?
Speaker 2:So they can go to Filevinecom to learn more about the company. We have a security section, so filevinecom slash security. You can see more of my content there, as well as on LinkedIn and some of the other social media platforms.
Speaker 1:Awesome. Thank you for listening to this episode of Cybernomics. If you want to find me, you can find me on LinkedIn. I'm most active on LinkedIn, so just search for Josh Bruning B-R-U-Y-N-I-N-G. If you want to learn more about Bruning Media and what we do, check us out at bruningcom. B-r-u-y-n-i-n-gcom. Thanks for listening to this episode of Cybernomics. Bye.
Speaker 2:Thank you.