← Findings 🕐 10 min read
Findings

When AI Does Something Wrong: The Executive's First 60 Minutes

Brandon Sneider · March 2026

The technical incident categories matter to your IT team. For the executive getting the call, there are three patterns:

Executive Summary

  • Documented AI incidents rose 56.4% in a single year — 149 in 2023 to 233 in 2024 (Stanford AI Index, April 2025). One will reach your desk. The question is whether you will have a plan when it does.
  • Three scenarios account for the majority of mid-market AI incidents: an AI tool sends a client wrong information they act on, an AI hiring or evaluation tool produces a biased recommendation that affects employees or applicants, and an AI system exposes confidential data. Each triggers different legal obligations within different timeframes.
  • “The AI did it” is not a defense. Moffatt v. Air Canada (BC Civil Resolution Tribunal, February 2024) established that companies are fully liable for AI output regardless of whether a human reviewed it. Air Canada argued its chatbot was “a separate legal entity.” The tribunal rejected this.
  • Most insurers are adding AI exclusions to E&O, D&O, and cyber policies. The Harvard Law School Forum on Corporate Governance (September 2025) found these exclusions apply even when AI played a minor role — and extend to third-party vendor failures. Notify your insurer in the first hour, not after you investigate.
  • The first 60 minutes determine the outcome. Companies that contained the AI before communicating about it recovered faster. Those that communicated first while the AI kept running made it worse.

The Three Scenarios You Will Actually Face

The technical incident categories matter to your IT team. For the executive getting the call, there are three patterns:

Scenario A: Wrong output reached a client. Your AI tool gave a customer, patient, or counterparty incorrect information they relied on — wrong pricing, fabricated policy, bad legal citation, incorrect medical guidance. They acted on it. You are now liable under the precedent established in Moffatt v. Air Canada regardless of any disclaimer language in your terms of service.

Scenario B: AI made a biased employment decision. Your AI hiring, scheduling, or performance tool disadvantaged an employee or applicant based on a protected characteristic. The Workday class action (Mobley v. Workday, certified May 2025, n=estimated thousands of applicants) established that employers cannot rely on vendor assessments of their tool’s fairness — you are liable for what the tool did on your behalf. Illinois requires employee notification when AI aids employment decisions (effective January 1, 2026). New York City requires annual independent bias audits for any automated employment decision tool.

Scenario C: Confidential data was exposed. An AI tool processed, stored, or transmitted data it should not have — customer PII, trade secrets, privileged communications, health information. This triggers standard data breach notification obligations on top of any AI-specific regulatory requirements.

The classification determines which regulators need to hear from you and by when. Your GC needs to make this call within the first hour.

The First 60 Minutes: What You Do, in Order

This is not the CISO’s playbook. That document — covering technical containment, model forensics, and 72-hour regulatory response — exists separately. This is what the CEO, COO, or GC does when they get the call.

Minute 0-10: Stop, Document, Don’t Delete

Before you do anything else: preserve the evidence. AI evidence is unusually perishable — model context windows, prompt histories, and system logs can be overwritten automatically. Have IT capture and preserve:

  • The exact AI output that caused the problem (verbatim screenshot or log)
  • The input that produced it
  • Any system logs from that session
  • The model version in use

Do not turn off systems, delete logs, or reset the AI tool until your legal counsel confirms a litigation hold is in place. Destroying evidence after you know a dispute exists is a separate liability. The legal hold comes before the shutdown order.

Minute 10-20: Classify the Incident

Your GC or outside counsel makes one determination: which of the three scenarios applies? This single decision drives everything else — the regulatory clock, the notification sequence, the communications approach.

If the scenario is… The immediate legal risk is… The clock starts…
Wrong output to client (Scenario A) Negligent misrepresentation, contract breach When the client relied on it
Biased employment decision (Scenario B) Employment discrimination, state AI law When the decision was made
Data exposure (Scenario C) State breach notification law, HIPAA if applicable When you discovered it

One additional determination: Is the AI still running? Can it produce more bad output right now? If yes, the IT lead shuts down or rate-limits the specific feature — not the whole system — while the investigation begins. Containment prevents the scope from growing.

Minute 20-40: Notify Your Insurer

Call your insurance broker before you call anyone else external. Most E&O, cyber, and D&O policies have notice requirements that are triggered at discovery — not at the time of the incident. Late notice is one of the most common reasons claims are denied.

The insurance landscape shifted materially in 2026: Verisk rolled out AI exclusion endorsements effective January 1, 2026, giving traditional carriers the option to exclude generative AI from general liability policies entirely. Berkley Insurance’s “Artificial Intelligence Exclusion (Absolute)” covers losses “based on, arising out of, or attributable to” AI use — including third-party vendor failures. Jones Day’s April 2026 analysis flags that policyholders must “vigorously resist overly broad interpretations” of these exclusions, which means your broker needs to be in the loop immediately, before the insurer shapes the narrative.

What to tell the broker: “We have a potential AI-related incident. I am notifying you now to preserve our rights under the policy. We are in the first hour of response.” That is all. Do not speculate about liability. Do not estimate damages.

Minute 40-60: Determine Who Else Needs to Know Today

The notification sequence for the first 60 minutes is narrow:

Internal — in the first hour:

  • CEO (if not already involved)
  • GC or outside counsel
  • The department head where the AI tool operates
  • IT lead for the specific system

Do NOT contact these parties in the first hour:

  • The affected client, employee, or regulator — your GC must shape this communication with legal review
  • Your board — they get a briefing within 24-48 hours, not a raw first-hour report
  • The media — any inquiry gets one answer: “We are investigating and will respond shortly”

Do NOT use the AI tool to draft the response communications. This is not humor. Multiple incident post-mortems have found companies using AI to draft communications about AI failures, creating additional liability when those communications contain errors.

The Four Obligations Your GC Manages From Here

After the first 60 minutes, legal counsel takes the wheel on four parallel tracks:

1. Client notification. If Scenario A, affected clients receive direct, specific communication: what happened, what decisions may have been affected, what remediation is available. The Air Canada model — minimizing, disclaiming, blaming the technology — produced worse outcomes than direct acknowledgment. Timing is usually 24-72 hours, but your GC determines based on the facts.

2. Regulatory notification. The clocks vary:

  • Colorado AI Act: 90 days from discovery for algorithmic discrimination (AG notification, enforcement begins June 30, 2026)
  • Texas RAIGA: 60-day cure period before penalties ($10K-$200K per violation)
  • State breach laws: 30-60 days for data exposure, varies by state
  • EU AI Act: 2-15 days for serious incidents (applies if European clients are affected)

3. Employment actions. If Scenario B, Illinois employees affected must be notified (effective January 1, 2026). Your HR and legal teams review all employment decisions made with the tool and determine which require human re-evaluation.

4. Board notification. Within 24-48 hours, the board chair gets a concise brief: what happened, what the liability exposure appears to be, what containment was taken, and what the next 72 hours look like. The board does not direct the response — it receives the information needed to fulfill its oversight obligation.

What to Prepare Before the Incident Happens

ISACA’s 2025 post-mortem across the year’s major AI incidents found a common thread: “The biggest AI failures weren’t technical — they were organizational: weak controls, unclear ownership, and misplaced trust.” The companies that recovered quickly had answered these four questions before the incident occurred:

  1. Who gets the call? Name one person — not a committee — who is notified first when an AI tool fails. At a 200-person company this is likely the COO, CIO, or GC.

  2. What AI tools touch clients or employees? If you cannot answer in 60 seconds, you cannot respond in 60 minutes. Maintain a one-page AI tool inventory with: tool name, vendor, what data it processes, what outputs reach external parties.

  3. Where is your AI vendor’s incident line? Most enterprise AI agreements include an incident support channel. Find it before you need it. The vendor’s model may be the source of the failure; the vendor’s incident team may also be your fastest path to technical answers.

  4. Has your GC read your AI tool contracts? The liability section, the indemnification terms, the data processing agreements. Air Canada discovered during the tribunal that its chatbot had a disclaimer saying it could be wrong — and the tribunal ignored the disclaimer because the company had not made it prominent enough. Your contract language may matter less than you think if it is buried.

Key Data Points

  • 56.4% increase in documented AI safety incidents from 2023 to 2024 (Stanford AI Index, April 2025)
  • 64 million job application records exposed through McDonald’s McHire AI platform via default credentials — no MFA (ISACA, December 2025)
  • AU$440,000 cost of a Deloitte Australia AI-assisted report containing 20+ fabricated sources; firm quietly published corrected version two months later (investigative reporting, January 2026)
  • $25 million wired by a finance employee tricked by a deepfake video call impersonating senior management (ISACA, 2025)
  • 0 jurisdictions that accept “the AI did it” as a liability defense — the deploying company owns every output (Moffatt v. Air Canada, February 2024; Mobley v. Workday, May 2025)
  • January 1, 2026 — effective date of Illinois law requiring employee notification when AI aids employment decisions
  • January 1, 2026 — effective date of Verisk AI exclusion endorsements allowing carriers to exclude generative AI from general liability policies
  • $473,706 average savings from having a tested incident response plan vs. improvising (IBM/Ponemon Institute, 2024)

What This Means for Your Organization

The gap between the CISO-level incident response playbook (which your IT team should have) and the executive first-response card (this document) is the gap where mid-market companies get hurt. The 72-hour technical playbook assumes someone technical is running the response. The first 60 minutes often belong to whoever answers the phone — and that is usually the CEO, COO, or GC.

The practical pre-work is a single 30-minute conversation with your GC and IT lead: who gets called first, where is the AI tool inventory, and what is the insurer notification process. That conversation, documented in a half-page, is the minimum viable incident response for a 200-500 person company. It does not require a retainer or a consultant.

If walking through the regulatory notification obligations specific to your state footprint, or mapping which of your AI tools create client-facing liability exposure, would be useful before an incident forces the issue — brandon@brandonsneider.com.

Sources

  1. Stanford AI Index Report 2025 — AI safety incidents rising from 149 (2023) to 233 (2024), 56.4% increase. Independent academic research, high credibility. https://hai.stanford.edu/ai-index/2025-ai-index-report (April 2025)

  2. Moffatt v. Air Canada, BC Civil Resolution Tribunal — Legal precedent establishing company liability for AI chatbot misrepresentations; rejection of “separate legal entity” defense. Court ruling, highest credibility. https://www.americanbar.org/groups/business_law/resources/business-law-today/2024-february/bc-tribunal-confirms-companies-remain-liable-information-provided-ai-chatbot/ (February 2024)

  3. Mobley v. Workday, Inc., USDC N.D. Cal. — Class action certified May 2025 alleging AI resume screening discriminated by race, age, and disability. Active litigation, high factual credibility. https://fairnow.ai/workday-lawsuit-resume-screening/ (May 2025)

  4. ISACA, “Avoiding AI Pitfalls in 2026: Lessons Learned from Top 2025 Incidents” — Seven case studies: McDonald’s McHire (64M records), deepfake $25M fraud, Deloitte AU hallucination. Independent professional association, high credibility. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2025/avoiding-ai-pitfalls-in-2026-lessons-learned-from-top-2025-incidents (December 2025)

  5. Harvard Law School Forum on Corporate Governance, “The Hidden C-Suite Risk of AI Failures” — Insurance exclusion analysis, D&O and E&O AI exposure, dual-policy denial risk. Academic institution, high credibility. https://corpgov.law.harvard.edu/2025/09/22/the-hidden-c-suite-risk-of-ai-failures/ (September 2025)

  6. Jones Day, “‘A-Eye’ on Coverage: Maximizing Insurance for AI Risks Amid Emerging Exclusions” — Analysis of Verisk AI exclusion endorsements (effective January 1, 2026), Berkley Absolute AI Exclusion, policyholder negotiation strategy. Am Law 100 firm, high credibility. https://www.jonesday.com/en/insights/2026/04/aeye-on-coverage-maximizing-insurance-for-ai-risks-amid-emerging-exclusions (April 2026)

  7. Verisk AI Exclusion Endorsements — ISO optional exclusion for losses “arising out of generative artificial intelligence,” effective January 1, 2026. Industry standard-setter, highest credibility on insurance language. Referenced in Jones Day analysis above.

  8. Illinois AI Employment Notification Law — Effective January 1, 2026, requires notification when AI aids employment decisions. Legislative text, highest credibility. https://www.hrdefenseblog.com/2025/11/ai-in-hiring-emerging-legal-developments-and-compliance-guidance-for-2026/ (November 2025)

  9. Colorado AI Act (SB24-205) — 90-day AG notification for algorithmic discrimination, enforcement June 30, 2026. Legislative text, highest credibility. https://leg.colorado.gov/bills/sb24-205

  10. Texas Responsible AI Governance Act (RAIGA) — 60-day cure period, $10K-$200K penalties per violation. Legislative text, highest credibility. https://www.nortonrosefulbright.com/en/knowledge/publications/c6c60e0c/the-texas-responsible-ai-governance-act (June 2025)

  11. IBM/Ponemon Institute, “Cost of a Data Breach Report 2024” — $473,706 average savings for organizations with tested incident response plans. Independent research (IBM-sponsored but methodology transparent), moderate-high credibility. Referenced in Stanford AI Index; primary report at ibm.com/security/data-breach (2024)

  12. HR Defense Blog, “AI in Hiring: Emerging Legal Developments and Compliance Guidance for 2026” — State AI employment law tracking including Illinois, California, Colorado. Legal commentary, moderate-high credibility. https://www.hrdefenseblog.com/2025/11/ai-in-hiring-emerging-legal-developments-and-compliance-guidance-for-2026/ (November 2025)

Brandon Sneider | brandon@brandonsneider.com March 2026