A CEO's Perspective from Bobby Balachandran - May 2026

Introducing ARMOUR — Exterro's vision for an autonomous risk management framework — and the first product built on it. AI that redefines the future of enterprise legal and data governance.

The Manual Relay Race Has to End

For as long as I've been in this industry, managing legal and data risk has looked essentially the same. For example, a subpoena arrives, an email gets fired off, a spreadsheet gets opened, teams start calling each other. Legal coordinates, IT collects, and security reviews. 

Meanwhile, outside counsel bills, meetings multiply and data moves. As a result, risk expands–the exact opposite of the desired outcome.

That relay race — that handoff-driven, reactive scramble — is not just inefficient. It is structurally unsafe,  expensive and  most importantly, it is no longer acceptable.

Today, I want to talk about what Exterro is building to replace it — and announce our newest delivery on that journey.

Announcing ARMOUR: Autonomous Risk Management, Orchestration, and Unified Response

We've been building toward something for a long time. Today I can finally put a name — and a framework — to it.

We call it ARMOUR.

ARMOUR stands for Autonomous Risk Management, Orchestration, and Unified Response, and it is Exterro's strategic vision for the future of enterprise data risk management. It represents a fundamental shift in how we believe AI must be deployed in legal, compliance, and security contexts.

The future is not about asking an AI for help. It is about architecting a system that sees a risk and resolves it — end to end.

The AI conversation in enterprise software has largely been about productivity: faster search, faster review, cheaper discovery. That conversation is not wrong, but it is incomplete. Efficiency without governance creates volatility. Acceleration without auditability creates liability. Underlying it all, the fact is that speed alone is not a strategy — it is a starting point.

ARMOUR is what comes next. Not AI as an accessory layered onto broken workflows. Rather, ARMOUR is AI embedded within a disciplined, governed architecture — detecting risk, applying policy, triggering defensible action, and preserving an immutable record of everything it does.

The Standard No One Can Afford to Compromise

Here is the thing about legal and data risk that makes it different from almost every other enterprise domain: being right is not enough. You must be able to prove you were right — months later, under cross-examination, in front of a regulator or a judge.

That raises the bar for AI dramatically. Most AI deployments generate answers’ ARMOUR generates accountability. Every automated action is audited. Every policy application is transparent. Every decision is traceable, reproducible, and defensible.

We've built this on three non-negotiable architectural requirements:

• Zero data movement. Sensitive data stays in place — it is never exported to external models or cloud endpoints outside your control.
• Immutable audit trails. Every action, approval, and override is timestamped automatically. Court-ready from intake to production.
• Human authority preserved. Automation handles the mechanical work. Human judgment governs the strategic decisions.

Autonomy built on this foundation reduces risk. Autonomy without it amplifies risk. That distinction is everything.

Six Steps. Each One Earned.

One of the things I've observed about AI in the enterprise is that the hype tends to skip the work. Grand visions arrive without a credible path from theory to execution–but execution is literally where the rubber meets the road. Without transparent, auditable execution, high-risk legal workflows are worse than worthless; they’re a liability..

We wanted a different approach — one that shows exactly where the industry is today, where we are going, and what each step on the journey actually delivers.

We borrowed a concept from automotive engineering — the six levels of driving autonomy — and adapted it for legal and data risk. The result is ARMOUR's autonomy ladder:

Level 00  Manual -  Baseline

Email, spreadsheets, shared drives. No system of record. Most organizations still operate here for at least one major workflow — typically breach response, internal investigations, or subpoena intake.

Level 01  Tool-Assisted  - Industry norm

Point solutions for collection, review, or matter management. Humans drive every action; tools accelerate individual steps but do not connect them.

Level 02  AI-Assisted  - Industry today

Generative AI helps draft, summarize, or classify. The professional remains the orchestrator; AI is a faster typist. Most 'AI for legal' products sit here — and most pilots stall here.

Level 03  Conditional Autonomy - Live and available today — Exterro Subpoena Manager

The system executes a defined workflow end-to-end — triage, scoping, collection, review, response — stopping only at predefined human-in-the-loop decision points. The professional approves; the professional does not assemble.

Level 04  High Autonomy - Emerging Solutions Pioneered by Exterro

From a single hub, the system manages the full data risk surface autonomously — subpoenas, legal holds, investigations, productions — with adjacent privacy and security workflows on the same engine. Humans set policy and handle exceptions.

Level 05  Full Autonomy - End-state vision

The system identifies emerging risk, applies governance, and resolves it across legal, privacy, security, and compliance domains. Humans focus exclusively on novel matters and policy evolution.

Most of the industry hasn't started climbing. We have.

Today's Announcement: Subpoena Manager

A vision is only valuable to customers if you can ship it. So let me be direct about what we are delivering today.

We are launching Exterro Subpoena Manager — the first product built at Level 3 of the ARMOUR autonomy ladder, and the first commercially available solution of its kind in the market.

Subpoena response is a perfect proof point for the ARMOUR architecture. It is high-volume, high-stakes, heavily documented, and deeply broken in most organizations. The typical workflow involves 90 minutes of manual coordination per request, four to six handoffs across legal, IT, security, and outside counsel, and an audit trail that is assembled after the fact — if at all.

Subpoena Manager changes all of that in a single workflow. Whether a subpoena arrives via email or physical mail, Exterro puts it through the same repeatable, defensible, auditable workflow:

• Ingest — the request is received and classified automatically.
• Scope — custodians are identified, legal holds are initiated.
• Collect — relevant data is gathered in place, without movement.
• Review — first-pass review is completed autonomously.
• Respond — production is prepared, audit trail generated, ready for delivery.

Human approval gates are built in where judgment matters. The dozens of steps that don't require a decision are handled automatically.

90 minutes  →  under 5 minutes per request

$500,000 estimated annual savings at 100+ subpoenas per week

4–6 handoffs eliminated per request

These are not projections from a demo environment. They reflect what happens when you remove the relay race and replace it with governed, autonomous execution.

What Comes Next: Natural-Language, Governed Autonomy 

Subpoena Manager is Level 3. We are already building Level 4.

We are revolutionizing how users interact with the Exterro platform today, giving them the ability to use natural language prompts to execute and approve complex workflows with governed autonomous AI agents–and it is currently in private preview. It is designed to manage the full legal and data risk surface from a single hub — subpoenas, legal holds, investigations, eDiscovery productions — autonomously, with humans setting policy and handling genuine exceptions.

It operates entirely within customers’ fully isolated Exterro environment. Your data is never used to train models. Nothing reaches external AI services outside your control. Every action is instrumented for audit from the first step — engineered in, not promised in a white paper.

If you're interested in shaping what Level 4 looks like for your organization, reach out. Early participants in the private preview are helping define it.

The Choice Ahead

Let’s face it. The factors confounding effective data risk management are not going away–they’re actually increasing. The volume and velocity of enterprise data growth are not slowing down. Regulatory complexity is not decreasing. External advisory costs are not declining. The organizations that attempt to absorb those compounding pressures through manual coordination will face an increasingly asymmetric disadvantage.

The architecture you choose today determines whether you can make the transition to autonomy tomorrow. Generic models retrofitted onto legal workflows aren’t capable of solving these challenges; in fact, they may be compounding them. The same is true of isolated AI assistants bolted onto siloed systems and multi-vendor workflows that replicate today's relay race.

ARMOUR is the blueprint, and Subpoena Manager is the first proof point.

The question is not whether autonomy is coming. It is whether your architecture is ready for it.

I'm proud of what the Exterro team has built. And I'm excited about what comes next.

‍

Bobby Balachandran

Chief Executive Officer, Exterro

Portland, Oregon · May 2026

‍

To Learn More

Exterro Subpoena Manager: exterro.com/e-discovery-software/subpoena-manager

ARMOUR Framework: exterro.com/armour

Private Preview: https://go.exterro.com/future-of-ai-in-legal-tech

‍