The Coverage Trap Most AI-Deploying Businesses Don't Know They're In
Photo by Annie Spratt on Unsplash
- U.S. generative AI-related lawsuits surged 978% from 2021 to 2025, with 700+ cumulative filings — and the pace is still accelerating.
- ISO/Verisk formalized two new CGL endorsements in January 2026 that explicitly carve AI liabilities out of standard commercial general liability policies.
- 63% of businesses had deployed AI by end of 2025, yet fewer than half had formal AI risk management frameworks — a widening exposure gap.
- New standalone AI liability products from Testudo and Armilla now exist, but require documented risk controls as a condition of coverage.
The Evidence
978%. That's the growth in U.S. generative AI-related lawsuits from 2021 through 2025 — and it may be the most important number your commercial insurance broker hasn't mentioned yet. According to reporting by Google News Insurance and Risk & Insurance, cumulative GenAI-related U.S. filings surpassed 700 between 2020 and 2025, with year-over-year acceleration hitting 137% in the 2024–2025 period alone.
That lawsuit surge coincided with a formalization of what the insurance market had been quietly doing for years. In January 2026, the Insurance Services Office (ISO/Verisk) — the standards body whose policy language underpins most U.S. commercial policies — introduced two optional commercial general liability (CGL) endorsements. The first, designated CG 40 47, is the broader of the two: it explicitly excludes generative AI-related liabilities from both Coverage A (bodily injury and property damage — think a customer harmed by an AI-generated medical recommendation) and Coverage B (personal and advertising injury — think defamatory content generated by an AI writing tool). The second, CG 40 48, applies only to Coverage B and is narrower in scope.
Neither endorsement leaves AI risks covered by default. A March 2026 report from Gallagher Re confirmed the problem extends across every major policy type. As that report stated, "existing insurance coverage remains fragmented, with cyber, technology E&O, product liability, and CGL policies only partially addressing AI-related exposures — many AI risks including hallucinations, algorithmic bias, and regulatory fines are either excluded or fail to trigger under traditional policies."
What It Means for Your Coverage
Think of traditional business insurance as a load-bearing wall engineered for specific stresses — fire, slip-and-fall, employee injury. Deploying generative AI without updating your policy coverage is like installing industrial equipment in that same structure and expecting the original architecture to absorb the new load. The wall was never designed for it.
The scale of exposure is substantial. By the end of 2025, 63% of businesses had fully or partially operationalized AI, up from 45% the prior year. Yet Gallagher Re's research found that fewer than half of those companies had adopted formal AI risk management frameworks. That combination — widespread deployment without governance infrastructure — is precisely the profile that insurers are now pricing against.
Chart: Among businesses deploying AI, fewer than half have formal risk frameworks — and roughly half of AI-related claims were not fully covered by existing standard policies (Gallagher Re, March 2026).
Gartner's April 2026 research adds dimension to the forward risk picture. The firm projected that more than 2,000 legal claims linked to AI incidents — including what it described as "death by AI" incidents — will be brought worldwide by end of 2026. Separately, Gartner predicts AI regulatory violations will drive a 30% increase in legal disputes for tech companies by 2028, and that by 2030, P&C insurers will mandate robust AI risk controls as a prerequisite for affirmative AI liability coverage.
Gartner's guidance to corporate legal teams was unambiguous: "General Counsel should lead an initiative to assess current insurance coverage for AI risks, reviewing existing policies to determine the current level of coverage and gaps — AI risk is not sufficiently addressed through the combination of internal risk management practices and traditional business owners' insurance policies alone."
Gallagher Re's survey supplies the most concrete claims management signal yet: 1 in 5 insurance professionals reported that a client had experienced a loss or claim tied to AI-related risks in the past 12 months — and just over half of those claims were fully covered by existing policies. That means roughly 1 in 10 businesses in the industry's own client base faced an AI claim that standard coverage didn't fully pay. As Smart Legal AI recently highlighted, AI governance now has real enforcement deadlines — and companies treating risk assessment as a future concern are building legal exposure today.
Gallagher Re also raised a systemic concern that goes beyond individual policy gaps: "Flaws in widely adopted foundation models may generate correlated losses across sectors, creating accumulation risk that is difficult to model using existing actuarial approaches." In other words, a single defect in a widely deployed AI model could trigger simultaneous claims across thousands of businesses — a scenario that conventional actuarial modeling was never designed to absorb.
Photo by Compagnons on Unsplash
The AI Angle
The coverage vacuum above has not gone unaddressed by the insurtech market. Two purpose-built AI liability products launched in the past 18 months, each taking a distinct underwriting approach to a risk that traditional carriers weren't structured to price.
Testudo entered the market in January 2026 with a claims-made policy (meaning coverage applies at the time a claim is filed, not when the underlying incident occurred — an important distinction for AI errors that may surface months after deployment). The product targets mid-to-large enterprises deploying generative AI, offers policy limits up to $8.5 million, and is backed by Lloyd's of London capacity including Apollo and other syndicates. The company's underwriting process incorporates automated risk assessment tools to evaluate an enterprise's AI deployment profile before binding any coverage.
Armilla, backed by Chaucer and Axis Capital, launched its standalone AI liability product in 2025 with a distinctive underwriting condition: ongoing model quality assessments throughout the policy period. For businesses conducting an insurance comparison between these two products, the criteria differ in meaningful ways — Testudo focuses on deployment profile at inception, while Armilla ties coverage continuity to demonstrated model performance over time. Gartner projects a 60% increase in enterprise AI security and governance spending by 2030, driven largely by these kinds of insurer-mandated controls becoming standard practice across the industry.
How to Act on This
Most commercial renewals from early 2026 forward may already incorporate the ISO CG 40 47 or CG 40 48 endorsements. Read your declaration page and all attached endorsements carefully — if you see references to "artificial intelligence," "automated decision systems," or "machine learning outputs," understand precisely what is excluded and under which coverage parts. This is the foundation of any productive claims management conversation with your broker. Insurance savings at renewal often begin with this kind of policy audit, not with shopping new carriers cold.
Gartner recommends that General Counsel lead this initiative, and the reasoning is sound: legal and insurance functions need to work together to map every AI tool your organization uses — including generative AI embedded in third-party software you license. Identify which tools touch customer outcomes, financial recommendations, medical data, or regulated content generation. That map becomes the basis for an honest insurance comparison between your current policy coverage and available standalone alternatives. Businesses that complete this work before renewal approach their broker from a position of informed leverage rather than reactive uncertainty.
Products like Testudo and Armilla require documented AI governance practices to bind coverage — if those don't exist today, that gap needs to close before applying. Ask specifically about policy coverage for hallucination-related losses, algorithmic bias claims, and regulatory fines, since those are the three categories Gallagher Re flagged as most commonly excluded under traditional policies. Potential insurance savings from identifying and closing a coverage gap before a claim surfaces typically outweigh the standalone annual premium by a meaningful margin. Always consult a licensed insurance professional for a personalized risk review tailored to your deployment profile.
Frequently Asked Questions
Does my existing commercial general liability policy cover AI-related lawsuits filed in 2026?
Most standard CGL policies now include or offer the ISO CG 40 47 or CG 40 48 endorsements introduced in January 2026, which formally exclude generative AI liabilities. Whether your specific policy has adopted these endorsements depends on your insurer and renewal date. Even before these endorsements took effect, Gallagher Re found that AI risks including hallucinations, algorithmic bias, and regulatory fines frequently failed to trigger coverage under traditional policy language. A claims management review with a licensed broker is the only reliable way to determine your actual exposure position. Always consult a licensed insurance professional before assuming any coverage applies to a specific AI incident.
What types of AI incidents are actually excluded from standard cyber and commercial general liability policies?
According to Gallagher Re's March 2026 analysis, the most commonly excluded or non-triggering AI incidents include AI hallucinations (false outputs that cause financial or physical harm to a third party), algorithmic bias claims (discriminatory decisions affecting protected classes), regulatory fines tied to AI governance violations, and correlated losses from defects in widely adopted foundation models. Cyber policies were designed primarily for data breaches and ransomware — not AI-generated errors. A risk assessment that maps each of these categories against your current policy language is the essential starting point before pursuing any standalone coverage options.
How does the ISO CG 40 47 AI endorsement differ from CG 40 48, and which one applies to my business?
CG 40 47 is the broader exclusion, removing AI-related liabilities from both Coverage A (bodily injury and property damage) and Coverage B (personal and advertising injury). CG 40 48 applies only to Coverage B. The practical difference depends on your AI use case: a business whose AI system makes recommendations with health or financial consequences carries a different Coverage A exposure than one using AI only for marketing content generation. Both endorsements took effect in January 2026. Consult a licensed agent for a specific analysis of which applies to your situation and what it means for your policy coverage going forward.
Will deploying generative AI tools increase my commercial insurance premiums going forward?
Industry analysts and Gartner research both suggest the answer is yes — though the magnitude depends heavily on your governance posture. Gartner projects a 60% increase in enterprise AI security and governance spending driven by insurer mandates by 2030, and underwriters are already pricing standalone AI products based on documented risk controls, AI tool types deployed, and prior claims history. Businesses with mature governance programs should demonstrate lower risk profiles and fare better in an insurance comparison between available products. Those without documentation may face higher premiums or coverage exclusions. A licensed insurance professional can help you understand how your specific AI footprint will be evaluated at renewal.
Is standalone AI liability insurance worth the cost for a small or mid-size business already deploying generative AI tools?
It depends on how your AI tools interact with customers, decisions, and regulated industries. Gallagher Re's survey found that roughly 1 in 5 insurance professionals had a client face an AI-related claim in the past 12 months — and about half of those claims weren't fully covered. For businesses using generative AI in customer-facing, healthcare, financial services, or legal contexts, that represents a meaningful uncovered exposure that grows as lawsuit volumes climb. Products like Testudo and Armilla currently target mid-to-large enterprises, but the market is expanding rapidly. Potential insurance savings from identifying a coverage gap before a claim occurs typically outweigh the annual standalone premium by a significant margin. Always work with a licensed insurance agent for guidance specific to your situation.
Disclaimer: This article is for informational purposes only and does not constitute insurance advice. Always consult a licensed insurance agent for personalized guidance.
Get NewsLens — All 19 Channels in One App
AI-powered news with action steps. Install free, works offline.
No comments:
Post a Comment