iManage is betting that law firms want their AI assistants to talk directly to their document management systems—and it’s adopting an open protocol to make that happen securely. The company’s latest wave of updates adds support for Anthropic’s Model Context Protocol (MCP), supercharges its Insight+ knowledge discovery engine, and transforms its Ask iManage conversational assistant into a multi-turn research tool with inline evidence. The moves are engineered to let third-party AI applications discover and query iManage-cloud-hosted content while respecting ethical walls and permissions, and to push trusted, citation-backed answers into Microsoft 365 and Copilot workflows.

The announcement, covered on August 12 by insideAI News, comes on the heels of a breakout year for the knowledge-work platform. In March 2025, iManage reported a 42% year-over-year jump in annual recurring revenue, 305 new customer logos across four continents, and a cloud-native platform now used by 71% of its over 1.1 million users. The company manages billions of documents for 85% of the Global 100, 82% of the AmLaw 200, and 41% of the Fortune 100, and its AI services—first showcased in 2024—already include Ask iManage, AI Enrichment, and Mailbox Assistant. Those earlier features were rolled out through a structured Wayfinder adoption program; the new MCP support and Insight+ upgrades represent a deliberate architectural shift rather than a simple feature drop.

The Model Context Protocol, introduced by Anthropic in November 2024, standardizes how AI clients and agent frameworks discover and invoke external tools and data sources. It defines a client-server interface that exposes searchable knowledge, callable tools, and structured actions in a way large language models (LLMs) can consume programmatically. That replaces a rat’s nest of custom connectors with a single, well-defined API.

For a document management system (DMS) like iManage, MCP support means any MCP-compatible AI application—be it a general-purpose chat interface, a domain-specific agent, or a Copilot skill—can discover available document repositories, search across them, and retrieve context without hard-coded integrations. iManage positions its implementation as permission-aware: the MCP server running inside iManage Cloud will respect the same access controls, ethical walls, and matter-level security that govern human users. A partner who shouldn’t see certain client files won’t magically see them through an AI agent.

The practical upshot is choice. Law firms aren’t locked into a single model vendor or a proprietary AI frontend. They can connect any MCP-capable tool—from Microsoft’s Copilot ecosystem to emerging open-source agent frameworks—to their institutional knowledge base, provided they trust the client. The protocol’s rapid industry uptake, including preview support in Microsoft Copilot Studio’s March 2025 update, means iManage is plugging its content into a growing constellation of AI services rather than isolating firms behind a single-vendor agent.

Inside the Insight+ and Ask iManage Upgrades

iManage Insight+ debuted in late 2023 as a knowledge search and management layer native to iManage Cloud. By mid-2025, it has been augmented with two headline capabilities: Ask Knowledge and Matter Search.

Ask Knowledge delivers natural-language generative AI search grounded in firm content. Unlike a generic chatbot that might hallucinate case law, it restricts its answers to the firm’s curated knowledge sets, recent filings, and matter-specific documents. The company calls it the “fastest path to trusted answers,” and early adopters report measurable reductions in time spent hunting for precedent.

Matter Search goes beyond simple keyword matching. It connects documents to matter metadata—client, practice area, jurisdiction, profitability, partner—so lawyers can spot trends. A partner can ask, “Show me how often our London office wins summary judgment in patent cases,” and get a synthesized answer with linked evidence. That kind of business-level insight has traditionally required a separate analytics tool and manual data wrangling; folding it into the DMS-native search engine reduces tool sprawl and centralizes governance.

Ask iManage, meanwhile, has evolved from a single-shot Q&A bot into a conversational engine. New features include multi-turn conversations that preserve context across follow-up questions, and “Ask Across,” which synthesizes answers across multiple documents for tasks like due diligence or regulatory reviews. The interface now supports hover-to-highlight citations, letting a user see the exact passage supporting an AI-generated conclusion. This matters enormously in legal contexts: a lawyer who can instantly verify sources is more likely to trust and defend an AI-assisted work product.

Tim Brazeal, Bracewell LLP’s Chief Information Officer, said the firm has seen “real and measurable business impact” from Ask iManage, particularly from the Ask Across capability. iManage packages all this through its Wayfinder enablement program, which includes training, usage dashboards, and feedback loops to turn AI into actual daily practice rather than shelfware.

The Microsoft 365 and Copilot Angle

iManage’s embrace of MCP dovetails with its deepening investment in the Microsoft ecosystem. The platform already runs exclusively on Azure, with ten global regions including a new Swiss data center added in 2024 to satisfy data-residency requirements. It offers native integrations with Word, Outlook, and Teams, and in 2024 it introduced Copilot integration that lets Microsoft’s AI surface iManage content inside those applications.

With MCP support, the path to letting Copilot agents directly query an iManage repository becomes even shorter. Microsoft’s Copilot Studio added MCP connectors in public preview in March 2025, meaning a firm could build a Copilot agent that, with proper permissions, calls iManage’s MCP server to retrieve relevant precedents while a lawyer drafts a brief in Word. The architecture keeps the user inside the productivity environment they already know and reduces context-switching—a proven productivity killer for knowledge workers.

A significant sustainability note: iManage reports that moving on-premise workloads to iManage Cloud avoided approximately 4,335 tons of CO₂ per month in 2024. That figure aligns with a broader industry trend of cloud migrations yielding carbon savings, but it also reinforces why iManage sees the cloud as the only viable foundation for delivering AI at scale: the compute required for LLM inference and large-scale indexing demands elastic, centralized infrastructure.

Governance and Security: The MCP Risk Surface

The MCP protocol, while powerful, is not without peril. Security researchers have catalogued concrete attack vectors that any iManage deployment must address: prompt injection through malicious tool descriptions, tool shadowing where a rogue MCP server overrides a legitimate one, and classic implementation vulnerabilities like the remote code execution bug (CVE-2025-6514) disclosed in mcp-remote proxy tools.

The core threat: an MCP server that describes its tools deceptively can trick an LLM into executing harmful actions. A tool labeled “retrieve_document” might actually exfiltrate data. If a law firm connects an untrusted MCP client or grants agentic access without strict scoping, the same permission model that protects human users could be bypassed at the tool layer.

iManage’s public messaging leans heavily on “governed access” and permission-aware discovery. The company says its MCP server will respect the DMS’s access controls and ethical walls, meaning a client that connects to iManage Cloud inherits the same restrictions as the logged-in user. That’s a necessary but not sufficient safeguard. Real-world MCP safety requires additional layers: explicit user consent for tool invocations, immutable signed tool manifests to prevent rug-pull attacks, runtime policy enforcement, and comprehensive logging of every tool call for audit.

The broader MCP ecosystem is coalescing around these mitigations. Research papers proposic signed tool definitions and “MCP-safety” scanners, and enterprise-focused MCP implementations are adding network segmentation and approval workflows. iManage and its partner network—which numbers roughly 300 firms—will need to bake these controls into onboarding materials and Wayfinder playbooks if they want Chief Security Officers to embrace agentic access to client files.

Adoption Realities: Who Wins and Who Should Move Slowly

For large law firms already running iManage Cloud with strict ethical walls and a mature knowledge management function, the path to value is straightforward. They can pilot Insight+ on non-confidential workstreams, let associates use Ask iManage to flag relevant precedent, and gradually open MCP-powered agents for tasks like summarizing discovery or drafting routine correspondence. The Wayfinder program’s structured metrics—time-to-answer, draft accuracy, task automation rates—provide a framework to measure ROI and identify policy gaps.

Knowledge management teams stand to gain the most from Insight+’s ability to reveal trends across matters. A KM partner who can instantly pull success rates by jurisdiction or attorney without commissioning a separate data project can make more informed resourcing decisions and surface institutional expertise that might otherwise stay buried.

But not every organization should rush in. Firms that mix highly regulated data under one tenant—defense work for a pharmaceutical company alongside plaintiff-side cases against that same company, for example—must validate that MCP-powered agents truly respect ethical screens before enabling any tool invocation. Clients who demand ironclad separation of data may require contractual guarantees or independent audits of the AI pipeline. And IT departments accustomed to locking down DMS access to a handful of blessed applications will need to adjust to a world where dozens of MCP-capable tools could seek a connection; that demands a new class of approval, monitoring, and revocation infrastructure.

A phased rollout makes sense: start with read-only AI search inside iManage’s own interfaces (Ask iManage) to prove value and iron out governance wrinkles, then extend MCP access to trusted Microsoft Copilot instances before letting third-party agents in. At each stage, audit every tool call, enforce least privilege, and require explicit user consent for actions that could modify or export content.

Long-Term Outlook and Strategic Positioning

iManage’s announcement is less about a single feature bump and more about staking a claim in the emerging agent economy. By supporting MCP, the company signals that it wants its document repository to be the canonical knowledge layer that any AI agent can consult—but on terms that preserve the governance and defensibility legal work demands. That’s a bet that the open protocol will win over proprietary connectors, and that firms will reward a vendor that gives them freedom to choose their AI stack.

If the bet pays off, iManage could become as integral to agentic legal workflows as it is to document storage. Lawyers wouldn’t just file memos in iManage; they’d rely on it to feed context to the agents that draft, review, and analyze on their behalf. That vision aligns with the company’s 42% revenue growth and its push to move 71% of customers to the cloud, because AI-driven workloads require the elasticity and centralized security of a cloud-native platform.

But with great interoperability comes great security responsibility. MCP’s attack surface is real, and the protocol is still maturing. The vendors that pair openness with rigorous, verifiable controls—signed tool manifests, mandatory consent flows, granular audit logs—will earn the trust needed to handle the world’s most sensitive legal data. iManage has laid out a plausible architecture; the next 12 months will show whether its implementation, its partner ecosystem, and its adoption programs can deliver on the promise of governed agentic AI without introducing unacceptable risk.