May 20, 2026|Coverage Compass
Many AI-related risks may be addressed under existing policies — but coverage depends entirely on policy language, endorsements, and exclusions.
Cyber Insurance
Cyber policies typically provide first-party and third-party coverage arising from network security events, data breaches, ransomware attacks, regulatory investigations, and certain media liabilities.
Regulatory liability insuring agreements often cover defense costs and penalties associated with privacy violations. Media liability coverage generally applies to third-party claims alleging defamation, invasion of privacy, or copyright infringement.
In their current form, most cyber policies do not yet contain express AI exclusions. For example, coverage may apply if an AI system exposes sensitive data due to a security flaw or unauthorized access.
For many cyber insurers, AI represents an acceleration of familiar risks — deepfakes, social engineering, and AI-powered phishing — rather than an entirely new category of exposure.
However, cyber policies often exclude contractual liability. Companies offering AI-powered products or services frequently agree to indemnify customers. Some cyber policies include coverage for liability assumed by contract, which can be a critical asset. If that coverage is absent, companies must carefully assess the uninsured exposure they are assuming.
Technology Errors & Omissions (Tech E&O)
Technology E&O policies provide coverage for third-party claims alleging wrongful acts, errors, or omissions in the performance of technology services, or the failure of a technology product to perform as intended.
Unlike many cyber policies, Tech E&O policies often cover breach of contract claims. However, they typically exclude bodily injury and property damage claims.
This exclusion becomes particularly significant for companies deploying AI in high-risk sectors such as healthcare, energy, manufacturing, or autonomous systems. If AI-driven products could result in bodily injury or property damage, companies must evaluate whether their Commercial General Liability policy fills that gap — or whether a gap exists.
For example, if a developer licenses an AI tool that produces inaccurate results or fails to function as represented, Tech E&O coverage may respond to resulting client claims.
This communication is not intended to create or constitute, nor does it create or constitute, an attorney-client or any other legal relationship. No statement in this communication constitutes legal advice nor should any communication herein be construed, relied upon, or interpreted as legal advice. This communication is for general information purposes only regarding recent legal developments of interest, and is not a substitute for legal counsel on any subject matter. No reader should act or refrain from acting on the basis of any information included herein without seeking appropriate legal advice on the particular facts and circumstances affecting that reader. For more information, visit www.buchalter.com.
