← Security Frontier 🕐 12 min read
Security Frontier

"AI Told Me To": Operational Liability When an AI Recommendation Causes a Bad Business Outcome

Brandon Sneider · April 2026

What happens when an AI recommendation causes a concrete bad outcome?

See also (wiki): agentic-ai-governance · ai-vendor-contracts · model-risk-management

Executive Summary

  • Liability does not transfer to the vendor when you deploy their AI tool. Under EEOC guidance, California FEHA (effective Oct 2025), and Illinois HB-3773 (effective Jan 2026), employers are fully responsible for discriminatory outcomes from AI-assisted hiring — even when the tool was third-party and even when a human approved each decision.
  • Rubber-stamp human oversight can increase your liability, not reduce it. Harvard Law’s analysis of AI negligence doctrine identifies the “liability sponge” problem: placing a human in the loop who lacks genuine cognitive control creates an even stronger basis for negligence claims against the deploying organization.
  • 88% of AI vendors cap their own liability at one month’s subscription fees. Only 17% warrant regulatory compliance. Deploying companies absorb the legal risk on both ends — from their own customers and from regulators — while vendors retain the architecture, the training data, and the indemnification clauses.
  • Three enforcement vectors are now active simultaneously: employment discrimination (Mobley v. Workday nationwide class action, certified May 2025), algorithmic pricing antitrust (DOJ settlements against RealPage and Greystar, California AB 325 effective Jan 2026), and AI insurance exclusion creep (Berkley’s “Absolute AI Exclusion” covering D&O and E&O policies). Each operates independently of the others.
  • The governance investment that reduces operational liability is the same investment that improves AI ROI. Documented human oversight, bias testing, and vendor audit rights are not compliance costs — they are defenses.

The Question Every C-Suite Avoids

What happens when an AI recommendation causes a concrete bad outcome?

Not a theoretical one. A pricing algorithm that triggers a DOJ inquiry. An AI hiring screen that rejects a protected-class candidate who then sues. An AI-generated contract clause that creates unintended indemnification exposure. An AI-assisted credit decision that gets challenged by a regulator.

Every senior executive deploying AI in 2026 carries this question privately. Few have an answer. The research is now clear enough to give them one — though the answer is more uncomfortable than most boards expect.

Who Is Liable When AI Causes Harm

The EEOC’s Answer: You Are

The Equal Employment Opportunity Commission has stated unambiguously that employers remain fully responsible under Title VII when AI-driven tools produce discriminatory outcomes. The vendor’s role is irrelevant to the employer’s exposure. Two 2025-2026 state laws codify the same principle:

California FEHA (effective October 1, 2025): Amended to explicitly cover automated decision systems (ADS) that screen, score, rank, or recommend candidates — with liability attaching even where humans retain final decision-making authority. The human approval does not break the causal chain.

Illinois HB-3773 (effective January 1, 2026): Makes it a civil rights violation to use AI in a manner that results in discrimination under the Illinois Human Rights Act, with affirmative notice requirements for AI use in recruiting, hiring, promotion, and other employment decisions.

The operative principle across both laws: responsibility cannot be outsourced to vendors. Delegating to a third-party AI tool delegates the function, not the liability.

The Vendor’s Answer: Also You

Mobley v. Workday illustrates what happens when both parties get sued. In May 2025, a federal judge certified Mobley v. Workday as a nationwide class action under the Age Discrimination in Employment Act, covering all applicants over 40 rejected through Workday’s AI screening system. The class potentially covers hundreds of millions of people.

The court’s agency theory finding matters: Judge Rita Lin ruled that Workday was sufficiently involved in the hiring process to be treated as an agent of the employers — meaning both the vendor and the deploying company face liability for the same set of outcomes.

This is not a “vendor problem” or a “deployer problem.” It is a shared-liability structure in which both parties bear exposure and the contracts between them determine who actually pays.

A review of 2025-2026 AI vendor contract terms finds:

  • 88% of AI vendors impose liability caps, typically limited to one month’s subscription fees
  • Only 17% provide any warranty for regulatory compliance
  • Broad indemnification clauses routinely require deployers to defend the vendor against third-party discrimination claims

The practical result: the vendor sells the risk-creating system, caps its financial exposure to a rounding error, and requires the deployer to defend it in court.

The Human-in-the-Loop Defense: Why It May Backfire

The most common assumption in enterprise AI governance is that requiring a human to approve AI outputs before they take effect creates a liability shield. The legal research does not support this assumption.

Harvard Law’s analysis of AI negligence doctrine identifies what it calls the “liability sponge” problem: humans positioned to absorb legal consequences while lacking the cognitive control to prevent the harm. The clearest precedent is the 2018 Uber autonomous vehicle fatality — the human safety driver was charged with negligent homicide while the company settled civilly, despite the driver’s passive monitoring role making meaningful intervention effectively impossible.

Courts and legal scholars are developing a three-part standard for what constitutes meaningful human oversight:

  1. Friction Roles — systems designed to slow decisions and require humans to perform active tasks before seeing AI recommendations, preventing automation bias from making oversight passive
  2. Resilience Roles — humans equipped with cognitive tools (uncertainty scores, flagged anomalies, saliency indicators) that enable genuine intervention when the AI encounters edge cases
  3. Training for Failure — operators trained on system failure modes, not just normal operation — mirroring Federal Railroad Administration requirements for automation oversight

Without these structural elements, placing a human “in the loop” who rubber-stamps AI output on a 100-decision-per-day queue does not create a defense — it creates evidence of a governance program the company designed to fail.

The California FEHA regulations reinforce this: liability attaches where humans retain final decision-making authority but do not exercise genuine review. The label “human decision” without the substance of human review provides no protection.

Algorithmic Pricing: A Different Liability Track

Employment decisions are one enforcement vector. Pricing is another — and the antitrust exposure runs directly to the CFO.

In August 2025, DOJ Assistant Attorney General Gail Slater stated the Department anticipates increasing algorithmic pricing probes. By October 2025, a class action had been filed against Optimal Blue and 26 major mortgage lenders, alleging the software enabled them to fix rates by sharing real-time pricing data, inflating costs for millions of homebuyers.

The RealPage and Greystar DOJ settlements (2025) established a compliance floor that now functions as an industry benchmark: use only public data, eliminate price floors, do not require or encourage acceptance of algorithm-proposed prices.

The news for defendants is mixed. The Ninth Circuit in Gibson v. Cendyn Group (2025) unanimously ruled that licensing pricing software making nonbinding recommendations is not a restraint of trade. California state court in Mach v. Yardi Systems granted summary judgment where the software didn’t commingle nonpublic competitor data. Algorithmic pricing defendants have won more than they have lost in court — but California AB 325, effective January 1, 2026, amends the Cartwright Act to explicitly prohibit “common pricing algorithms” that facilitate anticompetitive practices, creating a new private right of action.

The practical question for a CFO deploying revenue management software: is the algorithm recommending prices based solely on the company’s own data, or is it implicitly benchmarking against competitor information aggregated by the vendor? Most companies using revenue management platforms do not know the answer.

Insurance: The Coverage Gap Is Real and Getting Wider

The assumption that traditional insurance will cover AI-caused business harm is incorrect in an increasing number of scenarios.

Insurance lines that do respond to AI-related losses under current policies:

  • Employment Practices Liability: discrimination from AI hiring tools — currently covered under most EPL policies
  • D&O and Cyber: regulatory investigations from overstated AI capabilities (“AI washing”)
  • Cyber/Tech E&O/CGL: privacy and biometric data risks
  • Product Liability/CGL: physical harm from AI-enabled products (autonomous vehicles, robotics)

The exclusion trend is moving in the opposite direction:

ISO (CGL Policies): an optional form exclusion for losses “arising out of generative artificial intelligence” is now available to insurers and being adopted.

Berkley Insurance: introduced an “Artificial Intelligence Exclusion (Absolute)” covering D&O and E&O policies — eliminating coverage for any claim “based upon, arising out of, or attributable to” the use, deployment, or development of artificial intelligence. The definition is broad enough to encompass AI-generated content, chatbot communications, inadequate AI governance, failure to detect AI-produced materials, and regulatory actions related to AI oversight.

The critical problem: these exclusions apply even when final decisions were in fact human made. The “arising out of” language is broad enough to eliminate coverage in scenarios where AI was one input among several.

D&O policies face a specific exposure: directors and officers who approved AI deployments that subsequently cause harm may find the very policies designed to protect them don’t cover AI-related claims — and the exclusion was buried in a renewal endorsement the board never reviewed.

Key Data Points

Issue Finding Source Date
Vendor liability caps 88% of AI vendors cap liability at ~1 month subscription fees Jones Walker / market analysis 2025
Vendor compliance warranties Only 17% of AI vendors warrant regulatory compliance Jones Walker 2025
Mobley v. Workday class scope Hundreds of millions of potential class members (ADEA) N.D. Cal. May 2025
Bartz v. Anthropic settlement ~$1.5B settlement for pirated training data use N.D. Cal. Sept 2025
California FEHA AI coverage Human final approval does not break liability chain CA DFEH Oct 2025
Illinois AI hiring law Civil rights violation to use AI producing discriminatory outcomes Illinois HB-3773 Jan 2026
CA algorithmic pricing law Cartwright Act amended; private right of action for common pricing algorithms AB 325 Jan 2026
DOJ pricing enforcement Settlements require: public data only, no price floors, no required acceptance DOJ / RealPage, Greystar 2025
Insurance exclusion scope Berkley “Absolute AI Exclusion” covers D&O + E&O; applies even where human decided Berkley / Jones Day analysis 2026
State AI liability bills 14 states with proposed 2026 bills; $5K-$10K per violation floors Wiley Law 2026

All sources are Tier 1 (post-Oct 2025) or Tier 2 (Q1–Q3 2025). No pre-2025 data relied upon for operational conclusions.

The Liability Map by Function

For the GC: The primary exposure today is employment and consumer protection — AI hiring bias (Workday class action structure), AI-generated contract clauses with unintended scope, and disclosure failures. The core defensive action is a documented AI governance policy that distinguishes AI-assisted from AI-decided outcomes and preserves records showing genuine human review.

For the CFO: The primary exposure is pricing algorithms and financial reporting. If the revenue management system touches competitor pricing data in any form, the antitrust exposure is real regardless of whether intent to collude existed. The DOJ settlements establish what “safe” looks like: public data, nonbinding recommendations, no required acceptance.

For the CISO/CIO: The primary exposure is the insurance gap — AI deployments that create incidents (data breach, operational failure, discrimination claim) may trigger coverage exclusions if AI was “involved” in the decision chain. The insurance audit question is specific: have AI exclusions appeared in any policy renewal in the last 18 months? Most boards do not know.

For the CEO/Board: The D&O exposure is emerging, not established. AI washing (overstating AI capabilities to investors or customers) triggered FTC enforcement in 2025 and creates securities liability under established theories. The governance defense — documented board oversight, bias testing, vendor audit rights — is the same defense that reduces operational liability across all the other categories.

What This Means for Your Organization

Three questions to answer before the next board meeting:

1. Which AI deployments make decisions that could harm a third party? Not which ones could theoretically cause harm — which ones make decisions that someone could sue over: hiring, pricing, credit, performance evaluation, benefit eligibility, content moderation. Map those deployments to the specific liability framework that applies (EEOC, state consumer protection, antitrust, EU AI Act for EU-touching operations). If the map doesn’t exist, the governance program doesn’t exist.

2. Have any insurance policies renewed in the last 18 months with AI-related exclusions? Ask the broker specifically about CGL, D&O, E&O, and EPL. The Berkley exclusion model is not yet standard, but it is being offered and adopted. Companies that discover coverage gaps after an incident rather than before pay the cost twice.

3. What does the vendor contract actually say about liability and audit rights? The 88% liability cap figure means most vendor agreements limit the vendor’s exposure to fees. That does not cap the deployer’s exposure to third parties. Renegotiating audit rights and bias-testing warranties before renewal is less expensive than discovering the gaps in discovery.

None of this is an argument against AI deployment. The companies capturing the most value from AI — JPMorgan, UPS, Citi — have deployed at scale with governance programs that answer these questions. The governance investment is not a friction cost. It is the condition of deployment that lets the ROI survive legal scrutiny.

If specific contractual or governance questions are on the table for your organization, the conversation is worth having directly — brandon@brandonsneider.com.

Sources

  1. Jones Walker LLP, “AI Vendor Liability Squeeze: Courts Expand Accountability While Contracts Shift Risk”https://www.joneswalker.com/en/insights/blogs/ai-law-blog/ai-vendor-liability-squeeze-courts-expand-accountability-while-contracts-shift-r.html — 2025. Credibility: MEDIUM-HIGH — law firm client alert, not independent research; the 88% / 17% vendor contract statistics are drawn from market analysis, methodology not disclosed. Directionally accurate and corroborated by other sources.

  2. Mobley v. Workday, Inc., N.D. Cal. Case No. 3:23-cv-00706 — Multiple court filings via HRDive, Norton Rose Fulbright, Holland & Knight — 2024–2026. Credibility: HIGH — federal court docket, publicly filed orders.

  3. Harvard Journal of Law & Technology, “Redefining the Standard of Human Oversight for AI Negligence”https://jolt.law.harvard.edu/digest/redefining-the-standard-of-human-oversight-for-ai-negligence — 2025. Credibility: HIGH — academic law journal; proposes a framework; not yet adopted by courts as binding standard, but reflects the direction of doctrine.

  4. Jones Day, “A-Eye on Coverage: Maximizing Insurance for AI Risks Amid Emerging Exclusions”https://www.jonesday.com/en/insights/2026/04/aeye-on-coverage-maximizing-insurance-for-ai-risks-amid-emerging-exclusions — April 2026. Credibility: HIGH — major law firm insurance coverage practice; specific policy form analysis.

  5. Harvard Law School Forum on Corporate Governance, “The Hidden C-Suite Risk of AI Failures”https://corpgov.law.harvard.edu/2025/09/22/the-hidden-c-suite-risk-of-ai-failures/ — September 2025. Credibility: MEDIUM — commentary piece, no named case examples, useful for framing.

  6. Skadden, Arps, “Algorithmic Pricing Decisions Have Favored Defendants, but the Law Will Continue to Evolve in 2026”https://www.skadden.com/insights/publications/2026/2026-insights/litigation-controversy/algorithmic-pricing-decisions — 2026. Credibility: HIGH — Skadden antitrust practice analysis; specific case citations with outcomes.

  7. Internet Law Blog, “The Year in AI Law: 2025’s Biggest Legal Cases and What They Mean for 2026”https://www.internetlawyer-blog.com/the-year-in-ai-law-2025s-biggest-legal-cases-and-what-they-mean-for-2026/ — 2025-2026. Credibility: MEDIUM-HIGH — practitioner summary; case citations corroborated independently.

  8. Wiley Law, “2026 State AI Bills That Could Expand Liability, Insurance Risk”https://www.wiley.law/article-2026-State-AI-Bills-That-Could-Expand-Liability-Insurance-Risk — 2026. Credibility: HIGH — Wiley Rein regulatory law practice; specific bill numbers and penalty amounts.

  9. Manatt, Phelps & Phillips, “AI-Assisted Hiring Faces a New Compliance Landscape in 2026”https://www.manatt.com/insights/newsletters/employment-law/ai-assisted-hiring-faces-a-new-compliance-landscape-in-2026-california-and-illinois-put-discriminatory-impact-and-transparency-front-and-center — 2026. Credibility: HIGH — employment law practice; specific regulatory effective dates and statutory text.

  10. DOJ Statement of Interest, Optimal Blue Class Action — via National Law Review — https://natlawreview.com/article/ai-antitrust-landscape-2025-federal-policy-algorithm-cases-and-regulatory-scrutiny — 2025. Credibility: HIGH — DOJ filed brief in federal court; primary government source.

Brandon Sneider | brandon@brandonsneider.com April 2026