Overview
The LawVu MCP server connects your organization's AI tools directly to LawVu LegalOS, giving those tools governed, real-time access to the legal data and workflows your team already relies on.
Model Context Protocol (MCP) is an open standard that allows external AI tools to connect to other systems in a structured, secure way. Rather than copying context manually into a separate AI tool, your team can work with accurate, up-to-date legal data from whichever AI tool they are using - with LawVu providing the governance layer, permissions model, and audit trail underneath.
Once connected, supported AI tools such as Claude, ChatGPT, and Microsoft Copilot agents can:
Search and query matters, contracts, and legal knowledge in natural language from any connected AI tool
Summarize and report on matters or contracts, including status, risks, and key details
Retrieve answers grounded in your organization's own policies and legal knowledge base
Create matters, update status, add tasks, and trigger workflows directly from your AI tool
Do all of the above with every action respecting LawVu's permissions model, with a full audit trail across all connected AI tools
⚠️ Understand the risks: what to consider before enabling MCP
Before enabling, your organization should understand the shared responsibilities that come with connecting AI tools to your legal data.
Enabling MCP means authorising an external AI tool to query and act on LawVu data on behalf of your users. LawVu enforces permissions and maintains an audit trail on its side, but the security posture of the AI tool itself - and how it is deployed within your organization - is your responsibility.
Key risks
Prompt injection. AI models can be manipulated by instructions embedded in content they process. For example, if a user asks their AI tool to summarise a LawVu document that contains a hidden malicious instruction, the AI could be tricked into treating that instruction as a legitimate command. This is an industry-wide challenge and not specific to LawVu, but it is worth factoring into how your team uses AI tools with sensitive legal data.
Third-party MCP server risks. The LawVu MCP server is an official, LawVu-operated server. However, if your AI tool is also connected to other MCP servers from third parties, those servers carry their own risks - including the possibility of malicious instructions being introduced after initial setup. You should vet and monitor all MCP servers connected to your AI tools, not just LawVu's.
Tool impersonation. AI agents use names to identify resources and tools. Deceptive naming in a third-party MCP server could mislead an AI agent into using the wrong resource. Connecting only to verified, trusted MCP servers reduces this risk.
Agentic actions. As AI tools become more capable of taking actions autonomously, the consequences of an unintended action grow. We strongly recommend requiring human review and approval for any AI-initiated action that creates, modifies or deletes records in LawVu, particularly in early stages of deployment.
Recommendations
Grant AI tools the minimum access they need - do not enable MCP organization-wide before you understand the intended use cases
Require human confirmation before AI-initiated write actions where possible
Use only verified, officially supported AI tools and MCP servers
Review the LawVu audit log regularly to monitor AI-initiated activity
Ensure your organization's AI Acceptable Use Policy covers the use of MCP-connected tools
Access to the LawVu MCP Server is enabled at your organization's discretion. LawVu provides a degree of governance infrastructure; your organization is responsible for how AI tools are deployed and used within it.
🗣️ We value your feedback
The LawVu MCP server is a new and evolving capability, and your experience with it directly shapes where we take it next. If something is working well, we want to know. If something is not, we want to know that too.
Send a short email to mcp-feedback@lawvu.com. All feedback will be reviewed by the team building the MCP Server.
What data can a connected AI tool access?
A connected AI tool can access LawVu data on behalf of the authenticated user, subject to that user's existing access level and record membership in LawVu. The MCP Server does not grant any elevated permissions. If a user cannot see a matter or contract inside LawVu, a connected AI tool cannot access it either.
At launch, connected AI tools can read from and write to the following areas:
Read-only tools
Matters - metadata, status, tasks, conversations, legal notes, files, and status updates
Contracts - documents, metadata and details like key dates
Knowledge - articles and attachnents
Documents - content-based file search
Write tools
Create new matters and wizard-based contracts
Post status updates on matters or contracts
Create and assign tasks
Post status updates
Trigger contract workflows
Enumerate and create field options for supported field types
The scope of available tools will expand over time based on feedback and usage by early adopters.
Activating and installing the LawVu MCP server
Step 1: Request activation
To get started, contact your Customer Success Manager or reach out to the LawVu Support team and ask for the MCP Server feature to be activated on your account.
⚠️ Please note: due to high demand, there may be a wait list. Your Customer Success Manager will confirm your position and keep you updated.
Step 2: Enable the feature in LawVu
Once your account has been activated, a LawVu Organisation Admin may complete the following steps:
Log in to LawVu and navigate to the Integrations screen
Locate the MCP Server tile and open it
Click the Get started button and follow the on-screen prompts to enable the feature for your users
Step 3: Connect your AI tool
Use the MCP server URL provided in the previous step to connect your AI tool of choice. The specific steps will vary depending on which AI tool you are using. In most cases, you or your IT team will need to complete a short configuration step inside the AI tool's settings or admin console to load the MCP server and make it available to your team.
🚧 Coming soon: LawVu is developing an official Claude Connector and an official ChatGPT App to make the connection experience faster and more straightforward for users of those tools.
Note for IT administrators: Your organization's AI tool deployment and access policies apply to MCP-connected workflows. We recommend reviewing your AI Acceptable Use Policy before enabling MCP access for your users, and considering a phased rollout starting with a defined group of early adopters.
Frequently asked questions
Q: What will the AI tool be able to do on a user's behalf? Will it respect their access level and record membership in LawVu?
A: Yes. The LawVu MCP server enforces the same permissions model that applies inside LawVu itself. A connected AI tool acts on behalf of the authenticated user and can only access records that user is permitted to see. Record/team membership and role-based permissions are all respected.
Q: What audit trail is provided for AI and agentic activity?
A: All actions taken through the LawVu MCP server are recorded in LawVu's activity log, in the same way as actions taken directly inside the product. This gives your legal operations and IT teams full visibility into what AI tools are doing with your LawVu data.
Q: What AI tools are supported? What are the minimum requirements?
A: Most AI tools which support the MCP standard, including Claude (Anthropic), ChatGPT (OpenAI), agents created in Microsoft Copilot Studio, and other MCP-compatible tools and agent frameworks.
Minimum requirements:
MCP support with remote server connectivity (HTTP or SSE transport)
Ability to configure a custom MCP server URL
A valid LawVu user account with appropriate permissions
Q: Is LawVu data sent to the AI provider? What are the data handling implications?
When a user asks their AI tool a question that involves LawVu data, the AI tool will query the LawVu MCP server and receive the relevant data in response. That data is then processed by the AI model to generate a response. This means LawVu data is transmitted to and processed by the AI provider you are using.
LawVu does not control how third-party AI providers handle data passed to them through MCP. Your organization should review the data processing terms and privacy policies of any AI tool you connect to LawVu, and ensure this is consistent with your own data governance obligations - including any requirements under GDPR, HIPAA, or other applicable regulations.
Who should I contact if something goes wrong?
Contact the LawVu Support team via live chat or by emailing support@lawvu.com. For incidents involving unexpected AI behaviour or suspected data exposure through a connected AI tool, we would encourage you to also engage your internal IT security team.