kolm / case studies / legal

Procurement blocked the SaaS. The .kolm shipped on the firm's own hardware.

A legal-tech team at an AmLaw 200 firm had built a clause-extraction model on a hosted API. The cloud-egress clause killed the deal at procurement. They re-shipped as a kolm-compiled artifact running on the firm's existing infrastructure; the model logic did not change.

F1 on clauses

0.94

Egress

0 bytes / mo

Procurement

cleared, 2 wks

Throughput

1,200 docs/hr

The setup

A 400-attorney AmLaw 200 firm. The legal-tech group, headed by a former litigator, had built a contract-clause extractor for the M&A practice: read a stock-purchase agreement, surface MAC clauses, change-of-control triggers, indemnification caps. The model was a Llama-3.1-8B fine-tune the team had been iterating on for 7 months.

It worked. F1 on the firm's labeled benchmark set was 0.94. But it ran on a hosted vendor API. When the legal-tech team tried to roll it out beyond their pilot M&A group, procurement and the firm's General Counsel (acting as their own client on this deployment) flagged the cloud-egress clause. Attorney-client privilege does not transit a vendor's servers comfortably, even with a BAA-equivalent.

The blocker

We are not allowed to send a client's draft agreement to a third party we do not control. Not even in encrypted transit. The model has to run on metal we own. — Firm General Counsel (anonymized)

The vendor offered an on-prem option at $480k/year baseline. The firm's CTO did the math — ~$0.41 per document processed — and concluded the firm's own engineers could run the same model for materially less if they owned the artifact.

The compile

The team brought their existing training set (~4,800 labeled contracts, the model card from the vendor, and the eval harness they had already written) into kolm. The legal compliance pack added attorney-client + work-product gating on the verifier side.

$ kolm compile recipe.yaml \
    --base meta-llama/Llama-3.1-8B-Instruct \
    --pack legal-attorney-client \
    --gate K=0.90 \
    --gate f1_clause>=0.93
…
[7/7] OK signature attached
artifact: build/clause-extractor.kolm
CID:      cidv1:sha256:7e2a91d4…
K-score:  0.927 (gate 0.90) PASS
F1:       0.943 (gate 0.93) PASS

Compile time: 6 hours 14 minutes on a rented H100. Total compile cost: ~$48. The artifact: 9.6 GB.

The procurement pass

What changed at procurement when the artifact replaced the SaaS:

Egress: from "vendor receives every contract" to "0 bytes leave the firm network". The firewall log shows 0 outbound calls from the kolm runtime.
Vendor surface: from "1 vendor with access to client documents" to "1 vendor with no access to anything; ships software once at compile time".
Audit: from "vendor SOC 2 report annually" to "per-inference receipt with input hash, output hash, K-score, HMAC".
Renewal risk: from "vendor can change pricing or shut down" to "artifact is a file the firm controls".

The General Counsel signed off in 2 weeks. The deployment went firm-wide a week after that.

What the receipt records

{
  "artifact_cid":  "cidv1:sha256:7e2a91d4…",
  "matter_id":    "M&A-2026-0418-anon",
  "input_sha":     "sha256:62a91c8f…",
  "output_sha":    "sha256:1a3e44b0…",
  "k_score":       0.927,
  "clauses_found": 14,
  "verifier_ok":   true,
  "ts":            "2026-04-22T11:08:55Z",
  "issuer_pubkey": "kolm-issuer-2026q2",
  "hmac":          "c30b9f12…"
}

The matter_id is the firm's internal billable matter number, not the client's identity. The input_sha resolves to a document hash the firm's DMS already tracks. Months later, an associate can answer "what did the model say about this clause" without re-running anything; the receipt is the answer.

The outcome at one quarter

~14,000 contracts processed firm-wide in Q1, vs. ~1,200 in the pilot quarter.
Two new practice groups (commercial real estate, capital markets) onboarded onto the same artifact.
Firm reduced outside-counsel due-diligence spend on stock-purchase agreements by $1.1M in the first half (the firm's CFO ran the attribution — we did not).

What we did not solve

The firm's DMS integration is bespoke. We provided a CLI; the firm wrote the connector.
Re-training requires re-compiling. Quarterly refresh is on the firm's calendar; we will not push to them.
Other practice groups want different verifiers. The legal compliance pack covers attorney-client + work-product. Patent prosecution, for instance, needs its own pack — the firm is building it.

Where to look next

The legal compliance pack at /compliance-packs. The verifier-from-examples recipe at /cookbook/verifier-from-examples for teams writing their own verifier on top of a stock model.