This article examines how the legal profession’s shift from passive generative AI tools to autonomous or semi-autonomous agentic AI systems dramatically expands the “risk surface” of AI in law practice. It argues that once AI systems can plan, use tools, access files, interact with other agents, and take actions in the world, the ethical and professional risks move far beyond confidentiality and fabricated output to include unauthorized acts, tool misuse, memory leakage, cross-agent cascading failures, shadow AI, and compromised permissions. The article explains how these risks implicate a wide range of duties under the Model Rules of Professional Conduct, including competence, confidentiality, candor, scope of representation, supervision, fees, and unauthorized practice of law. It concludes by outlining practical governance responses for law firms and courts, including secure deployment environments, zero-trust architecture, human-in-the-loop review, and least-privilege access, while emphasizing that the human lawyer remains ultimately responsible for the actions of digital agents in legal practice.