New research presented in a whitepaper from Gallagher Re notes that as organizations embed artificial intelligence (AI) into customer interactions, decision making and core processes they may be exposing themselves to a growing class of liabilities they say traditional insurance may not fully recognize or respond to.

The paper, entitled Smart Systems, Blind Spots: Rethinking Insurance for the AI Era, looks at how current insurance coverages respond to the relatively novel risks that AI and generative AI usage creates. It also looks briefly at which companies are also evolving stand-alone coverage for AI-native liabilities. It additionally notes that courts and regulators are often treating AI failures as the responsibility of those deploying the technology, not the vendor.

Explicit protection needed 

“Coverage, governance and contractual protections must evolve,” they write. “Enterprises need explicit protection for AI-driven liability, supported by stronger governance and smarter program design.” 

In looking at litigation figures, they say patterns show that AI-related harm is not theoretical – “it is legally validated, financially material and rapidly expanding…Businesses deploying AI are also increasingly conscious of the risks.” 

Existing policies may provide some AI coverage but the paper adds that this approach to risk mitigation is fragmented and leaves significant gaps remaining unaddressed.

“For example, a problem caused by a customer-facing chatbot might trigger a liability claim, whereas an AI-assisted cyber attack might trigger a cyber insurance policy. Other policies that could be triggered by AI faults include technology errors and omissions (E&O) policies, product liability or commercial general liability insurance,” they write.

In explaining the different coverages further, they point out that AI as an attack vector will trigger cyber coverage but as a liability source (hallucinations, discrimination and intellectual property infringement) it generally does not. The paper also examines E&O, product liability and commercial general liability policy limitations.

Deployer-focused insurance products 

“While existing liability and cyber policies may offer partial coverage, AI systems create distinct liabilities that fall outside standard insurance policies. These coverage gaps emerge from fundamental mismatches between AI risk characteristics and traditional policy structures designed for human actors, physical assets and clearly defined security perimeters,” the paper adds. Risks examined which fall outside of traditional coverage include algorithmic failures, discrimination, model degradation, data supply chain risks and legal contracts which generally favour vendors, leaving those deploying the technology to shoulder most of the liability. “This imbalance reinforces the case for deployer-focused insurance products,” the paper states.

Two-fold response 

The insurance industry’s response has been two-fold, they say: “Firstly, specialized insurers are developing standalone products addressing exposures that traditional policies do not adequately cover. Secondly, established carriers are introducing enhanced endorsements that adapt existing coverage frameworks. Both approaches are necessary to meet the challenges presented by these new uninsured risks.” 

Going forward, they suggest clarifying AI coverage boundaries in existing policy lines and explicitly stating an insurer’s appetite for AI risk coverage. “The question is no longer whether AI will create liability but whether the insurance market can adapt quickly enough to address it.”