Legal Tech Has a Risk Problem and it’s Not What You Think

By Brendan Mulholland

At Recital, we believe startups are fundamentally exercises in risk management. And in legal tech—where you're handling the most sensitive agreements that power entire businesses—that philosophy isn't optional.

That’s why I’m proud to say we’ve just completed pentesting (security penetration testing of our application) as part of our SOC 2 compliance, and the results reflect something deeper than just good security practices.

0 critical vulnerabilities. 0 high-risk findings.

Just five findings total—half of which were about development & test environments, not production—and all of which we’re remediating immediately.

But here's what matters more: our goal wasn’t to check a compliance box, pass a pentest, or even to directly build a secure application. We were focused squarely on building a risk-aware culture from the ground up. The excellent pentest was a result of our focus on what matters.

Why This Matters for Legal Tech

When legal teams trust you with their contract data, they’re not just giving you documents—they’re giving you pricing terms that could shift markets, IP clauses worth millions, and liability caps that protect entire organizations. The traditional “move fast and break things” approach doesn’t work when breaking things could mean exposing a company’s most critical business agreements.

Moving Beyond Security Theater

Too many legal tech companies treat security and compliance as a checkbox exercise. Get the certification, put the badge on your website, call it done. But real security—the kind that builds genuine trust—requires weaving risk analysis into every conversation, every decision, every feature we build.

At Recital, we're not just developing policies to comply with standards. We're developing policies around what we already do, then making those practices auditable and transparent. Our SOC 2 process isn't about proving we can follow rules—it's about proving there's a different way to manage risk in this space.

We’re Building Trust Through Transparency

Legal teams using the Recital platform to transform their contract data into structured, actionable insights deserve to know exactly how we're protecting what matters most to their business. These pentest results aren't just numbers on a report—they're evidence of our commitment to earning that trust every single day.

As we continue scaling our platform, this foundation of risk-aware thinking ensures we’re worthy of the trust legal teams place in us. And as Martin recently wrote about MCP, our vision for the future of contract data relies on that same trust.

Interested in learning more about how Recital helps legal teams manage their most critical contract data securely? Book a demo.