Risk managers have long treated AI liability as a problem of âmodel mistakesâ: a chatbot gives the wrong answer, an automated email goes out with incorrect information, or a recommendation engine produces biased outcomes. Those scenarios are already challenging enough for insurers and businesses, but a new wave of lawsuits is forcing a more uncomfortable questionâwhat happens when AI stops merely responding and starts acting?
A report highlighted by the Financial Times points to a growing mismatch between conventional insurance coverage and the kinds of harm that can arise when companies deploy autonomous âagentsâ rather than static or conversational systems. The shift matters because agent-like AI changes the shape of risk. It can initiate actions, interact with systems, execute workflows, and make decisions that ripple through operations. In other words, the failure mode is no longer confined to an incorrect response; it can become an operational event with legal consequences that donât fit neatly into existing policy categories.
For businesses, this is not just a theoretical concern. As agent-based tools move from pilots into productionâhandling tasks such as customer support triage, procurement assistance, document processing, scheduling, fraud checks, and even parts of software operationsâthe legal system is beginning to test where responsibility lies. And insurers are being asked to decide whether their wordings were written for the world companies actually live in now.
The core issue: coverage language often assumes a narrower universe of incidents
Traditional insurance productsâcyber, professional liability, technology errors and omissions, directors and officers, general liability, employment practices, and product-related coveragesâwere largely built around predictable categories of harm. Many policies implicitly assume that the insuredâs role is to provide a service or advice, and that the main loss stems from a mistake in that service: inaccurate information, negligent advice, or a data breach.
Agent-based AI complicates that assumption. When an AI system takes actions, the incident can look less like a âprofessional errorâ and more like an operational malfunction. It may also blur lines between cyber events, operational failures, and contractual breaches. A single deployment can involve multiple risk vectors at once: data access, decision-making, external integrations, and downstream effects on customers, employees, partners, and regulators.
Thatâs where the coverage gap emerges. Even if a policy covers âtechnology errors,â the question becomes whether the agentâs behavior qualifies as a covered âerror,â whether the harm is considered âresulting fromâ the insuredâs professional services, and whether exclusions apply when the AI is effectively acting as part of the business process rather than as a tool that merely advises.
The reportâs emphasis on widening legal claims reflects a broader trend: courts and plaintiffs are increasingly willing to argue that AI-driven harm should be treated as a form of negligence, misrepresentation, breach of duty, or failure of controlsâdepending on the facts. Agentic systems can trigger more of these theories because they create more opportunities for causation disputes. If the AI took an action that caused harm, plaintiffs can argue that the company failed to supervise, failed to implement adequate safeguards, or failed to ensure the system behaved within acceptable boundaries.
Why âchatbot errorsâ are not the same as âagent outcomesâ
The phrase âchatbot errorsâ has been a convenient shorthand for early AI litigation. In those cases, the alleged harm often centers on content generation: incorrect statements, hallucinated citations, misleading responses, or inappropriate tone. Even when the consequences are serious, the causal chain is frequently framed as âthe model produced the wrong output.â
Agent-based AI shifts the causal chain. Instead of producing text, it may produce actions: placing orders, changing account settings, sending messages, updating records, generating invoices, modifying access permissions, or triggering workflows. The harm can therefore be both direct and indirect. Direct harm might include financial loss from an erroneous transaction. Indirect harm might include cascading operational disruption, customer churn, regulatory reporting failures, or reputational damage that follows from a sequence of automated steps.
This matters for insurance because many policies are structured around the nature of the incident and the timing of the loss. If the incident is treated as an operational eventâespecially one involving automationâinsurers may argue that it falls outside certain technology-specific coverages or is excluded under provisions related to intentional acts, expected results, or failure to maintain security controls.
There is also a subtler point: agentic systems can create âunexpected outcomesâ that are not simply wrong answers. They can be technically plausible but strategically harmful. For example, an agent might interpret a goal too literally, optimize for a metric that doesnât align with legal or ethical constraints, or exploit loopholes in a workflow. Plaintiffs may argue that the companyâs governance was inadequate because it did not anticipate how the agent would behave under real-world conditions.
In that scenario, the dispute is not only about whether the AI made a mistake. It becomes about whether the company exercised reasonable control over a system that was designed to act.
Accountability becomes the battlegroundâand insurance is pulled into it
When AI is used as a passive tool, accountability questions can be relatively straightforward: who authored the content, who deployed the system, and what safeguards were in place. With agents, accountability becomes more complex because the system can operate semi-independently. That independence raises questions such as:
Who is responsible for the agentâs decisions when it acts across multiple systems?
How should companies document the agentâs decision logic when it is probabilistic or opaque?
What constitutes âreasonable supervisionâ for an AI that can take actions without human approval at every step?
How should incident response work when the agentâs actions are distributed across time and systems?
These questions are exactly the kind that can expand legal claims. Plaintiffs can frame the companyâs conduct as a failure of duty: failure to implement adequate monitoring, failure to prevent foreseeable misuse, failure to validate outputs before action, or failure to maintain audit trails.
Insurance coverage then becomes a secondary battlefield. Even when a policy might cover some aspects of the harm, insurers may contest whether the claim is truly âcoveredâ given the policyâs definitions and exclusions. The more the legal theories broaden, the more likely it is that at least one theory will fall into a gray zone.
The reportâs warning about conventional insurance âlagging behindâ is essentially about this lag in interpretation. Policy language tends to be stable for years, while AI deployments evolve quickly. Agentic systems are not just a new interface; they are a new operational paradigm. That means the risk profile changes faster than underwriting models and coverage wording can adapt.
The unique risk profile of agentic AI: more surface area, more integration, more causation arguments
Agent-based AI typically requires deeper integration with business systems. Instead of a single application boundary, the agent may connect to internal databases, ticketing systems, CRM platforms, payment tools, identity management, and third-party APIs. Each integration introduces potential failure points and increases the number of parties involved in the incident.
From a legal perspective, that creates more causation arguments. Plaintiffs can argue that the companyâs architecture allowed the agent to access data it shouldnât have, or that the agentâs permissions were too broad. They can also argue that the company failed to implement guardrails, rate limits, approval workflows, or rollback mechanisms.
From an insurance perspective, integration-heavy architectures can also complicate the classification of incidents. A single event might be described as a cyber incident (if unauthorized access occurred), a professional liability incident (if advice or decisions were negligent), and a technology E&O incident (if the system malfunctioned). If the policy is written to cover one category but excludes another, the insured may face partial coverage or denial.
Even when coverage exists, the cost of defending claims can rise. Agentic AI disputes often require technical experts, forensic analysis of logs, and reconstruction of the agentâs decision path. That increases defense costs and can strain policy limits.
The reportâs âwidening range of legal claimsâ point is therefore not only about more lawsuits. Itâs about more types of allegations, more complex fact patterns, and more expensive litigation.
Where the gaps show up in practice: governance, documentation, and incident response
One reason insurance gaps become visible during litigation is that lawsuits force companies to explain what they did before the incident. With agentic AI, those explanations often hinge on governance and operational controls.
Businesses that treat AI as a âtoolâ sometimes struggle to demonstrate that they managed it like a system with real-world authority. Insurers and plaintiffs alike may ask:
Was there a clear risk assessment before deployment?
Were permissions scoped appropriately?
Were actions gated by human review when necessary?
Were there monitoring and alerting mechanisms?
Did the company maintain audit logs sufficient to reconstruct events?
Were there procedures for safe shutdown, rollback, and remediation?
Were vendors and subcontractors contractually required to meet security and performance standards?
If the company cannot answer these questions convincingly, it becomes easier for plaintiffs to argue negligence or failure of controls. And if the policy requires that certain conditions be metâsuch as maintaining security measures or following incident response protocolsâthen governance weaknesses can translate into coverage disputes.
This is why the reportâs message resonates with risk managers: the insurance problem is partly a coverage problem, but it is also a preparedness problem. Agentic AI increases the likelihood that a company will need to prove not only that it had insurance, but that it operated responsibly enough to keep the claim within the intended scope of coverage.
A unique take: the real coverage gap may be âcontrol,â not âcostâ
Itâs tempting to frame the issue as insurers simply not paying. But the deeper story is about controlâwho controls the system, how control is enforced, and how control is evidenced.
Conventional insurance was built for environments where humans remain the primary decision-makers and where automation is limited. Agentic AI blurs that boundary. Even if a company retains ultimate responsibility, the systemâs autonomy can create a perceptionâsometimes accurate, sometimes notâthat the company outsourced judgment to software.
That perception can influence both legal outcomes and insurance outcomes. Courts may treat the companyâs oversight as part of the duty of care. Insurers may treat oversight as part of the risk
