AI Liability Insurance: Who Pays When AI Gets It Wrong?
- Read time: 6 mins.
Somewhere in your organization, AI is running. A chatbot handling customer questions, a tool generating recommendations, or ChatGPT/Claude/Copilot writing first draft emails. Odds are your insurance policy wasn’t written with any of these in mind.
AI-related lawsuits in the U.S. grew 978% between 2021 and 2025 (joint report by Gallagher Re and MIT), and they’ll only continue to climb. Most organizations using AI today have no idea what their insurance covers. And a dirty little secret is that, frankly, most insurance companies don’t know what they cover when it comes to AI either.
What you CAN do is understand where the gaps are, ask your insurer the right questions, and build the internal framework that protects you regardless of how the insurance industry shakes out.
The AI Risk Is Here
Just like that 978% rise in AI lawsuits from 2021-2025, year-over-year filings accelerated to 137% growth in 2024-25. Claims are spanning patent infringement, copyright, privacy violations, personal injury, and more.
Real-world AI failures are already translating into litigation and loss. Consider a few headlines that made the rounds:
- Google faces a $110 million defamation suit after its AI Overview feature allegedly misstated that a solar company was under investigation.
- Air Canada was ordered to honor a discount fabricated by its customer-service chatbot.
- UK engineering firm Arup lost approximately $25 million in an AI-generated deepfake scam.
What AI Liability Insurance Covers (and What It Doesn’t)
This is where complicated things get even more complicated. Too many organizations assume their existing coverage—whether that be General Liability, Cyber or another policy—has them protected. In many cases, that’s not true.
Traditional policies weren’t written with AI in mind. That creates what the insurance industry calls “silent” coverage, policies that neither explicitly include nor exclude AI-related claims. When a loss occurs, that silence turns into a fight.
A Gallagher survey of more than 1,000 business leaders found that 57% identified AI errors, misinformation, and hallucinations as a top risk. Legal and reputational risk followed at 56%. Data protection and privacy violations came in at 55%. But despite that awareness, most companies lack specific coverage for any of it.
AI Insurance vs. General Liability Insurance
General liability (CGL) policies can respond to bodily injury or property damage, and may provide some baseline coverage if AI is involved in those harms. A D&O (Directors and Officers) policy may cover securities claims arising from AI-related misstatements. A cyber policy may cover a ransomware or a data breach due to AI.
You’ll notice a theme here: these policies MAY cover AI-related harm. Or…they may not.
Typically, traditional policies do not cover:
- AI hallucinations leading to financial loss
- Algorithmic bias resulting in discrimination claims
- Model drift: when an AI system degrades over time and makes worse decisions
- Intellectual property infringement from AI-generated outputs
- Defamation from AI-generated content
- Deepfake fraud and social engineering enabled by AI
Technology Errors & Omissions (Tech E&O) policies fill some gaps, but they’re typically designed for AI vendors and developers, not enterprises deploying third-party tools. If your organization is using AI built by someone else, your vendor’s contract likely caps their liability at 12 months of fees and provides no performance warranties.
The Insurance Industry Is Responding to AI—Both Ways
Exclusions Are Growing
Some insurers are moving to explicitly exclude AI risks from existing policies. AIG, W.R. Berkley, and Great American have sought regulatory approval for exclusions covering claims tied to AI use or integration. Berkley’s drafted exclusion, intended for D&O, E&O, and fiduciary liability policies, would broadly bar coverage for “any actual or alleged use, deployment, or development of Artificial Intelligence.”
ISO has also made new exclusionary language available from January 2026 that could remove CGL coverage for personal injury, bodily injury, or property damage arising from generative AI, for any company that adopts it.
This is consistent with what the industry experienced with cyber risk two decades ago. One expert at HSB, part of Munich Re, put it plainly: “We’re seeing the same pattern we saw with cyber 15 or 20 years ago. Adoption is happening very quickly, but the understanding of how that translates into insured risk is still catching up.”
Affirmative AI Coverage Is Emerging
At the same time, a new category of purpose-built AI liability insurance is taking shape. Munich Re’s aiSure product launched in 2018 as an early mover, offering performance guarantees for AI technologies. Since then, new players have entered the market.
In April 2025, Armilla Insurance Services (underwritten by Lloyd’s of London syndicates including Chaucer Group) introduced an AI liability product that explicitly covers AI-specific perils: hallucinations, model drift, and algorithmic failures. Earlier in 2025, Google announced a partnership with Beazley, Chubb, and Munich Re to offer tailored cyber coverage with affirmative AI protections for Google Cloud customers.
AXA has released a cyber endorsement addressing generative AI risks. Chubb has agreed to cover certain AI-related incidents. The standalone AI liability insurance market is projected to grow to $4.8 billion by 2032.
While these products are promising, they’re new, still maturing, and not yet uniformly available. And it should be noted, some endorsements that appear to expand coverage may actually narrow it.
AI Product Liability: The Next Litigation Wave
Legal doctrine is slowly catching up to the technology. Courts and regulators are increasingly treating AI systems—particularly consumer-facing applications—as products, not just services. That shift is importnat because product liability law is built to evaluate mass-distributed technologies through the lenses of design defect, inadequate warnings, and foreseeable misuse.
Courts have allowed plaintiffs to target the architecture of AI systems, not just what the AI said, but how it was designed, what guardrails were built in, and how it was marketed. The EU’s revised Product Liability Directive and a growing set of U.S. state laws are reinforcing this framework.
The key implication for businesses: courts are generally placing responsibility for AI outputs on the deploying organization. Even if your company didn’t build the AI, if you put it in front of customers, employees, or decision-makers, you may carry the legal exposure.
So, What Should Your Organization Do When It Comes to AI and Insurance?
- Review Your Existing Policies Now
Talk to your insurance company or broker specifically about AI. Ask whether your current CGL, cyber, E&O, and D&O policies cover AI-related risks. Ask whether they’re planning to add exclusions. Get it in writing. Don’t assume silence means coverage.If your insurer is adding AI exclusions, that’s critical information to have before renewal, not after a claim. - Build an AI Governance Policy
Insurers and courts will increasingly look at whether your organization had controls in place. A documented AI governance policy, one that defines acceptable AI use, establishes oversight mechanisms, and assigns accountability, demonstrates that you took reasonable care. That matters for coverage disputes and for litigation defense alike.If you don’t have one, building it should be a near-term priority. If you have one, review it against your actual AI use. Policies written before your team started using generative AI tools may no longer reflect reality.
Looking for the how-to?
We have an article devoted entirely to AI governance: what it is, why it matters, and how to build a framework your organization can actually enforce.
- Develop an AI Risk Management Framework
Governance policy tells you what’s allowed. A risk management framework tells you how to manage what can go wrong. That includes identifying where AI is in use across your organization, assessing the risk level of each use case, establishing monitoring and testing protocols, and defining response procedures when something fails.
It also signals to insurers that your organization takes AI risk seriously, which increasingly affects whether you can get meaningful coverage at all.
Want to go deeper?
AI governance sets the direction while an AI risk management framework shows you how to get there.
Your AI Risk Isn’t Waiting, Neither Should You
AI liability insurance is one of the most rapidly evolving areas in risk management. Nobody has all the answers yet: not insurers, not regulators, not legal experts. What’s clear is that the gap between AI adoption and AI coverage is quite real, it’s growing, and it’s landing on the balance sheets of the businesses deploying these tools.
Your job isn’t to wait for the market to settle. It’s to understand your exposure, close the gaps you can close, and build the governance foundation that positions you well no matter which direction this evolves.
The HBS vCISO team works with organizations across the U.S. to build AI governance frameworks, conduct risk assessments, and answer exactly these kinds of questions. If you’re not sure where your organization stands, that’s a good place to start.
Talk to our vCISO team about where your AI risk stands, before your insurer tells you it’s not covered.
Related Content
Cyber Insurance is Evolving – Are you Ready?
Learn how cyber insurance functions, what good coverage looks like, and how it’s related to your cybersecurity investment.
Virtual CISO
Strengthen your cybersecurity with a Virtual CISO from HBS: Expert leadership and strategic guidance customized to meet your security challenges efficiently.
How to Get Lower Cyber Insurance Premiums
Lower your cyber insurance premiums with strategies that enhance your security posture. Implementing a cybersecurity framework, engaging experts, adopting 24×7 monitoring all make you more attractive to insurers.
