Insurance Policies Are Failing to Cover AI Risks. Your Vendor Contracts Likely Won't Help.
A study by Gallagher Re, published with MIT and Testudo Global Inc., found that traditional insurance policies exclude the very liabilities AI systems create. At the same time, vendors supplying AI tools are structured to avoid bearing those risks. The result: enterprises deploying AI face a coverage gap where contractual indemnification may be their only protection-and that protection is often illusory.
The insurance industry is not merely lagging behind AI risk. It is actively retreating from it. In 2025 and 2026, insurers have begun limiting or excluding coverage for AI-related losses, reinforcing structural gaps that leave organizations exposed.
How the Coverage Gap Works
Most AI vendor agreements cap total liability, including indemnification, at 12 months of fees. For an enterprise paying $100,000 annually, that means a $100,000 ceiling regardless of actual damages that could reach into the hundreds of millions.
Technology Errors & Omissions policies-the coverage most relevant to AI vendors-often exclude hallucination-related losses, IP infringement, and data disclosure through outputs. When a vendor agrees to indemnify, it may have no insurance to fund that obligation.
Enterprise customers cannot fill this gap with their own policies. Tech E&O coverage is designed for vendors and suppliers of technology. An enterprise deploying an AI tool to serve its own customers is using someone else's technology, not providing technology services. Its Tech E&O policy, if it has one, likely does not respond to claims arising from that deployment.
In 2025, the Insurance Services Office introduced optional generative AI exclusions for 2026 commercial general liability policies. These endorsements exclude coverage for bodily injury, property damage, or personal and advertising injury "arising out of generative artificial intelligence." The definition is notably broad, encompassing nearly any machine-based system capable of producing text, images, audio, video, or code.
Several major carriers have already adopted these exclusions. Parallel exclusions are emerging in directors' and officers' liability policies, with some D&O forms now excluding claims "arising out of" any use, development, or disclosure relating to AI-broad enough to capture governance failures, regulatory inquiries, and disclosure-based claims.
Where the Risk Concentrates
The breadth of these exclusions creates acute exposure in healthcare, where AI is embedded in clinical workflows, diagnostic tools, and medical devices. AI systems now handle clinical documentation, imaging analysis, medication safety, and treatment recommendations-functions that directly implicate patient outcomes and liability risk.
Early data shows the risk is not theoretical. One in five commercial insurers reported an AI-related loss in 2025, and only about half of those losses were fully covered. More than 200 active legal cases involving AI implicate multiple coverage lines, including cyber, employment, product liability, and professional liability.
U.S. generative AI lawsuits exceeded 700 by early 2025, with filings up nearly tenfold since 2021. The dominant claim categories-patent infringement, copyright, and personal injury-align with the coverage gaps identified in the Gallagher study.
What Vendor Contracts Actually Say
AI vendor contracts heavily favor vendors. Courts and regulators increasingly treat AI-driven failures as the responsibility of the deploying business, not the technology vendor. The party with the least control over the underlying technology-the enterprise customer-is expected to absorb the downstream liability.
Standard AI vendor agreements include indemnification for third-party IP claims, but these protections are structurally limited. Most agreements cap total liability at 12 months of fees.
AI vendors also routinely disclaim performance warranties, leaving deployers without recourse when AI systems underperform or hallucinate. From the vendor's perspective, aggressive limitation of liability provisions are essential risk management given the absence of adequate insurance. If a vendor cannot insure against AI-native liabilities, it will limit contractual exposure through sub-caps on indemnity obligations, consequential damages waivers, and performance warranty disclaimers.
Being named as an additional insured on a vendor's policy provides protection only to the extent the underlying policy covers the loss. If the vendor's policies exclude AI-specific risks-hallucinations, IP infringement, algorithmic bias, or AI-generated content claims-then additional insured status provides no meaningful protection against those risks.
How to Protect Yourself in Negotiations
Before signing, require vendors to produce insurance certificates and confirm coverage for AI-native risks: hallucinations, output liability, IP infringement, and algorithmic discrimination. If coverage is absent, you bear the risk that indemnification is unfunded.
Demand IP indemnification outside general liability caps. According to the Gallagher study, IP and copyright claims represent over 23% of generative AI litigation, making this a high-exposure area where you have legitimate grounds to insist on robust protection.
Make AI-specific insurance a contract condition. If the vendor cannot obtain adequate coverage, that signals something about the risk you are being asked to accept.
Carve out third-party claims arising from AI outputs from any consequential damages waiver. Without this protection, you may have no recovery for reputational harm, regulatory penalties, or lost business.
Reject blanket performance warranty disclaimers. You are entitled to know what the AI will do and to hold the vendor accountable when it fails. Insist on specific accuracy thresholds, service levels, or remediation obligations.
Enterprise customers have more leverage than vendors typically acknowledge. Understanding that aggressive limitation of liability provisions reflect the vendor's own uninsured risk position changes the negotiation calculus. The vendor is not merely seeking favorable commercial terms; the vendor is attempting to pass uninsurable risk downstream.
What's Changing in the Market
Standalone AI coverage is emerging, and some insurers have introduced AI-specific endorsements. But these products are new, uptake is limited, and many vendors have not yet obtained them.
For organizations with captive insurance structures, this environment presents both risk and opportunity. Captives may need to determine how AI-related claims will be treated, including decisions around capital allocation, underwriting criteria, and alignment with governance frameworks. Captives that proactively collect AI incident data and integrate governance expectations into coverage design will be better positioned to address gaps left by the commercial market.
Two legal questions remain unsettled: how data protection rules apply to generative AI and whether training on copyrighted material constitutes infringement. These uncertainties contribute to insurers' conservative stance, favoring broad exclusions over tailored underwriting.
The Bottom Line
AI vendor contracts allocate risk in ways that favor vendors. Standard vendor agreements may provide indemnification that is functionally illusory, capped at modest amounts and unsupported by insurance coverage.
For insurance professionals, this creates both risk and opportunity. The question is no longer whether AI will create liability, but whether contractual risk allocation will reflect the true distribution of recoverable damages when that liability materializes.
Sophisticated commercial teams can differentiate by understanding these dynamics and negotiating protections accordingly. The vendor's indemnity may be your only protection-unlike other vendor relationships where contractual indemnities serve as a backstop to your own insurance. That makes getting the contract right not a nice-to-have, but essential.
Learn more about AI for Insurance and AI for Legal to deepen your understanding of how AI affects risk management and contract analysis.
Your membership also unlocks:
