Tag Archives: EnterpriseAI

Enterprise AI Has a Token Cost Problem — But It’s Very Fixable. What most AI vendors aren’t telling you.

By Larry Gill

The promise of AI in the enterprise is everywhere right now. Every eDiscovery vendor, legal tech platform, and cloud provider is claiming to have AI capabilities. But there’s a fundamental architectural flaw in how virtually every one of them applies AI — and it’s a problem that has significant consequences for your costs, your security, and your risk posture.

With our new release of X1 Enterprise v6, we’ve built a genuinely different approach. Last week, our team hosted a live product tour to walk through what that looks like in practice. Here’s a summary of what we covered — and why I believe it changes everything.

The Problem: AI Is Being Applied Too Late
The eDiscovery and data governance workflow has been largely the same for over 20 years: Identify → Collect → Process → Host → Review. Every major vendor with AI capabilities today is applying AI at the very end of that process — at the Review stage — after data has already been moved or copied into their platform.

That’s too late. And it’s not just where they’re applying AI in the workflow — it’s how they’re applying it that’s the real problem.

Before AI ever touches your data in these platforms, you’ve already:
• Copied and transferred sensitive enterprise information to a vendor-controlled environment
• Paid for processing and hosting on the full data volume — including everything that turns out to be irrelevant
• Created security and compliance exposure from that mass data transfer to a third party
• Waited through long, throttled ingestion cycles before any analysis can begin

And now you’re being up-charged for ‘new’ AI capabilities on top of already expensive collection, hosting, and review fees. And the reason why you are being charged so much is that many of these vendors are merely brokering usage (and being charged for it) through large, centralized AI platforms.

If you’re considering pointing a cloud LLM — Claude, Copilot, ChatGPT, or even legal-focused platforms like Harvey — directly at your enterprise data to solve this problem, I want to be direct: they’re the wrong tool for the job. Cloud AI platforms cannot search data in-place. If you try to use them across your full enterprise data estate, you’ll be exfiltrating enormous volumes of data to their AI engines and consuming a massive number of tokens — exploding your costs in the process.

Infographic illustrating X1's approach to applying AI at the source before data moves, featuring steps: Identify, Collect, Process, Host, and Review.

X1’s Answer: AI In-Place, Before Anything Moves
X1 Enterprise v6 takes a fundamentally different architectural approach. We call it AI In-Place.

Rather than copying data into a centralized platform and then applying AI, X1 deploys distributed micro-indexes directly across your enterprise data sources — your M365 environment, endpoints, cloud repositories, and more. Your data stays exactly where it lives. We bring the AI to the data. Not the other way around.

That means AI decisioning happens before collection, before review-set creation, before any exporting, and before anything moves. We apply AI at the very beginning of the eDiscovery and data governance workflow — not at the end.

X1’s AI capabilities are about upstream AI enablement, not (yet another) prompt-wrapper that brokers expensive queries to Anthropic or OpenAI like too many other eDiscovery and Compliance Platforms. X1’s fundamental architectural shift means X1 neither charges nor incurs OEM AI costs, as the models are frozen and deployed in-place. This factor alone results in massive cost savings and efficiencies.

Infographic comparing two data architectures: 'Collect-First' process showing bulk copy and transfer methods, and 'Analyze-In-Place' by X1 featuring AI capabilities for data analysis in real-time.

One Platform, Across Every Critical Use Case
The AI In-Place architecture isn’t a point solution. It’s an enterprise platform that spans your most critical data workflows:

eDiscovery — X1 enables index-in-place early case assessment, data identification, and highly targeted collection. You get full data visibility and AI-powered responsiveness scoring before a single document is exported, resulting in dramatically smaller review volumes and lower costs — beginning before collection even starts.

Risk and Compliance — X1 identifies and remediates PCI, PII, and privacy-regulated data across your enterprise, continuously and without moving it into a compliance platform. It supports departed employee workflows, GDPR, FOIA, HIPAA compliance, and more — all analyzed and remediated in-place.

InfoSec and Investigations — When a breach occurs or an insider threat is suspected, time is critical. X1 gives investigation teams real-time capability at petabyte scale, across endpoint and cloud environments simultaneously — something no centralized architecture can match.

Information Governance — X1 handles large-scale data separation for M&A due diligence and divestitures, ROT analysis, records management policy enforcement, data mapping, and more — all in-place without migration or centralized data processing.

A Hidden Cost Nobody Is Talking About: Enterprise-Wide Token Explosion
There’s another dimension to this problem that rarely gets discussed openly, and it has major financial implications for any organization deploying AI at scale.

AI productivity tools like Claude or Copilot are genuinely valuable for administrative and day-to-day workflows — drafting emails, summarizing meetings, and generating content. But they are fundamentally the wrong tool for enterprise-wide data discovery.

Here’s why:

When you ask a cloud AI platform to find information across your enterprise data, it has no index to work from. It must retrieve and read the actual documents — potentially thousands or millions of them — just to locate what you’re looking for. Every document pulled into context consumes tokens. Every search, every query, every time someone asks a question about your data, the AI is ingesting enormous volumes of content to produce an answer. At enterprise scale, this doesn’t just add up — it explodes.

The costs compound quickly. Token pricing is consumption-based, and when your AI tool is reading entire document sets on every query rather than looking up a precise answer, you are essentially paying to re-read your entire data estate over and over again. For large organizations, this can translate into AI infrastructure costs that are orders of magnitude higher than they need to be.

X1’s local index-in-place technology solves this directly. Because X1 has already built a persistent, AI-enriched index across all your enterprise data sources — right where the data lives — your AI tools don’t need to go find and read the documents. Instead, the AI asks the question, X1 uses its index to identify the precise answer, and then delivers only the targeted files, documents, or data points the AI or end user actually needs. The documents themselves never have to be ingested into the AI platform at all.

The result is dramatically lower token consumption across your organization — because you’re sending the AI targeted answers, not raw document libraries. X1 becomes the intelligent retrieval layer that makes your existing AI investments far more efficient and far less expensive to operate at scale.

Where We’re Headed: X1 as the Governed Retrieval Layer for Enterprise AI
As your organization deploys more AI assistants and agents — through Copilot, Claude, or internal AI tools — they will all need a secure, governed way to retrieve knowledge from your distributed data. X1 is being built to serve as that infrastructure layer that connects your AI tools to your data.

Our vision is for X1 to become the MCP Server for your LLMs — the governed retrieval layer that sits between your centralized AI systems and your enterprise data. Your AI tools will ask the questions. X1 will find and provide the answers — safely, compliantly, at scale, with minimal cost, and without data ever leaving its source.

Three Things I Want You to Take Away

  1. AI In-Place gives you a real strategic advantage. Security, speed, and scalability — at a fraction of the cost — with your data never leaving your environment. There’s no need to collect, move, copy, re-index, or centralize before analysis can begin. The shortest path to insight is leaving the data where it already is.
  2. We will never monetize your data. Full stop. You can analyze your data in place and pay nothing extra for the AI capabilities we’ve built into v6. No data charges. No add-on fees. Ever. Your data is an asset — it shouldn’t be a revenue stream for your software vendor.
  3. Control belongs with you. This industry has been charging customers a premium for over-collection, over-processing, bloated hosting, inefficient review, and now AI add-on fees on top of it all. That model ends here. X1’s AI-native approach cuts through it entirely — dramatically lower costs, no unnecessary data sprawl, and control back where it belongs.

If you missed the webinar, you can watch it now here. And if you’d like to see what AI In-Place looks like in your specific environment — your M365 footprint, your eDiscovery program, your compliance posture — reach out to us at info@x1.com or visit x1.com to schedule a private demo.

The right architecture for AI isn’t about moving your data to the AI. It’s about bringing the AI to your data.”
— Larry Gill, CEO, X1 Discovery

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, Cybersecurity, Data Audit, Data Governance, ECA, eDiscovery & Compliance, Enterprise AI, Enterprise eDiscovery, ESI, GDPR, Information Governance, Information Management

Navigating Legal and Compliance Risks When Corporations Expose Sensitive Data to AI

By Kelly Twigger and John Patzakis

Implementing AI within a corporate environment is no longer a matter of “if” but “how.” We recently addressed these challenges in our webinar, “Navigating Legal and Compliance Risks in AI,” where our panel of experts discussed the strategic transition required to build a robust risk mitigation framework. While the efficiency gains of AI—such as automating workflows and surfacing deep insights—are compelling, introducing sensitive enterprise data into these models without a tactical plan can lead to unintended consequences. These risks range from the dilution of trade secrets to complex eDiscovery obligations and substantial regulatory exposure under the GDPR.

To leverage AI safely, counsel should focus on the following grounded strategies for risk management.

Protect Trade Secrets
Under federal law, trade secret status is contingent upon the owner taking “reasonable measures” to maintain secrecy. This is a rigorous standard; if proprietary information—such as source code or high-value technical data—is fed into an unsecured AI model without strict access controls, a company risks losing its legal protections entirely.

  • Review the Judicial Standard: In Snyder v. Beam Technologies, Inc., the 10th Circuit affirmed that failing to use confidentiality protections or allowing information to reside on unsecured devices can defeat trade secret status.
  • Maintain Active Safeguards: Courts emphasize that consistent and active safeguards are required to maintain secrecy. Lax internal controls during AI interactions can be cited as evidence that “reasonable measures” were not maintained.
  • Implement No-Prompt Zones: Establish “No-Prompt Zones” for your organization’s most sensitive intellectual property. By isolating core IP from third-party cloud models, you maintain a defensible record of “reasonable measures” that can withstand scrutiny in litigation.

Manage the eDiscovery Paper Trail
AI interactions—both the prompts submitted by employees and the responses generated by the tools—are considered discoverable Electronically Stored Information (ESI). These records are part of the corporate record and are subject to subpoena and legal holds.

  • Understand the Technical Reality: Microsoft has confirmed that Microsoft 365 Copilot interactions are logged through the Purview unified audit log, making them searchable, preservable, and producible via eDiscovery tools.
  • Assess Scope of Exposure: Because these chats are treated no differently than emails, they may inadvertently expose privileged or damaging material if not managed properly.
  • Map Information Logs: Update your legal hold workflows to specifically include AI conversation logs and audit trails. Mapping where these logs live before litigation arises ensures a more controlled and cost-effective discovery process.

Navigate GDPR and Data Privacy
Processing customer or employee data through AI models requires strict adherence to the GDPR principles of data minimization, purpose limitation, and lawfulness. Feeding sensitive data into AI models without a clearly articulated lawful basis—such as consent or legitimate interest—can result in significant administrative fines.

  • Meet Compliance Requirements: European authorities require organizations to demonstrate compliance by documenting purposes, limiting data inputs, and ensuring appropriate safeguards are in place.
  • Identify Special Categories: The GDPR is particularly restrictive regarding health information or data revealing racial or ethnic origin, requiring specific exemptions for processing.
  • Conduct Privacy Impact Assessments: Perform mandatory Privacy Impact Assessments (PIAs) for any AI tool that touches personal data. Documenting the purpose and necessity of the processing is critical for maintaining regulatory standing during an audit.

Leverage In-Place AI Functionality
A critical strategy for reducing risk is shifting where the AI processing occurs. Rather than routing data through external, third-party cloud-hosted AI services, organizations should consider prioritizing workflows where AI is applied in-place within the corporate network or controlled enterprise environment.

  • Secure the Data Perimeter: By keeping data and AI processing behind the organization’s own security firewall, you materially reduce the risk of trade secret leakage and data exfiltration.
  • Minimize Third-Party Footprint: Applying AI in-place narrows the scope of discoverable third-party records, as the interactions remain within your internal infrastructure rather than residing on a vendor’s servers.
  • Establish Full Governance Control: This model provides counsel with direct control over privacy, retention, and audit obligations—essentially giving you the “kill switch” for data that you simply do not have with external cloud vendors.

Tactical Governance and Ethical Oversight
Counsel must navigate the professional and technical nuances of AI deployment to ensure long-term stability.

  • Ensure Professional Competence: The ethical duty of technological competence requires attorneys to understand the limitations of the tools they use. AI should be treated as a “junior associate”—capable of great speed but requiring diligent human verification of all output.
  • Apply Risk-Based Tiering: Not all AI use cases carry the same weight. We recommend a tiered approach:
    o Tier 1 (Administrative): Low-risk tasks involving non-sensitive data.
    o Tier 2 (Internal/Marketing): Standard communications requiring routine oversight.
    o Tier 3 (High-Value/Restricted): High-stakes processing involving PII, health data, or proprietary IP, requiring senior legal sign-off and strict data handling protocols.
  • Execute Proactive Vendor Vetting: Move from consumer-grade tools to enterprise solutions that offer SOC 2 Type 2 attestations. Ensure contracts explicitly prohibit the vendor from using your data to train their global models.

In light of these risks, corporate counsel should take a proactive, structured approach to AI governance. This includes implementing data classification and usage controls to prevent sensitive trade secrets from being exposed to AI systems without safeguards; establishing clear policies governing AI prompts, outputs, retention, and eDiscovery treatment; and conducting privacy impact assessments to ensure personal data processing complies with GDPR and similar regulations. In addition, counsel should carefully evaluate AI deployment models and consider workflows in which AI models are deployed in-place within the corporate network or controlled enterprise environment, rather than routed through third-party cloud-hosted AI services. Keeping data and AI processing inside the organization’s security perimeter can materially reduce trade secret leakage risk, narrow the scope of discoverable third-party records, and provide greater control over privacy, retention, and audit obligations—while still allowing the enterprise to realize the benefits of advanced AI capabilities.

For a deeper dive into these strategies and more case studies, you can watch the full session here.

1 Comment

Filed under Best Practices, compliance, Corporations, Cybersecurity, Data Governance, ECA, eDiscovery & Compliance, Enterprise AI, Enterprise eDiscovery, ESI, GDPR, Information Governance, Records Management