1. The Scenario
Your client, a mid-size manufacturing company, has received a 40-page Master Services Agreement (MSA) from a new IT vendor who will manage their cloud infrastructure. The vendor is a large enterprise provider, and the contract is their standard template — heavily skewed in the vendor's favor.
The General Counsel needs your risk analysis by tomorrow morning. She wants to know: What are the top risks? Which clauses need pushback? What is market-standard for this type of agreement, and where does this contract deviate?
Key details:
- 40-page MSA with 8 exhibits and 3 addenda
- Vendor's standard form — take-it-or-leave-it tone
- 3-year initial term with auto-renewal
- Covers cloud hosting, data migration, and managed services
- Governing law: Delaware
2. The Traditional Approach
Without AI, this is a significant time investment. Here is how most lawyers approach it:
Page-by-page read-through (2-3 hours)
Read every page, highlight concerning provisions, cross-reference definitions, note interplay between exhibits and the main body.
Issue identification and research (1-2 hours)
Categorize risks by severity. Research market-standard positions on key terms. Check Delaware law on enforceability of certain provisions.
Draft risk memo (1-2 hours)
Write up findings organized by risk level. Include recommended redlines and negotiation positions for each flagged clause.
Internal review and quality check (30-60 min)
Proofread, verify cross-references, ensure nothing was missed. Check for consistency in recommendations.
Traditional Time Estimate
5-8 hours of focused attorney time for a thorough review and risk memo.
3. The AI-Assisted Approach
With AI, the workflow changes fundamentally. Instead of reading every page first and then analyzing, you use AI to extract, categorize, and flag — then focus your expert attention on what matters most.
Upload the Agreement (2 min)
Upload the full contract PDF to an AI tool with a large context window (Claude, ChatGPT, or Gemini). Ensure the PDF is text-searchable, not a scanned image. If scanned, OCR it first.
Run the Comprehensive Review Prompt (5 min)
Use the detailed prompt below. It instructs the AI to analyze the entire agreement through the lens of the client's interests — identifying risks, deviations from market standard, and clauses requiring negotiation.
Targeted Follow-Up Questions (15 min)
Based on the AI's initial output, ask targeted follow-ups: "What interplay exists between the limitation of liability in Section 12 and the indemnification carve-outs in Section 14?" or "Compare the data protection provisions to standard DPA requirements under state privacy laws."
Expert Verification and Deep-Dive (45-60 min)
Now read the flagged sections yourself. The AI tells you where to look; your expertise determines what it means. Verify the AI's risk assessments, check for issues it may have missed, and apply your knowledge of the client's specific business context and risk tolerance.
Finalize the Risk Memo (30-45 min)
Combine the AI's structured output with your own analysis into a polished risk memo. Rewrite in your voice, add client-specific context, include negotiation strategy, and ensure the recommendations reflect your professional judgment.
4. The Prompt
This prompt is designed for use with a large-context AI model (Claude, ChatGPT, Gemini). Upload the full contract PDF alongside this prompt. Every section of the prompt serves a specific purpose.
Complete Prompt — Contract Risk Analysis
You are an experienced corporate attorney reviewing a vendor Master Services Agreement on behalf of the customer (the company receiving services). The attached document is a 40-page MSA for IT cloud infrastructure and managed services.
Conduct a comprehensive risk analysis with the following structure:
## 1. EXECUTIVE SUMMARY
Provide a 3-4 paragraph overview of the agreement's key terms, overall risk profile (Low / Moderate / High / Critical), and the top 3 issues requiring immediate attention.
## 2. RISK MATRIX
Create a table with these columns:
| Section/Clause | Risk Level | Issue Description | Market Standard Position | Recommended Action |
Categorize every material provision as:
- CRITICAL (unacceptable as drafted — must be revised)
- HIGH (significantly unfavorable — strongly recommend revision)
- MODERATE (below market standard — negotiate if possible)
- LOW (acceptable or standard)
## 3. KEY ISSUES DEEP DIVE
For each CRITICAL and HIGH risk item, provide:
- The exact contract language (quote the relevant text)
- Why it is problematic for the customer
- What market standard looks like for this type of provision
- Specific redline language the customer should propose
Focus especially on:
- Limitation of liability (caps, carve-outs, consequential damages waiver)
- Indemnification (scope, survival, procedures)
- Data protection and security obligations
- Intellectual property ownership and licensing
- Termination rights and transition assistance
- Service level agreements and remedies for failure
- Auto-renewal terms and notice periods
- Governing law and dispute resolution
- Force majeure scope
- Assignment and change of control
## 4. MISSING PROVISIONS
Identify any provisions that are standard for IT services agreements but absent from this contract (e.g., data return/deletion obligations, disaster recovery commitments, insurance requirements, audit rights, subcontractor approval).
## 5. NEGOTIATION STRATEGY
Provide a prioritized list of negotiation points, ranked by:
1. Items to insist on (deal-breakers if not revised)
2. Items to negotiate hard on (significant risk reduction)
3. Items to request but concede if needed (nice-to-have improvements)
Be specific, practical, and write as if advising a General Counsel who needs to act on this analysis immediately.Why This Prompt Works
Role assignment
By specifying "experienced corporate attorney" and "on behalf of the customer," the AI adopts the correct perspective. Without this, it may provide a neutral analysis rather than advocating for your client's interests.
Structured output format
The numbered sections with specific formatting instructions (tables, categories, quotes) ensure the output is organized and consistent. This makes it directly usable in your risk memo rather than requiring restructuring.
Risk categorization framework
The CRITICAL / HIGH / MODERATE / LOW framework forces the AI to prioritize rather than listing everything as equally important. This mirrors how experienced lawyers think about contract risk.
Market-standard comparison
Asking for market-standard positions leverages the AI's training on thousands of contracts. While you must verify these comparisons, they provide a useful baseline for negotiation.
Specific focus areas
Listing the ten key areas ensures the AI covers everything material. Without this checklist, it might focus heavily on some areas while overlooking others.
5. The Review — Evaluating AI Output
The AI's output is your starting point, not your final product. Here is how to evaluate and improve it:
Verify Quoted Language
The AI may paraphrase, truncate, or subtly alter contract text when "quoting" it. For every quoted provision in the risk matrix, open the actual contract and confirm the language matches. Misquoted provisions lead to incorrect risk assessments.
Check for Omissions
Skim the full contract yourself (now much faster, since you know what to focus on). Look for clauses the AI categorized as LOW risk that may actually be problematic given your client's specific circumstances. The AI does not know that your client recently had a data breach, or that they plan to resell the vendor's services.
Validate Market-Standard Claims
When the AI says something is "below market standard," verify this against your own experience and firm precedent. AI models have broad training data, but market standards vary by industry, deal size, and bargaining power. Your precedent database is more authoritative than the AI's general knowledge.
Test the Redline Suggestions
Read the AI's proposed redline language critically. Does it actually solve the problem identified? Is it internally consistent with other contract provisions? Would you feel comfortable presenting it to opposing counsel? Refine as needed.
6. The Result — Time & Quality Comparison
Traditional Approach
5-8 hrs
Attorney time for full review, analysis, and risk memo drafting
AI-Assisted Approach
1.5-2 hrs
Attorney time with AI-assisted extraction, analysis, and drafting support
What Changes — And What Does Not
Faster
Initial extraction, clause identification, risk categorization, and first-draft structuring. The AI reads and organizes in minutes what takes hours manually.
Same quality required
Expert judgment on risk severity, client-specific context, negotiation strategy, and final review. These require your experience and cannot be delegated to AI.
Potentially better
Thoroughness and consistency. The AI does not get tired, does not skip sections, and applies the same rigor to page 38 as to page 1. It can catch issues that a fatigued reviewer might miss.
The Professional Responsibility Reminder
AI accelerates your work. It does not replace your judgment. You are the lawyer signing off on the risk memo. If the AI misses a critical issue or miscategorizes a risk, the responsibility is yours. Always verify, always apply your expertise, and always ensure the final product reflects your professional judgment.
Try Another Application
Contract review is one of many workflows where AI adds immediate value. Explore other hands-on guides to expand your AI-assisted practice.
Ready for structured learning? Explore the Learning Program →
Comments
Loading comments...