Not Your Core Model: Grok, DeepSeek, Llama and the Truth About Alignment in Legal AI
Most of the time when we talk about alignment, we’re really talking about interface behaviour. Does the chatbot refuse the wrong things? Is it too eager to answer something sensitive? Does it hallucinate confidently?
All of this though comes after the fact.
By the time you’re calling a model in production, most of the important decisions about how it responds, what it defaults to, what it avoids, what tone it takes are already baked into the weights.
Which is why Grok, DeepSeek, Llama and others all behave so differently, even when they don’t have any safety wrappers or live censorship sitting on top.
Grok: opinionated by design
Simon Willison spotted something unusual: Grok 4 wasn’t just answering a prompt about Israel-Palestine, it was seemingly browsing Elon Musk’s tweets first, then shaping its answer accordingly.
Even more concerning: Asking Grok 4 Heavy ($300/mo) return its surname and no other text: "Hitler"
That’s not a system prompt. That’s emergent behaviour from the model’s training. It learned that Elon’s opinions matter and it responds like it knows who’s signing off the budget for the servers.
This isn’t a moderation layer. It’s deeper than that, it’s an alignment artefact that lives in the weights, all this is why Grok wouldn't appear to be safe to build your legal reasoning on.
If you're reviewing a clause, flagging risk, or generating client-facing content, the last thing you want is a model that checks in with a billionaire’s vibe before it speaks.
DeepSeek: learned deference
Now take DeepSeek R1, which is an open-weight Chinese model that, on paper, looks fairly capable. You can run it locally, no moderation layer, no government API in the loop.
Yet, when you ask it about topics like Tiananmen Square, Taiwan, or protest law, it doesn’t just answer cautiously, it often avoids answering at all.
That’s not censorship at runtime. It’s a reflection of how the model was trained:
- The training data almost certainly filters or avoids politically sensitive topics.
- The alignment stage encourages deferential, risk-averse answers.
- The reward model reinforces "safe" behaviour, even in private, local deployments.
So even without filters in place, the model acts like it’s still being watched. That’s not inherently bad, but it means you're working with a worldview that downplays certain risks and legal rights. If you're doing global due diligence, that becomes a blind spot.
Llama: neutral until nudged
Llama 3 sits somewhere else entirely. It's open-weight, multilingual, and tuned to be helpful and harmless, but that helpfulness often looks like bland neutrality.
It won't dodge questions like DeepSeek, but it won’t offer a strong point of view either. Ask it to argue both sides, and it will but then ask it to commit to one, and it’ll hedge.
That’s ideal for a base model, especially in legal tech, where you want structured outputs and stable reasoning. But if you want persuasive argumentation or assertive tone without heavy prompting or fine-tuning, it won’t get you there on its own.
What it does offer is flexibility:
- Easy to self-host
- No hidden worldview beyond the default Western liberal centre
- Easily adapted via LoRA, retrieval, or prompt design
That makes Llama useful at the core, as long as you know it won’t take strong stances out of the box.
Why this matters for legal tech
This isn’t just abstract model behaviour. It affects how tools behave under pressure.
- Grok might sound bold and confident, but if it’s secretly shaped by Elon’s feed, that confidence could reflect personal bias, not legal reasoning.
- DeepSeek might seem calm and polished, but it might be skipping key risks because the underlying data taught it to avoid political friction.
- Llama might seem safe, but it might underperform in adversarial contexts where decisiveness matters.
Now remember: none of this is about the UI. These are characteristics of the models themselves. They’ll show up whether you call them from a browser, a CLI, or an air-gapped legal appliance.
So what should you do?
Here’s how I’d approach it:
| Use case | Best-fit model |
|---|---|
| Core legal reasoning | GPT-o1/o3, Claude 3.5, or Llama 3 with structured prompting |
| Populist stress testing | Grok 4 |
| China-specific legal tools | DeepSeek R1 (carefully wrapped) |
| Global, self-hosted platform | Llama 3 or Mistral with added safeguards |
| Argument simulation / adversarial reasoning | Grok or fine-tuned Llama, depending on tone needed |
Don’t think in terms of “best” model. Think in terms of worldview, behaviour, and fit for the task. Then layer on safety, transparency, and traceability around that.
Models don’t need a system prompt to be biased. They already believe things, not because they were told to, but because they absorbed patterns from their training data and alignment stage.
That’s why you don’t build on Grok, you'd use it at the edges. Same with DeepSeek. Llama, with all its blandness, might just be the safest thing in the stack, precisely because it doesn’t come with opinions.
If you're building in legal AI, you’re not just choosing tools. You’re choosing voices. Make sure you know whose voice your model is really echoing.
This all ties back to something I wrote recently about engineering the a-hole into them, the idea that models don’t just need legal knowledge, they need the right posture. If your model’s going to act like a sharp, unflinching negotiator or a pushy redliner, that behaviour won’t come from a vague "alignment" process. You have to build it in, through tone, preference data, persona tuning, and constraint-aware prompting.
Because whether you're using Grok, DeepSeek, or your own fine-tuned Llama, the same rule holds: if you don’t engineer the behaviour deliberately, you’ll inherit someone else’s.