What happened
Major insurance firms, including AIG, Great American, and WR Berkley, are introducing AI-specific endorsements to existing cyber and errors and omissions policies. These endorsements clarify or limit liability for AI agents and chatbots, specifically addressing risks such as model failures, hallucinations, data poisoning, prompt injection, and biased decisions. This action defines what constitutes an 'AI event' and aims to align coverage with the evolving regulatory landscape, including the EU AI Act, requiring detailed documentation and safeguards from policyholders.
Why it matters
The introduction of AI-specific endorsements creates a significant control gap in risk transfer for AI-related incidents, shifting the burden of proof and liability onto organisations. This raises due diligence requirements for compliance, IT security, and procurement teams, who must now provide detailed documentation of AI model performance, data provenance, and implemented safeguards, including human-in-the-loop controls. The explicit definition of 'AI event' and potential exclusions increase exposure to uninsurable AI-generated errors and regulatory non-compliance.
