SPOTLIGHT: AI
Managing risk in a new technology
AI, and specifically generative AI, is seeping into all corners of everyday life.
From algorithmic recommendations for what to watch on television to integration into professional workflows, AI shows up everywhere, both on the job and in leisure time.
AI also cuts across insurance paths, amplifying the risk landscape and affecting nearly every line and coverage in different ways.
Here are a few examples among different lines:
CYBER
AI risks abound in the cybersecurity landscape. Processing and integrating sensitive data is one of AI’s key value propositions. But failing to properly safeguard data processed by AI can lead to costly data privacy claims, particularly when personal health information is involved. Cyber threat actors are also increasingly using AI to refine their attack methods, while information security teams may use AI to thwart these attempts to breach their networks.
CRIME
Threat actors can use AI to generate more convincing social engineering fraud (SEF) ploys to trick recipients into believing, say, a bogus email came from a trusted source. AI can create deepfake impersonations of corporate leaders by effectively mimicking their images, voices, or writing styles to craft instructions for another employee to improperly transfer funds to an unauthorized recipient.
PROFESSIONAL LIABILITY
Professionals who place too much trust in AI take the risk of generating work product that conveys inaccurate or wholly made-up information. Examples include financial advisors who use AI to generate investment recommendations that lead to client losses, or algorithmic bias affecting decisions about the creditworthiness of loan applicants.
EMPLOYMENT PRACTICES LIABILITY
AI bias can result in employment practices-related claims if the technology uses illegal criteria to screen job applicants or otherwise evaluate current or prospective employees.
DIRECTORS & OFFICERS LIABILITY
Corporate leaders can face claims of “AI washing,” alleging exaggerated statements about a company’s AI capabilities or misrepresentations of AI’s impact on the enterprise. Such claims can attract securities class action or shareholder derivative lawsuits, or result in regulatory action.
CASUALTY/LIABILITY
A company’s use of an AI tool that the company fed specific rules or data could cause third-party bodily injury or property damage. An example could be an AI-driven chemical control system where an error leads to an explosion that engulfs a neighboring property. AI can also give rise to personal or advertising injury claims if the technology generates advertising copy or images that defame or violate one’s privacy.
PROPERTY
AI can cause first-party damage if an AI tool causes the building management system to malfunction. For example, AI may reduce a building’s heating to optimize energy use, but it may set the temperature so low that pipes freeze, burst, and cause ensuing water damage.
Technology errors & omissions
An insured’s technology services may incorporate an AI tool, or involve one that an insured is engineering expressly for a client, that can fail and trigger a technology errors and omissions loss.
Known unknowns about AI
These examples represent some of the known risks that AI can affect and potentially expand. But carriers worry about other unknown risks that AI can influence. They are watching loss trends closely as insureds implement AI across their enterprises. Carriers are also listening as insureds express uncertainty about how AI plays into their current coverages.
And all parties — carriers, brokers, and insureds alike — are weighing whether policy definitions and other policy language adequately address AI-driven risk and whether those exposures fall within the carriers’ risk appetites. For example, is the wording in a particular cyber policy broad enough to respond to current and future AI regulations? Do AI-related activities fall within the scope of defined professional services in a professional liability policy? How might a cyber exclusion in a D&O policy affect coverage for an AI-related loss?
Although it is the exception, some carriers have already drafted AI-specific exclusions for certain lines of coverage. Berkley Insurance Company, for example, issued an absolute AI exclusion that could apply to its D&O, EPL, and fiduciary liability coverages. Hamilton Insurance Group has a generative AI exclusion that could limit professional liability coverage. Earlier this year, three ISO exclusions took effect, seeking to exclude coverage for generative AI in commercial general liability policies, if a carrier wished to utilize this wording.
While any business that uses AI takes on some additional exposure, certain industries have characteristics that expose them to more AI-related risk than others. Among the industries that carriers are concerned about:
Healthcare
As providers and others use AI to assist with diagnostics and treatment recommendations, or to manage patient data, carriers are weighing the benefits of these use cases against the potential for medical malpractice and data privacy claims.
Financial services & real estate
These industries face exposure to potentially discriminatory or biased AI output, which may appear in the form of inconsistent treatment of similarly situated applicants for loans or other financial services, or housing determinations.
LAW
Lawyers have gravitated to AI to help draft briefs, conduct legal research, and review contracts. But AI can make mistakes, and overreliance on AI tools can lead to embarrassing and actionable outcomes when those mistakes make their way into attorney work product. Clients also risk generating discoverable information if they enter sensitive facts or legal theories into an open AI tool, as courts have found that attorney-client privilege does not attach to such communications.
TECHNOLOGY PROVIDERS
AI developers train large language models (LLMs) on existing creative material, which can lead and has led to intellectual property infringement claims against the developers themselves and their users.
Users of autonomous AI
Transportation companies that use AI drivers, or industrial enterprises that use drones or robotics, run the risk of bodily injury and property damage claims.
As carriers learn to underwrite to AI-enhanced risks, some are creating new products to expressly address the extent of AI-related coverage. Some of these products may support insureds’ adoption and development of the new technology. However, depending on a client’s industry, details around their AI use cases, and their current policy language, AI-specific language within policies is often not required and sometimes not recommended. Insureds should consult with a Lockton broker to learn about the coverage these products offer and the other AI-specific terms that may be negotiable with their incumbent carriers.
Here are select examples of AI-specific forms available in the marketplace:
Munich Re’s aiSure line has policy forms that address a wide range of risks for AI providers and companies that use AI. The value proposition is protection for financial losses and liabilities arising from issues like model errors, underperformance, hallucinations, lost revenue, business interruption, and legal damages, including generative AI-specific risks. The coverage is designed to complement traditional cyber/E&O by guaranteeing AI model performance and enabling indemnification of clients when predefined performance thresholds are not met.
Relm’s AI Response Insurance Policy covers first-party coverage for business interruption, reputational harm, product recall, and incident response costs stemming from AI incidents. By comparison, its AI cyber and tech E&O policy covers both third-party liability and first-party losses for tech E&O, AI, media liability, fee and expense protection, cybersecurity and privacy claims, business interruption, and financial offenses like extortion and digital crime. And itsAI liability wrap policy is an excess wrap policy that addresses IP infringement, personal injury, discrimination, privacy, bodily injury, property damage, AI regulation, and E&O liability when underlying policy limits are reached or otherwise not responding.
Testudo offers liability coverage for damages arising from the use of generative AI, including hallucinations, intellectual property infringement, unauthorized data disclosures, and physical property damage.
Armilla has developed policies for generative AI developers and users across high-exposure industries, including financial services, healthcare, media, telecommunications, and professional services. Its “all risks” AI liability insurance responds to third-party claims related to model errors, hallucinations, non-breach data leaks, personal and advertising injury, economic losses, property damage, and AI regulatory violations.
Mayflower Specialty has a primary policy form that addresses D&O, EPL, and E&O to cover AI-related management, employment, and professional liability risks, whereas its excess difference-in-conditions policy sits on top of existing D&O, EPL, and E&O programs to drop down when an underlying carrier offering those coverages denies an AI-related claim.
As with anyone else, underwriters will gain more knowledge about AI in the coming years. That includes how and to what extent it amplifies risks for different insureds, what can be done to mitigate those risks, and whether the carrier wishes to cover the residual risk and at what price.
Many carriers presently seem satisfied with how companies address AI in underwriting submissions. But there is a growing awareness that AI exposure is already on the books in many instances. To shorten the learning curve, some carriers are beginning to ask increasingly granular questions about how AI is used, whether it’s agentic AI, generative AI, or both. As a starting place, insureds may be asked to explain to their underwriters what AI tools the company has approved as well as who is allowed to use them and for what purposes.
Some carriers also want to learn more about AI governance within companies and will ask specific questions to explore this. What policies exist that govern AI’s use? How are employees trained on AI? How are data and privacy protected? How is AI addressed in contracts with vendors? Are there human resources use cases for AI? Is there a way to escalate complaints about AI use within the company?
Taking it a step further, insureds that operate in the European Union should expect carriers to ask questions that mirror the structure of the EU AI Act, which classifies risks as low, medium, and high.
Insureds will benefit from preparing for these questions in their upcoming renewals by setting a narrative and driving the conversation about the company’s AI use and the guardrails around it. Such preparation calls for insureds to identify and consult with all internal stakeholders and to educate themselves about the technology and potential next-level underwriting questions.
It also calls for them to work with their broker to understand whether their current policies adequately cover their AI exposures. Insureds can help move that conversation along by understanding how AI is used across the enterprise and reviewing vendor contracts to speak knowledgeably about potential downstream consequences of those relationships.
Lockton can help clients prepare for this evolving underwriting process, better understand both general and industry-specific AI risks, and to further their AI-related enterprise risk activities. In addition to leading the renewal preparation process, Lockton is closely following the evolving state of the insurance market, conducting coverage mapping exercises, watching the development of AI-related claims, and facilitating connections with external AI support resources.
Ultimately, it is our goal to negotiate coverage that adequately addresses our insureds’ potential AI exposures, including AI-specific terms when needed, and overall increase certainty amid what may feel like a very uncertain technology horizon.
© 2026 Lockton Companies. All rights reserved.