Silent AI Coverage Is Ending. Now the Evidence Problem Starts.
Insurers are dropping silent AI coverage and adding hard exclusions. For enterprises running agentic workflows, that turns governance into a live documentation problem.
For years, AI liability sat quietly inside existing insurance policies. Nobody had to think much about it. The coverage was implied — AI was just software, and software errors were a known risk category.
That era is ending. And what replaces it will force enterprises to treat AI governance as an evidence problem, not just a compliance exercise.
The insurance market just changed
Three things happened in a short window. Major carriers including AIG, Great American, and WR Berkley began introducing exclusions for AI-related claims. Some policies now include "absolute AI exclusion" endorsements — language that removes coverage entirely for harm arising from AI outputs, decisions, or training. At the same time, a smaller group of specialist insurers, Armilla and Founder Shield among them, moved in the opposite direction: building affirmative AI coverage products designed specifically for hallucinations, model malfunctions, and autonomous-agent mistakes.
The result is a market split that enterprises haven't had to navigate before.
Jonathan Mitchell, head of Founder Shield's financial sector practice, told AFP that insurers have moved past their "wait-and-see approach." Phil Dawson, head of AI policy at specialist insurer Armilla, put the challenge plainly: "The whole intent of using advanced AI is to substantially replace human assistance and oversight in decisions. That really challenges some of the fundamental logic of existing insurance coverage."
Munich Re, which covers both AI model developers and enterprise users, isn't claiming the risk can be engineered away. "This risk of a model making errors or hallucinating cannot be fully avoided in any technical way," said Michael von Gablenz, Munich Re's head of AI insurance. "AI systems, at the end of the day, are statistical models; and any statistical model has uncertainty in it."
That's an important admission from the reinsurance market. The problem isn't model quality alone. It's that the behavior of autonomous systems is hard to predict and harder to price. Willis Towers Watson analysts Sonal Madhok and Anat Lior argued in a research paper late last year that silent AI coverage would eventually end — that the industry would need to confront AI risk explicitly, much as it eventually had to with cybercrime. That prediction is now playing out.
This isn't really an insurance story
Yes, premiums matter. But the more significant shift is what getting (or keeping) coverage now requires.
Armilla tests AI models for vulnerabilities before committing to coverage and evaluates whether a client's risk management framework meets international standards. Founder Shield builds "AI malfunction and hallucination" scenarios directly into professional services policies — and charges accordingly based on governance maturity.
What this means in practice: the underwriting conversation now includes questions enterprises weren't prepared to answer. What's your model inventory? Where are your testing and validation records? Can you produce your incident-response procedures? How do you document human oversight? What does your vendor chain look like for the models you've deployed?
For companies where agentic AI is already in operational workflows — handling procurement decisions, customer interactions, compliance checks, support triage — these aren't hypothetical questions. They're due diligence items. The governance frameworks most enterprises built during the AI copilot era weren't designed for this.
The documentation burden no one planned for
Lexology's coverage of the exclusion wave spells out what organizations may need to keep current to negotiate coverage and defend claims: model inventories, risk registers, testing and validation records, incident-response procedures and logs, human-oversight documentation, vendor and provider-chain records, change-management history, and workflow boundaries with approved use cases.
That's a significant list. And it's not a one-time audit. AI governance is perishable. Policies change. Vendor terms update. Models get swapped. Workflows expand beyond their original boundaries. A governance document that was accurate six months ago may now describe a system that no longer exists in the form it documents.
The operational reality behind this is worth naming directly. Insurance Business recently reported that 14% of operational budgets at insurance firms are already being spent fixing manual process errors, with settlement cycles now stretching beyond 60 days for nearly half of carriers surveyed. The industry that's being asked to price AI risk is itself dealing with fragmented data, spreadsheet dependence, and processes that don't scale. The carriers doing the underwriting have an intimate view of what operational documentation chaos looks like — and they're not going to underwrite it in others.
Why governance fails when the knowledge layer is weak
The way most enterprises talk about AI governance, you'd think it's a policy memo problem. Write the policy, get sign-off, file it somewhere.
The insurability version is harsher. When agentic AI systems are operating at scale, the question isn't whether governance documentation exists — it's whether it's current, consistent, and retrievable. An underwriter asking to see incident-response procedures wants to know what the agent actually follows today, not what someone wrote at deployment.
This is where the knowledge layer underneath AI governance breaks down in practice. Incident procedures live in one document. Approved use cases live in another. Vendor terms are buried in contracts stored somewhere in legal. The model's actual behavior has drifted from what the original risk register described. None of these documents are wrong exactly — they're just not consistent with each other, and nobody has a clean view across all of them at once.
Contradictions between policy language, actual workflows, vendor agreements, and incident procedures don't just create coverage risk. They create claims defense risk. When something goes wrong — and with autonomous agents operating at scale, something eventually will — a company needs to reconstruct exactly what the system was authorized to do, what it actually did, and what the oversight process looked like at that moment. Fragmented, stale, or contradictory records make that reconstruction very difficult.
The failure pattern here is consistent: enterprises deploy capable AI, build governance documentation at launch, and then watch that documentation drift as the system evolves. The agent keeps running. The records don't keep up.
What enterprises should do with this
A few practical conclusions.
If agentic AI is already in your operational workflows, insurability needs to be part of any expansion conversation. Not just "can we get coverage," but "what does underwriting due diligence look like and are we prepared for it." Getting ahead of this is much easier than trying to reconstruct governance documentation after an incident.
The companies that will be best positioned for underwriting reviews, regulatory audits, and claims defense are the ones with governance records that are maintained continuously — not assembled retroactively. Model inventories that reflect the current state. Risk registers that update when workflows change. Incident logs that are complete. Vendor chain documentation that stays current as integrations evolve.
That kind of discipline doesn't come from quarterly audits. It comes from treating governance documentation as a live, queryable system rather than a filing cabinet. The records need to answer questions on demand, not after a week of scrambling.
Beyond insurance specifically, this is a preview of how regulated and risk-sensitive industries will evaluate AI readiness going forward. Healthcare, financial services, legal, and government procurement all face versions of the same question: when something goes wrong, can you show us exactly what this system knew, what it was authorized to do, and who was watching? The enterprises that can answer that question cleanly — without a fire drill — will have a structural advantage as AI governance moves from voluntary to mandatory in more sectors.
AI adoption is increasingly constrained not by technical capability but by evidence discipline. The models are good enough. The question is whether the records are.