Skip to content
ITECS
AI ConsultingJuly 14, 202611 min read

AI Insurance Gaps: Review Your Coverage Before You Deploy Agents

Silent AI coverage is ending. New exclusions hit 2026 renewals, and autonomous agents fall in the widest gap. Review cyber, E&O, D&O, and crime cover before you deploy.

Before you deploy an AI agent that can touch customer data, send messages, or move money, ask a question most leaders skip: does your insurance still cover it? For years, AI risk was mostly silently covered — carriers wrote cyber and technology errors and omissions policies that never mentioned AI, so claims were argued under existing wording. That era is closing. Insurers are adding AI exclusions, and autonomous agents sit in the widest gap of all. This is an executive checklist for reviewing coverage before you grant an agent access — and where AI governance and readiness fits in.

Silent AI coverage is ending. Carriers added generative-AI exclusion endorsements to standard commercial general liability forms at January 2026 renewals, and policy language now varies widely by insurer. Autonomous AI agents are the least-covered category of all. Review your cyber, tech E&O, professional liability, D&O, EPLI, crime, and general liability policies before an agent goes live.

Silent AI Coverage Is Ending

For years, AI risk was covered by accident. Policies did not mention AI, so a claim involving an AI system was argued under whatever wording existed. Insurers call this silent AI, and they are eliminating it — the same way the market eliminated silent cyber a decade ago.

The clearest signal came from standard forms. The Insurance Services Office introduced generative-AI exclusion endorsements — including forms CG 40 47 and CG 40 48 — attachable to commercial general liability policies at renewals effective January 1, 2026. The broad version bars coverage for harms tied to generative AI outputs across bodily injury, property damage, and advertising injury. The narrower version excludes only personal and advertising injury.

Do not expect one obvious exclusion page. Analysis of the 2026 renewal cycle describes narrowing showing up in revised base forms, new definitions, application questions, underwriting positions, and carve-backs — not a single conspicuous clause. Some carriers are clarifying AI coverage through endorsements; others are quietly removing it. The result is fragmentation: two businesses with similar-looking policies can have very different AI protection.

Why Agents Are the Real Gap

Most of the new policy language was written with chatbots and generative content in mind. Autonomous agents are a different problem, and the market knows it. Underwriters have noted that current endorsements address AI-enabled chatbots and generative AI but do not cleanly address AI agents — the fastest-growing deployment category, and the one most likely to raise attribution questions.

Attribution is the crux. When an agent with connector access edits a record, sends a message, or moves money, who caused the loss — the vendor, the model, your configuration, or the employee who approved it? That question decides which policy responds, and whether any of them do. An agent acting across your systems can plausibly implicate cyber, tech E&O, crime, and general liability at once — and fall between all four.

AI and agent failure scenarios mapped to the likely claim, the insurance policy that would normally respond, and the coverage gap risk — across cyber, technology errors and omissions, general liability, crime, employment practices, and directors and officers policies.
AI failure scenarioLikely claimPolicy that may respondGap risk
Agent leaks customer data through a connectorPrivacy breach, regulatory actionCyberNew AI exclusions may bar the claim
Agent gives a client wrong professional adviceProfessional negligenceTech E&O / Professional liabilityAI exclusion or narrowed definitions
Agent publishes infringing or defamatory marketingPersonal and advertising injuryGeneral liability (Coverage B)ISO gen-AI endorsement can exclude it
AI-generated output contributes to physical harmBodily injury / property damageGeneral liability (Coverage A)Broad gen-AI exclusion may apply
Agent is manipulated into transferring fundsSocial engineering, fraudulent transferCrime / fidelityOften needs a specific endorsement
AI screening tool produces biased hiring outcomesDiscriminationEPLIAI exclusion may be attached
Board approves AI with no governance; investors sueBreach of oversight dutyD&OAI oversight is a rising D&O theme

How Agent Permissions and Audit Logs Affect Insurability

Here is the part most leaders miss: your technical controls are now underwriting inputs. A small affirmative AI-coverage market is emerging, including offerings associated with Lloyd's syndicates and specialty carriers, and reporting indicates these markets grant and price coverage on documented governance evidence.

Carriers are asking practical questions. Is a human reviewing AI output before it goes public? What can each agent actually access? Can you produce a log of what the agent did? The better documented your review process, the better the underwriting outcome. In other words, scoped permissions and audit logs are not just security hygiene — they are insurable evidence.

That is a governance problem, not an insurance problem, and it is squarely what ITECS builds: a scoped permission model for every custom AI agent, human approval gates on sensitive actions, and audit logging that shows exactly what an agent touched.

  1. 01

    Inventory

    List every AI system, what data it reaches, and what it can do — read, write, send, publish, or transact.

  2. 02

    Map

    Match each realistic failure to the policy that would respond — and where no policy would.

  3. 03

    Ask

    Take specific questions to your broker. Request the actual policy wording, not a summary.

  4. 04

    Decide

    Buy an endorsement, pursue AI cover, or reduce agent permissions until exposure matches coverage.

Run this review before the agent gets access — not after a claim. ITECS produces the inventory and permissions evidence your broker asks for.

Your Executive Coverage Review Checklist

Run this before the agent gets access, not after a claim.

Step 1: Inventory every AI use. List each AI system, who uses it, what data it reaches, and what it can do — read only, write, send, publish, or transact. Autonomy and reach are what underwriters care about. This is the same inventory required for AI governance and staff training.

Step 2: Map likely claims to policies. For each AI use, write down the realistic failure — a data leak, bad advice, a discriminatory screening result, a fraudulent transfer — and which policy would respond. Use the table above as your starting grid.

Step 3: Ask your broker specific questions. Generic reassurance is not an answer. Bring the questions below in writing, and ask for the actual policy language.

Step 4: Decide on endorsements or dedicated cover. Based on the answers, you either accept the gap, buy an affirmative AI endorsement, pursue dedicated AI liability coverage, or reduce the agent's permissions until the exposure matches your coverage.

Questions to Ask Your Broker

Take these to your renewal conversation, and ask for the policy wording rather than a summary.

Does any policy contain an AI or generative-AI exclusion, and which forms? Ask specifically about the ISO endorsements on your general liability policy.

How do our policies define artificial intelligence? Broad definitions can sweep in ordinary software and automation you already rely on.

If an autonomous agent causes the loss, which policy responds? Push for a written position on agent attribution, not a verbal assurance.

Is affirmative AI coverage or an endorsement available to us, and what governance evidence would it require? The answer tells you exactly what to build.

Will our AI use trigger new application questions or warranties at renewal? An inaccurate answer on an application can jeopardize coverage later.

Governance Is Now an Insurance Asset

The market shift is well documented. Legal analysis of the trend — including Fenwick's review of emerging AI exclusions and coverage fragmentation — describes exactly this move away from silent AI. Businesses that can show an AI inventory, scoped permissions, human review, and audit logs are in a materially better position, both at renewal and at claim time.

This article is general information, not insurance or legal advice. Coverage depends entirely on your specific policy wording, carrier, and jurisdiction. ITECS is not an insurance broker or advisor — confirm your coverage with a licensed broker and qualified counsel. What ITECS provides is the technical evidence they will ask you for.

How ITECS Helps You Get Underwriting-Ready

Most companies cannot answer an underwriter's questions because nobody has mapped their AI. ITECS closes that gap: we inventory every AI system and what it can reach, scope agent permissions to the minimum, put human approval gates on sensitive actions, and turn on the audit logging that proves what happened. A data and AI readiness audit produces the documentation record.

We price this the way we price all advisory work — hourly consulting or prepaid retainer hours with tracked usage, no monthly minimum and no expiration, plus a flat fee for a scoped governance build. The payoff is twofold: fewer incidents, and a defensible file when your broker or carrier asks what your agents can do. If you deploy agents into the EU, pair this with our EU AI Act transparency checklist. When you want AI you can actually insure, talk to the ITECS team.

Deploying AI agents? Build the inventory, permissions, and audit trail your insurer will ask for. Learn about our AI Consulting service or schedule a free AI assessment.

About The Author

The ITECS Team

ITECS helps Dallas business leaders adopt practical AI with the security, documentation, training, and operational discipline expected from an established managed technology partner.

Share This Article

Send this guide to a colleague or save it for planning.

Sources And Trust Signals

This article is based on ITECS implementation experience and the public resources below.

Legal analysis of the shift away from silent AI coverage, the emerging AI exclusions, and the fragmentation of policy language across carriers.

Trade reporting on how carriers and brokers are responding to AI exclusions ahead of and through the 2026 renewal cycle.

Policyholder-side analysis of the ISO generative-AI exclusion endorsements and how broadly their language may reach.

Market commentary noting that current endorsements address chatbots and generative AI but do not cleanly cover autonomous AI agents.

ITECS AI consulting and governance engagements — AI inventory, scoped agent permissions, approval gates, and audit logging.

The audit that produces the documented AI inventory and access record underwriters increasingly ask to see.

FAQ

AI Insurance Gaps FAQ

What is silent AI coverage?

Silent AI describes the practice of implicitly covering AI risk under policies, such as cyber and technology E&O, that never mention AI. Claims were argued under existing wording. Insurers are ending that ambiguity by adding AI-specific exclusions and endorsements, so businesses can no longer assume AI risk is covered by default.

Do I need to review my insurance before deploying AI agents?

Yes. Autonomous agents can act on data, customers, vendors, and money, and current policy language often addresses chatbots and generative content rather than agents. Review your cyber, technology E&O, professional liability, D&O, EPLI, crime, and general liability policies before granting an agent access.

What AI exclusions were added to insurance policies in 2026?

The Insurance Services Office introduced generative-AI exclusion endorsements, including forms CG 40 47 and CG 40 48, attachable to commercial general liability policies at renewals effective January 1, 2026. The broad form bars coverage tied to generative AI outputs, while the narrower form excludes only personal and advertising injury.

How do agent permissions and audit logs affect insurance?

Carriers offering affirmative AI coverage increasingly grant and price it based on documented governance. They ask whether humans review AI output, what each agent can access, and whether you can produce logs of what it did. Scoped permissions and audit logs improve your underwriting position and your position at claim time.

Is ITECS an insurance advisor?

No. ITECS is not an insurance broker or advisor, and this is general information rather than insurance or legal advice. ITECS provides the technical governance your insurer asks about — an AI inventory, scoped agent permissions, human approval gates, and audit logging. Confirm your coverage with a licensed broker and qualified counsel.

Ready to see where AI moves your business forward?

1Book a call
2Free assessment
3Your roadmap