What Does Your Insurance Actually Cover When AI Goes Wrong? The CFO's Map Beyond Cyber

Executive Summary

• The assumption that existing insurance covers AI failures is wrong — and getting worse at every renewal. Berkley, Hamilton Insurance Group, and other carriers have introduced “absolute” AI exclusions in D&O, E&O, and fiduciary liability policies that eliminate coverage for any claim “based upon, arising out of, or attributable to” AI use. Verisk’s new CGL endorsements (CG 40 47 and CG 40 48), effective January 2026, allow carriers to exclude generative AI claims from standard commercial general liability coverage. The companies deploying AI and the companies insuring them are moving in opposite directions.
• AI liability extends far beyond cyber. Professional liability when AI-assisted advice is wrong. D&O exposure when the board lacks AI oversight. General liability when AI-generated content defames, infringes copyright, or causes harm. Employment practices liability when AI-driven decisions create bias claims. Each of these sits in a different policy — and each is developing AI-specific exclusions independently.
• AI-related securities class actions doubled in 2024, accelerated in 2025, and average settlements reached $56 million. The first half of 2025 alone produced 12 AI-related securities class action filings. The typical allegation: material misrepresentation about AI capabilities or failure to disclose AI risks — precisely the claims D&O policies are designed to cover, and precisely the claims new AI exclusions remove (Allianz D&O Insights 2026; WTW D&O Liability Outlook 2026).
• Affirmative AI coverage now exists, but it requires demonstrated governance to access. Munich Re, Beazley, Testudo, and Counterpart offer specialized AI policies. The price of entry: documented AI governance that most mid-market companies do not yet have. Companies that build governance now access coverage; companies that wait face exclusions they cannot negotiate away.

The Coverage Map: Which Policies Cover What — and Where the Gaps Are Opening

Most mid-market companies carry six insurance lines that could be triggered by AI-related incidents. Each is developing its own response to AI risk, creating a fragmented landscape where coverage depends on which carrier wrote which policy, when it was last renewed, and whether AI endorsements were attached.

Professional Liability / Errors & Omissions (E&O)

What it traditionally covers: Claims alleging negligent professional services — bad advice, flawed work product, failure to deliver.

Where AI creates gaps: E&O policies frequently restrict coverage to failures of software “developed or created by the insured.” When a company relies on a third-party AI tool that produces flawed output — an AI-assisted financial model that miscalculates, an AI-generated legal memo that cites nonexistent case law, an AI-drafted engineering specification with errors — the insured may face a claim the policy does not cover because the insured did not develop the AI (Harvard Law School Forum on Corporate Governance, September 2025).

Hamilton Insurance Group now excludes coverage for claims “based upon, arising out of, or in any way involving” generative AI use, defining it as “any system that produces content such as text, imagery, audio, or synthetic data in response to user prompts, including but not limited to ChatGPT, Bard, Midjourney, or Dall-E.” This language is broad enough to exclude claims arising from any employee use of AI assistants in professional work.

What to ask your broker: Does the E&O policy cover claims arising from third-party AI tools used in professional service delivery? Is there an AI-specific exclusion, sublimit, or endorsement? If an employee uses an AI assistant to draft a deliverable that contains errors, is the resulting claim covered?

Directors & Officers Liability (D&O)

What it traditionally covers: Securities claims, derivative suits, regulatory investigations, and breach of fiduciary duty allegations against officers and directors.

Where AI creates gaps: Berkley’s “absolute” AI exclusion — designed for D&O, E&O, and fiduciary liability policies — eliminates coverage for any claim attributable to AI use, deployment, or development. The exclusion enumerates AI-generated content, failure to detect AI-produced materials, inadequate AI governance, chatbot communications, and regulatory actions related to AI oversight. Under this language, a board sued for inadequate AI governance could face an excluded claim (Zelle LLP, 2025-2026).

The exposure is real and growing. WTW’s March 2026 analysis identifies an emerging SOX-AI governance gap: AI increasingly influences forecasting, revenue analysis, and management estimates — all material to Sarbanes-Oxley compliance. Officers signing SOX certifications may face “heightened scrutiny over the adequacy of their diligence” when AI tools influence financial processes without documented validation or monitoring. Only 25% of organizations deploying AI have board-level policies governing that deployment (WTW SOX-AI Governance Report, March 2026).

What to ask your broker: Does the D&O policy contain an AI exclusion or endorsement? Does the policy’s “professional services” exclusion extend to AI-related claims? If the company is sued for AI-washing — misrepresenting AI capabilities to investors — is the claim covered?

Commercial General Liability (CGL)

What it traditionally covers: Third-party bodily injury, property damage, and personal/advertising injury including defamation, copyright infringement, and privacy violations.

Where AI creates gaps: Verisk’s new endorsements, effective January 2026, allow carriers to explicitly exclude generative AI-related claims from CGL coverage:

These endorsements create market fragmentation. Some carriers will adopt them; others will not. A company’s CGL coverage for AI-generated content may depend entirely on which carrier wrote the policy and whether these endorsements were attached at the most recent renewal (Verisk/ISO, January 2026; Hunton Andrews Kurth, 2025-2026).

What to ask your broker: Have CG 40 47 or CG 40 48 been attached to the current CGL policy? If AI-generated marketing content infringes a third party’s copyright or defames someone, is the claim covered under Coverage B?

Cyber Liability

What it traditionally covers: Data breaches, network security failures, privacy violations, business interruption from cyber events.

Where AI creates new questions: The cyber insurer card (#37 in this corpus) covers this territory in detail — five specific renewal questions carriers now ask about AI governance, and how to answer them. The key finding: cyber carriers are ahead of other lines in pricing AI risk explicitly, because they have claims data. The question for CFOs is whether the coverage stops at cyber or extends to AI-related incidents that are not data breaches — an AI system that makes a biased hiring recommendation, an AI chatbot that gives harmful medical advice, an AI model that produces defamatory content. In most cases, the cyber policy does not reach these claims.

Employment Practices Liability (EPLI)

What it traditionally covers: Discrimination, harassment, wrongful termination, and related employment claims.

Where AI creates gaps: AI-driven hiring, promotion, and termination decisions create bias exposure that EPLI was not designed to price. The EEOC has signaled that employers are liable for discriminatory outcomes from AI tools even when the bias originates in the vendor’s algorithm, not the employer’s intent. Most EPLI policies do not explicitly address AI-assisted employment decisions. Whether a claim arising from an AI screening tool’s disparate impact is covered depends on policy language that predates AI’s role in HR workflows.

What to ask your broker: Does the EPLI policy cover claims arising from AI-assisted hiring, performance evaluation, or termination decisions? Is there an AI exclusion, or is coverage assumed under existing language?

The “Silent AI” Problem

The Geneva Association’s October 2025 report on Gen AI business risks identifies “silent AI” — AI exposures neither explicitly included nor excluded in traditional policies — as the central challenge. When a policy is silent on AI, both the insured and the insurer assume coverage exists until a claim tests that assumption.

The insurance industry is resolving this ambiguity in one direction: exclusion. As carriers add AI-specific exclusions across policy lines, the companies that relied on silent coverage discover the gap only when they file a claim. Over 90% of businesses surveyed by the Geneva Association want dedicated AI coverage; two-thirds would pay at least 10% higher premiums for it (Geneva Association, n=not disclosed, October 2025). The demand exists. The supply is conditional on governance.

Affirmative AI Coverage: What Now Exists

A small but growing market of carriers offers explicit AI coverage — policies that state what is covered rather than relying on silence:

Pricing data for mid-market companies remains limited, but early indicators suggest $15,000-$35,000 in first-year costs for SMEs (including policy, governance development, and training) and $8,000-$20,000 in annual ongoing costs (TechLifeFuture, 2026). These numbers will shift as the market matures, but they establish the order of magnitude.

Key Data Points

What This Means for Your Organization

The mid-market CFO or general counsel reading this faces a timing problem. AI exclusions are being added to policies at renewal — often buried in endorsement schedules that run dozens of pages. By the time a claim reveals the gap, the coverage is already gone.

Three steps before the next renewal cycle. First, pull the current policy package — E&O, D&O, CGL, cyber, EPLI — and search for “artificial intelligence,” “generative AI,” “machine learning,” and “automated decision” in every endorsement and exclusion. If the word “AI” does not appear, coverage is “silent” — present by assumption, not by contract. Second, ask the broker a direct question for each line: “If our company faces a claim arising from an employee’s use of AI tools in their work, is that claim covered, excluded, or ambiguous?” Get the answer in writing. Third, assess whether the company’s AI governance documentation — tool inventory, acceptable use policy, data classification, human oversight protocols — meets the threshold that affirmative AI coverage providers require. The governance you build for insurance eligibility is the same governance that reduces the risk of a claim in the first place.

Insurance is how mid-market companies manage risk they cannot eliminate. The cyber policy handled the obvious AI risk — data breaches through AI tools. The question behind that question — “what if AI goes wrong in a way that is not a data breach?” — is the one most companies have not answered. If this raised questions specific to your policy portfolio, I would welcome the conversation — brandon@brandonsneider.com.

Sources

1. Harvard Law School Forum on Corporate Governance, “The Hidden C-Suite Risk of AI Failures,” September 2025. Legal analysis of AI liability across insurance lines. High credibility: Harvard-affiliated, peer-reviewed forum. https://corpgov.law.harvard.edu/2025/09/22/the-hidden-c-suite-risk-of-ai-failures/

2. Zelle LLP, “AI Update: The Growing Trend of AI-Related Insurance Policy Exclusions,” 2025-2026. Analysis of carrier-specific AI exclusions across D&O, E&O, and fiduciary liability policies. High credibility: insurance-specialist law firm with direct carrier policy access. https://www.zellelaw.com/AI_Update_The_Growing_Trend_of_AI-Related_Insurance_Policy_Exclusions

3. WTW, “Sarbanes-Oxley and the AI Governance Gap: D&O Insurance Considerations,” March 2026. Analysis of SOX compliance risks from AI integration in financial reporting. High credibility: major global insurance broker, primary data. https://www.wtwco.com/en-us/insights/2026/03/sarbanes-oxley-and-the-ai-governance-gap-d-and-o-insurance-considerations

4. WTW, “Directors and Officers Liability: A Look Ahead to 2026,” February 2026. D&O market outlook including AI litigation trends. High credibility: global broker market intelligence. https://www.wtwco.com/en-us/insights/2026/02/directors-and-officers-d-and-o-liability-a-look-ahead-to-2026

5. Allianz Commercial, “D&O Insurance Insights 2026,” 2026. Securities litigation data including AI-related filing trends. High credibility: major insurer with proprietary claims data. https://commercial.allianz.com/news-and-insights/news/directors-and-officers-insurance-insights-2026.html

6. Verisk/ISO, CG 40 47 and CG 40 48 Endorsements, effective January 2026. Standard CGL endorsements allowing exclusion of generative AI claims. Primary source: industry-standard form provider. Referenced via Hunton Andrews Kurth and Independent Agent.

7. Hunton Andrews Kurth, “Affirmative Artificial Intelligence Insurance Coverages Emerge,” 2025-2026. Survey of emerging AI-specific insurance products. High credibility: insurance recovery law firm with carrier-side knowledge. https://www.hunton.com/hunton-insurance-recovery-blog/affirmative-artificial-intelligence-insurance-coverages-emerge

8. Hunton Andrews Kurth, “The Continued Proliferation of AI Exclusions,” 2025-2026. Tracking AI exclusion adoption across carriers and lines. High credibility: same. https://www.hunton.com/hunton-insurance-recovery-blog/the-continued-proliferation-of-ai-exclusions

9. Geneva Association, “Gen AI Risks for Businesses: Exploring the Role for Insurance,” October 2025. Industry survey on AI insurance demand and risk categories. High credibility: independent insurance research body, global scope. https://www.genevaassociation.org/sites/default/files/2025-10/gen_ai_report_0110.pdf

10. Munich Re, “aiSure” AI Insurance Solutions, 2025-2026. AI performance warranty and coverage products. Vendor source: primary data on own product, subject to marketing framing. https://www.munichre.com/en/solutions/for-industry-clients/insure-ai.html

11. Testudo, “AI Insurance Market Update 2025,” 2025. Specialty AI coverage as Lloyd’s coverholder. Vendor source: primary data on own product. https://www.testudo.co/insights/ai-insurance-market-update-2025

12. TechLifeFuture, “Silent AI Insurance Crisis: SME Coverage Gaps in 2026,” 2026. Pricing estimates and SME impact analysis. Moderate credibility: trade analysis, pricing data directional. https://www.techlifefuture.com/ai-insurance-exclusions-sme/

13. IAPP, “How AI Liability Risks Are Challenging the Insurance Landscape,” 2025. Regulatory and coverage analysis. High credibility: independent privacy/governance organization. https://iapp.org/news/a/how-ai-liability-risks-are-challenging-the-insurance-landscape

Brandon Sneider | brandon@brandonsneider.com March 2026