Gordon Rees Scully Mansukhani is one of the largest law firms in the United States. $759 million in gross revenue in 2024. Over 1,000 attorneys. Between October 2025 and March 2026, it became the first Am Law 100 firm to be a documented repeat offender for AI-hallucinated citations in court filings.
The first incident was in an Alabama bankruptcy proceeding. A Gordon Rees attorney filed a motion containing fabricated case citations, invented holdings, and manufactured statutory quotes. The firm admitted the misuse. It reimbursed more than $55,000 in legal fees. It told the court it was "profoundly embarrassed." It updated its AI policies to include a new cite-checking policy.
Then it happened again. And again. Three incidents in six months. At a firm that had already updated its policies.
The gap nobody talks about
The instinct after an AI failure is to write a policy. It is the natural organizational response. Define what attorneys can and cannot do with AI tools. Require human review. Add a cite-checking step. Document the process. Gordon Rees did all of that. It did not work.
The reason is structural. A policy is a statement of intent. It tells people what they should do. It does not create a verifiable record of what they actually did. It does not gate document submission against a deterministic check. It does not produce evidence that the workflow was followed.
When the next attorney under deadline pressure used an AI tool without verification, the policy existed. The behavior did not match it. Because nothing in the workflow created a record of what the AI produced or how it was reviewed, the failure was invisible until opposing counsel caught it in the filed brief.
Bloomberg Law covered the first incident in October 2025. Above the Law covered the second in February 2026. By then the pattern was clear: policy updates in response to an AI incident are necessary but not sufficient. Without changes to the underlying workflow controls that actually gate document submission, policy language does not prevent recurrence.
What courts are actually asking for
The sanctions in these cases are not primarily about the hallucinated citations themselves. They are about the absence of a verifiable process. Judges are asking: what did you do to verify this before you filed it? What controls were in place? Can you show me what the AI produced and how it was reviewed?
A cite-checking policy cannot answer those questions. It can only assert that a process existed. It cannot prove the process ran. It cannot show which policy version applied. It cannot reproduce the review decision 18 months later when opposing counsel raises it in a sanctions motion. That is the difference between a policy and an evidence record.
The enforcement trajectory
The sanctions are not staying flat. The first AI hallucination cases drew $500 fines and judicial admonishments. By late 2025, five-figure penalties had become routine. In March 2026, the Sixth Circuit levied $30,000 in combined sanctions against two attorneys for briefs containing fabricated citations. The same month, a federal court in Oregon imposed $110,000 in fines, at the time the largest AI hallucination sanction in U.S. legal history, and dismissed the case with prejudice.
Nebraska issued the first indefinite license suspension for AI hallucination conduct. Courts are now forwarding opinions directly to bar authorities. The escalation is deliberate. Judges are calibrating penalties upward in response to persistent non-compliance across the profession. Prior incidents at the same firm now create a presumption of systemic failure, not individual error. That shifts the exposure from the attorney to the institution.
What workflow controls actually require
Fixing this is not a policy problem. It is an infrastructure problem. The workflow needs to produce a record at the point of review, not after the fact, not as a manual attestation, but as a generated artifact tied to the specific content reviewed, the policy version applied, and the timestamp of the review decision.
That record needs to be reproducible. If opposing counsel raises a sanctions motion 18 months later, the firm needs to be able to show exactly what the AI produced, exactly what the review process checked, and exactly which version of the policy governed that check. Policy language cannot do that. A cite-checking attestation cannot do that. Only a deterministic evidence record tied to the workflow itself can do that.
The Gordon Rees pattern, three incidents, updated policies, same failure, is not a story about one firm's negligence. It is a preview of what happens across the industry when the response to AI risk stays at the policy layer and never reaches the infrastructure layer. The question for every firm deploying AI in legal workflows right now is not whether it has a policy. It is whether it has proof.
Sources
Bloomberg Law, "Gordon Rees admits AI misuse in hospital bankruptcy, repays fees." https://news.bloomberglaw.com/bankruptcy-law/gordon-rees-admits-ai-misuse-in-hospital-bankruptcy-repays-fees
Bloomberg Law, "Bankruptcy judge reprimands ex-Gordon Rees lawyer for AI citations." https://news.bloomberglaw.com/bankruptcy-law/bankruptcy-judge-reprimands-ex-gordon-rees-lawyer-for-ai-citations
Above the Law, "Am Law 100 firm accused of filing brief riddled with AI hallucinations again." https://abovethelaw.com/2026/02/am-law-100-firm-accused-of-filing-brief-riddled-with-ai-hallucinations-again/
Duane Morris LLP client alert (March 2026), privilege and AI workflows. https://www.duanemorris.com/alerts/perils_privilege_waivers_through_ai_0326.html
Gibson Dunn client alert (February 2026), AI privilege waivers and Heppner. https://www.gibsondunn.com/ai-privilege-waivers-sdny-rules-against-privilege-protection-for-consumer-ai-outputs/
