Before you deploy an AI agent that can touch customer data, send messages, or move money, ask a question most leaders skip: does your insurance still cover it? For years, AI risk was mostly silently covered — carriers wrote cyber and technology errors and omissions policies that never mentioned AI, so claims were argued under existing wording. That era is closing. Insurers are adding AI exclusions, and autonomous agents sit in the widest gap of all. This is an executive checklist for reviewing coverage before you grant an agent access — and where AI governance and readiness fits in.
Silent AI coverage is ending. Carriers added generative-AI exclusion endorsements to standard commercial general liability forms at January 2026 renewals, and policy language now varies widely by insurer. Autonomous AI agents are the least-covered category of all. Review your cyber, tech E&O, professional liability, D&O, EPLI, crime, and general liability policies before an agent goes live.
Silent AI Coverage Is Ending
For years, AI risk was covered by accident. Policies did not mention AI, so a claim involving an AI system was argued under whatever wording existed. Insurers call this silent AI, and they are eliminating it — the same way the market eliminated silent cyber a decade ago.
The clearest signal came from standard forms. The Insurance Services Office introduced generative-AI exclusion endorsements — including forms CG 40 47 and CG 40 48 — attachable to commercial general liability policies at renewals effective January 1, 2026. The broad version bars coverage for harms tied to generative AI outputs across bodily injury, property damage, and advertising injury. The narrower version excludes only personal and advertising injury.
Do not expect one obvious exclusion page. Analysis of the 2026 renewal cycle describes narrowing showing up in revised base forms, new definitions, application questions, underwriting positions, and carve-backs — not a single conspicuous clause. Some carriers are clarifying AI coverage through endorsements; others are quietly removing it. The result is fragmentation: two businesses with similar-looking policies can have very different AI protection.
Why Agents Are the Real Gap
Most of the new policy language was written with chatbots and generative content in mind. Autonomous agents are a different problem, and the market knows it. Underwriters have noted that current endorsements address AI-enabled chatbots and generative AI but do not cleanly address AI agents — the fastest-growing deployment category, and the one most likely to raise attribution questions.
Attribution is the crux. When an agent with connector access edits a record, sends a message, or moves money, who caused the loss — the vendor, the model, your configuration, or the employee who approved it? That question decides which policy responds, and whether any of them do. An agent acting across your systems can plausibly implicate cyber, tech E&O, crime, and general liability at once — and fall between all four.
| AI failure scenario | Likely claim | Policy that may respond | Gap risk |
|---|---|---|---|
| Agent leaks customer data through a connector | Privacy breach, regulatory action | Cyber | New AI exclusions may bar the claim |
| Agent gives a client wrong professional advice | Professional negligence | Tech E&O / Professional liability | AI exclusion or narrowed definitions |
| Agent publishes infringing or defamatory marketing | Personal and advertising injury | General liability (Coverage B) | ISO gen-AI endorsement can exclude it |
| AI-generated output contributes to physical harm | Bodily injury / property damage | General liability (Coverage A) | Broad gen-AI exclusion may apply |
| Agent is manipulated into transferring funds | Social engineering, fraudulent transfer | Crime / fidelity | Often needs a specific endorsement |
| AI screening tool produces biased hiring outcomes | Discrimination | EPLI | AI exclusion may be attached |
| Board approves AI with no governance; investors sue | Breach of oversight duty | D&O | AI oversight is a rising D&O theme |
How Agent Permissions and Audit Logs Affect Insurability
Here is the part most leaders miss: your technical controls are now underwriting inputs. A small affirmative AI-coverage market is emerging, including offerings associated with Lloyd's syndicates and specialty carriers, and reporting indicates these markets grant and price coverage on documented governance evidence.
Carriers are asking practical questions. Is a human reviewing AI output before it goes public? What can each agent actually access? Can you produce a log of what the agent did? The better documented your review process, the better the underwriting outcome. In other words, scoped permissions and audit logs are not just security hygiene — they are insurable evidence.
That is a governance problem, not an insurance problem, and it is squarely what ITECS builds: a scoped permission model for every custom AI agent, human approval gates on sensitive actions, and audit logging that shows exactly what an agent touched.
- 01
Inventory
List every AI system, what data it reaches, and what it can do — read, write, send, publish, or transact.
- 02
Map
Match each realistic failure to the policy that would respond — and where no policy would.
- 03
Ask
Take specific questions to your broker. Request the actual policy wording, not a summary.
- 04
Decide
Buy an endorsement, pursue AI cover, or reduce agent permissions until exposure matches coverage.
Your Executive Coverage Review Checklist
Run this before the agent gets access, not after a claim.
Step 1: Inventory every AI use. List each AI system, who uses it, what data it reaches, and what it can do — read only, write, send, publish, or transact. Autonomy and reach are what underwriters care about. This is the same inventory required for AI governance and staff training.
Step 2: Map likely claims to policies. For each AI use, write down the realistic failure — a data leak, bad advice, a discriminatory screening result, a fraudulent transfer — and which policy would respond. Use the table above as your starting grid.
Step 3: Ask your broker specific questions. Generic reassurance is not an answer. Bring the questions below in writing, and ask for the actual policy language.
Step 4: Decide on endorsements or dedicated cover. Based on the answers, you either accept the gap, buy an affirmative AI endorsement, pursue dedicated AI liability coverage, or reduce the agent's permissions until the exposure matches your coverage.
Questions to Ask Your Broker
Take these to your renewal conversation, and ask for the policy wording rather than a summary.
Does any policy contain an AI or generative-AI exclusion, and which forms? Ask specifically about the ISO endorsements on your general liability policy.
How do our policies define artificial intelligence? Broad definitions can sweep in ordinary software and automation you already rely on.
If an autonomous agent causes the loss, which policy responds? Push for a written position on agent attribution, not a verbal assurance.
Is affirmative AI coverage or an endorsement available to us, and what governance evidence would it require? The answer tells you exactly what to build.
Will our AI use trigger new application questions or warranties at renewal? An inaccurate answer on an application can jeopardize coverage later.
Governance Is Now an Insurance Asset
The market shift is well documented. Legal analysis of the trend — including Fenwick's review of emerging AI exclusions and coverage fragmentation — describes exactly this move away from silent AI. Businesses that can show an AI inventory, scoped permissions, human review, and audit logs are in a materially better position, both at renewal and at claim time.
This article is general information, not insurance or legal advice. Coverage depends entirely on your specific policy wording, carrier, and jurisdiction. ITECS is not an insurance broker or advisor — confirm your coverage with a licensed broker and qualified counsel. What ITECS provides is the technical evidence they will ask you for.
How ITECS Helps You Get Underwriting-Ready
Most companies cannot answer an underwriter's questions because nobody has mapped their AI. ITECS closes that gap: we inventory every AI system and what it can reach, scope agent permissions to the minimum, put human approval gates on sensitive actions, and turn on the audit logging that proves what happened. A data and AI readiness audit produces the documentation record.
We price this the way we price all advisory work — hourly consulting or prepaid retainer hours with tracked usage, no monthly minimum and no expiration, plus a flat fee for a scoped governance build. The payoff is twofold: fewer incidents, and a defensible file when your broker or carrier asks what your agents can do. If you deploy agents into the EU, pair this with our EU AI Act transparency checklist. When you want AI you can actually insure, talk to the ITECS team.
Deploying AI agents? Build the inventory, permissions, and audit trail your insurer will ask for. Learn about our AI Consulting service or schedule a free AI assessment.
About The Author
The ITECS Team
ITECS helps Dallas business leaders adopt practical AI with the security, documentation, training, and operational discipline expected from an established managed technology partner.
Sources And Trust Signals
This article is based on ITECS implementation experience and the public resources below.
Legal analysis of the shift away from silent AI coverage, the emerging AI exclusions, and the fragmentation of policy language across carriers.
Trade reporting on how carriers and brokers are responding to AI exclusions ahead of and through the 2026 renewal cycle.
Policyholder-side analysis of the ISO generative-AI exclusion endorsements and how broadly their language may reach.
Market commentary noting that current endorsements address chatbots and generative AI but do not cleanly cover autonomous AI agents.
ITECS AI consulting and governance engagements — AI inventory, scoped agent permissions, approval gates, and audit logging.
The audit that produces the documented AI inventory and access record underwriters increasingly ask to see.
