Through late 2025, more than 88% of businesses reported incorporating artificial intelligence (AI) into at least one business function.[1] Much has been written about the widespread adoption of AI. It presents businesses and their leaders with a massive opportunity to streamline process and reduce costs. But general counsel, legal departments and C-suite executives must also ask how adopting this technology interacts with the company’s existing risk portfolio and if it creates new sources of potential liability.
AI sits at the intersection of operational opportunity and corporate exposure. When a business integrates these tools, it does not solely outsource risk to a technology provider. The business assumes new layers of exposure that require careful risk management.
Successful businesses think ahead. At Lathrop GPM, our focus is on helping clients anticipate trends and plan for challenges. This post outlines how AI adoption changes corporate risk profiles and what can be done protect your organization from new risks.
The Changing Landscape of Corporate Risk
Deploying AI may allow companies to be more sophisticated in their operations, but that sophistication does not eliminate risk. Rather, AI tools – whether generative or agentic – simply redistribute risk across your organization. Companies deploying these tools internally or in customer-facing applications are likely to face new exposures that traditional risk management frameworks might miss.
These new layers of exposure include errors and omissions from AI-generated outputs. The AI tool may have received poor prompting or training or may simply make errors that the company or its customers then rely on to their detriment. Additionally, the company or its customers may rely on misrepresentations or system hallucinations – even well-trained AI tools are not foolproof. We have seen this repeatedly in the legal space with sophisticated law firms and, recently even the federal government, filing AI-generated legal briefs containing hallucinated case cites. Companies may also face regulatory investigations, compliance breaches and intellectual property infringement risks as AI systems are fed confidential information that may not be adequately protected.
Though there is an exploding market of AI vendors, vendor agreements do not provide a complete risk transfer solution. Many companies rely heavily on these external providers and may assume that their contracts will solve liability problems. This assumption is dangerous. Vendor agreements that are not negotiated by sophisticated counsel may contain weak or capped indemnity provisions. They may also include insurance requirements that fail to match the actual risk or that fail to apply industry best practices to transfer contractual risk to insurers. Businesses, for example, may fail to secure additional insured status where available by not including the proper language in the agreement; or may neglect to verify if the vendor’s actual insurance coverage is compliant with the contract – leaving your company the primary target for litigation if the AI fails.
Emerging Liability and Insurance Gaps
AI-related risks can implicate a wide variety of insurance coverage. Claims involving generative AI that is supporting a business providing professional services may implicate errors and omissions (a/k/a professional liability) policies. Matters involving bodily injury or property damage claims, or claims arising from AI-influenced advertisements or public statements may trigger a standard general liability policy. A data breach or data privacy claim tied to an AI system or vendor may implicate a cyber insurance program. As companies introduce AI into their hiring and other human resources processes, the risk of AI-related bias could supplement the already increasing wave of employment claims and risks that are typically covered by an employment practices liability insurance policy. Perhaps most importantly, the business decision-making of a company, its leaders and its employees – including even the decision of whether or how to adopt AI at all – opens the door to claims that would fall within a classic directors and officers (D&O) policy.
Insurance coverage for AI-related risks currently sits in a bit of a grey area. Your existing insurance policies may not have been issued with AI risks in mind and, consequently, may not respond the way you expect when claims arise. Many organizations are lulled into a false sense of security and assume their current programs – particularly their current cyber liability program – will cover technology-related losses or other losses where generative or agentic AI played a role. The legal presumptions applied to insurance policies favor finding coverage for such losses, but it is not a guarantee.
Further, insurers are already introducing new exclusions and narrowing policy language tied to machine learning and automated decision-making. At least one insurer group has already developed standardized Generative Artificial Intelligence Exclusion (Forms CG 40 47, CG 40 48, and CG 35 08) for commercial general liability policies. Another has added an “absolute” AI exclusion for management, professional and fiduciary liability products.
Why This Matters for Policyholders
Insurers are starting to pay close attention to how organizations use AI tools (and even adopting such tools themselves). We expect that insurance carriers will continue to introduce AI specific exclusions and endorsements, as well as engage in more aggressive underwriting scrutiny of how companies deploy AI and govern its use.
Businesses with heavy reliance on these tools face potential premium impacts, or a risk of noncoverage for common claims that will now have an AI-related aspect. The window to proactively structure coverage is closing rapidly. Companies looking to get ahead of inevitable claims must integrate these new capabilities and risks into their larger risk management strategies.
One potentially effective strategy is to think about AI tools as new employees that create insurable risks. Generative AI, for example, can be trained to execute specific tasks. But, like any good employee, it must be coached and monitored. When a claim hits, the question will not be whether your business used the technology. The question will be whether your insurance program and commercial contracts were built to handle the fallout.
Next Steps for Risk Management
Organizations that address these exposures proactively will gain a significant advantage over those who wait to discover coverage gaps during a claim. To safeguard your business operations, consider taking the following immediate steps:
- Review enterprise-wide technology use: First, you must understand where these tools are deployed to measure the corresponding exposure.
- Audit your insurance policies to map specific uses to existing insurance: This process helps identify and address critical gaps in your risk transfer strategy.
- Negotiate policy language proactively: Work with your brokers and outside coverage counsel before a claim arises to secure terms that affirmatively cover these emerging risks.
- Strengthen contractual risk transfer: Enhance your agreements with vendors by demanding appropriate indemnity and verifiable insurance requirements.
- Align internal governance with policy requirements: Ensure your internal governance protocols align with the stipulations of your insurance policies.
A Proactive Approach to Risk Transfer
AI is creating a new category of insurable risk in real time. Companies that integrate robust risk assessments, compliance management and real-time analytics into their operations will reduce legal risks and improve decision-making speed. Securing the right insurance coverage and contractual risk transfer is a critical component of that strategic growth.
If you have questions about commercial insurance coverage or mitigating technology-related liabilities, please contact the author of this post or your regular Lathrop GPM attorney.
[1] McKinsey & Company, The state of AI in 2025: Agents, innovation, and transformation (Nov. 5, 2025), available at: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai.