Agentic AI Liability

Third-party liability arising when an autonomous AI agent takes an unauthorized action, transacts on a user's behalf, or causes financial loss outside its intended scope.

Agentic AI liability is the third-party exposure that arises when an autonomous AI agent takes an action that causes harm. The agent goes beyond producing an output for human review: it executes, transacts, sends, deletes, books, purchases, or otherwise acts in the world on behalf of a user or a business. When the action is wrong (an unauthorized purchase, a sent email containing confidential information, a deleted file, an erroneous transaction, a contract executed on terms the user did not approve), the resulting harm is the agent's, and the deployer of the agent is the party held responsible.

The exposure is structurally different from the older hallucination case. A hallucination harms when a human relies on a wrong output; the human is in the chain. An agent harms by acting directly; the human may never have seen the action before it happened. That removes the traditional human-in-the-loop defense that has protected deployers in earlier AI matters and makes the deployer's liability harder to mitigate after the fact.

The market for agentic AI grew quickly in 2024 and 2025 with the release of agent frameworks from OpenAI, Anthropic, Google, and a wave of startups, and the corresponding insurance question has tracked it. Older Cyber and Tech E&O wordings were written for systems that produced outputs reviewed by humans; they did not contemplate an AI that signed a contract or executed a trade. Several carriers have introduced generative AI exclusions that sweep up agentic actions (the ISO CG 40 47 and CG 40 48 endorsements are the leading examples); others are extending affirmative coverage that names autonomous action, with sub-limits and strict underwriting around the deployed scope.

Underwriters of agentic AI risk focus on the boundary of the agent's authority. A clear authorization scope, hard limits on transaction size and counterparty, a kill switch the operator can invoke, and a human-in-the-loop checkpoint for actions above a threshold all reduce both the frequency and severity of agentic claims. Generative AI Liability policies written for agentic deployments typically condition coverage on the documented presence of these controls and treat their absence as a material change in risk.

Also known as

Agent Liability, AI Agent Liability, Autonomous AI Liability

Frequently asked

What controls do underwriters expect on an agentic AI deployment?

At a minimum: a documented scope of authority (what the agent can and cannot do, what counterparties it can transact with, what dollar thresholds apply); a human-in-the-loop checkpoint for actions above a defined materiality; logging of every agent action with timestamp and decision rationale; a kill switch the operator can invoke; and incident response procedures specific to agent actions gone wrong. Underwriters treat these as the operational controls equivalent to MFA on a Cyber renewal; their absence drives sub-limits or declination.

Is agentic AI covered under a standard generative AI liability policy?

Coverage depends on the wording. Some standalone generative AI liability forms explicitly include agentic actions in the Generative AI Errors and Unauthorized Data Disclosure insuring agreements, with appropriate sub-limits and controls conditions. Others carve agentic exposure out entirely or require a separate endorsement. As of 2026 the market is still differentiating: any broker placing coverage for an agentic deployment must confirm the specific wording responds to the actual deployed scope, not assume the standard form covers it.

Related terms

General information, not legal or insurance advice.