By the Editors · Published 1 June 2026 · 12 minute read

When your AI agent makes a financial mistake: what now.

Your AI agent published a product price that was off by 90 percent. Your AI assistant told a customer the wrong interest rate and they acted on it. Your agentic AI submitted a purchase order that was never authorised. All three scenarios are real risks for SME operators deploying AI in 2026. Each one creates a different legal exposure, lands differently in your insurance programme, and requires a different response in the first hours after you discover it. This guide walks through all three.

Key takeaways

  • Operators are responsible for what their AI agents communicate to customers, regardless of whether the error was caused by the underlying model or the deployment configuration. The Air Canada case confirmed this in 2024 and it is the starting principle for every scenario in this guide.[1]
  • Standard business insurance, including general liability, cyber, and most professional indemnity policies, was not written with AI agent errors in mind. Coverage is often absent or contested. The specific policy types that may respond are Technology Errors and Omissions, Professional Indemnity with an AI endorsement, and Cyber with an AI extension, each covering a different slice of the risk.
  • Agentic AI that can take external actions (place orders, make bookings, commit funds) creates the most acute exposure because the harm exists before you are aware of it. Scope constraints and financial thresholds set in advance are the primary technical defence; they are also what underwriters ask for at placement.
  • From December 2026, the revised EU Product Liability Directive treats AI software as a product. An SME deploying AI that causes financial harm to customers faces strict liability exposure under that framework regardless of whether they wrote the model or simply deployed a third-party tool.[2]

Section 1: Pricing errors

What happens

An AI agent is given access to your pricing logic, your product catalogue, or your dynamic pricing system, and sets a price that is materially wrong. Either too low, because a misconfiguration caused the model to apply a discount rule it was not supposed to, or too high, because the model pulled from an outdated data source. Customers see the price, some of them transact at it, and by the time your team notices, you have a batch of orders filled at the wrong amount.

This scenario is not theoretical. It has happened to e-commerce operators who integrated AI-driven repricing tools and set guardrails that were too wide. The gap between a test environment and production pricing can be one configuration value. If the agent publishes the price to a live storefront and transactions occur at that price, you have a problem that contract law, consumer protection regulation, and your insurer will each assess differently.

Legal exposure

Under contract law in most European jurisdictions, a unilateral mistake by the seller does not automatically void a contract. If a customer accepted a clearly displayed price in good faith and completed a purchase, the vendor who wants to cancel or adjust that transaction carries the risk of a breach of contract claim. Whether the mistake was made by a human or an algorithm does not change the customer's position: they saw a price, they paid it, and they have a reasonable expectation of receiving what they paid for.

The exception is where the error is so obvious that no reasonable customer could have believed the price was genuine. A EUR 1,200 laptop listed at EUR 12 may satisfy this threshold in some jurisdictions; a EUR 1,200 laptop listed at EUR 980 probably does not. If the incorrect price was within a plausible range, the argument that customers should have known it was a mistake is weaker.

Consumer protection regulations add a separate layer. In the EU, the Omnibus Directive and the Consumer Rights Directive impose obligations around pricing transparency and the right to remedies for misleading commercial practices. A systematically incorrect AI-generated price that affects a large number of customers could attract regulatory attention beyond the individual contract disputes.

Does standard insurance cover it?

Standard business insurance does not cover pricing errors caused by AI agents. General liability policies respond to bodily injury and property damage, not commercial losses arising from incorrect price data. Professional indemnity policies are more relevant but only where the pricing function was classified as a professional service and only where the AI's output counts as a covered error under the specific policy wording. Many professional indemnity policies define professional services by reference to the regulated or qualified activities of named individuals, and an AI repricing tool operating without human review does not fit that definition cleanly.

Technology Errors and Omissions insurance is the most relevant coverage type for pricing errors caused by AI tools integrated into e-commerce systems. Technology E&O responds to errors in software products and technology services that cause customer loss. If you are a technology business or a business where the pricing integration is clearly a technology service, Technology E&O with explicit AI coverage is the policy to check. For operators who use an off-the-shelf AI repricing tool rather than building their own, the technology vendor's E&O coverage may respond first, though the terms of your vendor contract will determine whether you can make a claim against them.

Key exclusions to watch for: deliberate acts exclusions (if the AI was intentionally set to push prices dynamically, a carrier may argue the deployment was intentional even if the outcome was not), contractual liability exclusions (losses you assumed under contract by publishing a price), and AI-specific exclusions added at recent renewals which remove coverage for AI-generated outputs entirely.

Practical response

Stop the agent from making further pricing decisions immediately. Document the affected transactions: order numbers, timestamps, prices published, prices that should have applied. Do not cancel or modify orders before consulting legal counsel and your insurer, because the act of cancellation may itself trigger claims. Notify your carrier of a potential claim event within the notification window specified in your policy. The notification window matters: late notification is one of the most common grounds for coverage denial.

Section 2: Advice errors

What happens

A customer-facing AI assistant is asked a financial question. It gives a wrong answer: the wrong interest rate on a loan product, an incorrect calculation of how much a tax deduction will save, a misstatement of how a pension contribution affects take-home pay. The customer acts on that information. They make a financial decision based on what your AI told them. The harm is downstream and sometimes not visible until months later.

This is the scenario closest to what the Air Canada chatbot case resolved. In Moffatt v. Air Canada, the tribunal found that Air Canada was responsible for the incorrect bereavement fare policy information its chatbot provided to a customer, even though Air Canada argued the chatbot was a separate entity and even though the correct policy was published elsewhere on the website. The customer relied on what the chatbot said. Air Canada was bound by that reliance.[1]

The principle from that case applies directly to AI assistants giving financial information to customers. If your AI tells someone the wrong thing about a financial product or transaction you provide, and they act on it, the fact that a human did not say it does not protect you.

Legal exposure

Advice errors in financial matters carry some of the highest per-claim values of any AI mistake type, because the losses can be calculated precisely and because the causal chain is clear: the customer was told X, they acted on X, and the gap between X and the truth is the loss. Courts and tribunals have shown willingness to quantify and award these losses. The Air Canada tribunal awarded damages of CAD 650 plus interest, a small amount, but the reasoning it applied scales to much larger losses without modification.

In the EU, this exposure is amplified by the regulatory environment. Article 5(1)(b) of the EU AI Act prohibits the use of subliminal or manipulative AI techniques that exploit vulnerabilities to cause individuals to make financial decisions against their interests.[3] While this provision targets manipulation rather than honest mistakes, an AI that consistently gives incorrect financial information could attract regulatory scrutiny under this provision alongside the civil claim. For businesses in the financial services sector, sector-specific regulation (MiFID II, IDD, the Consumer Duty in the UK) adds additional obligations around the accuracy of information provided to customers and the suitability of automated advice. An AI assistant giving financial information in those sectors operates within a regulatory compliance framework, not just a liability one.

The Mata v. Avianca case adds a dimension relevant to any professional deploying AI to generate content presented as accurate. In that case, lawyers who submitted AI-generated case citations that turned out to be fabricated were sanctioned by the court for failing to verify the AI's output before relying on it.[4] The principle is direct: using AI to produce work that is then presented to others as accurate transfers the verification responsibility to the professional or operator deploying the AI, not to the model itself. If your AI assistant tells a customer the wrong pension tax rate and you presented the assistant as a reliable source of financial information, you have a verification failure that courts and regulators will hold against you.

Does standard insurance cover it?

Professional Indemnity insurance is the most directly relevant policy type for advice errors, and it is also the most problematic. A well-drafted professional indemnity policy covers errors, omissions, and breaches of professional duty in the provision of professional services. The question is whether advice given by an AI assistant constitutes professional services within the policy's scope, and whether the AI's error constitutes a covered error or omission by the insured.

Many PI policies define professional services by reference to the activities described in the Schedule or the services for which the insured holds a professional qualification. An AI chatbot deployed on a retail banking website to answer customer questions about mortgage rates may or may not fall within the definition, depending on how the policy was written and whether the insurer anticipated AI-generated advisory interactions. A broker who has not been told about the AI deployment cannot give you a reliable opinion about whether coverage applies.

The correct approach is to disclose the AI advisory deployment to your insurer at renewal, describe the categories of financial information the AI provides, and obtain written confirmation that these interactions fall within the policy's professional services definition. If the insurer adds an exclusion rather than confirming coverage, that tells you something you need to know before a claim arises rather than after.

Technology E&O is a secondary option for advice errors where the AI advisory tool is clearly a technology product rather than a professional service. If the AI is embedded in your product as a feature rather than provided as a service you are responsible for supervising, Technology E&O may sit closer to the relevant coverage category. The distinction is not always clear and depends on the specific deployment.

Cyber insurance is unlikely to respond to advice errors. Cyber policies are structured around the operational disruption and data exposure caused by security incidents. An AI giving wrong interest rates is not a cyber incident. It is an accuracy failure in a client-facing system, and that falls outside the cyber trigger in virtually all standard policy wordings.

Practical response

Identify the scope of the incorrect advice: how long was the AI giving wrong information, how many customers may have been affected, and what category of decision was impacted. If the error was in a live financial product or rate calculation, notify your compliance team immediately, because sector regulations may require proactive customer notification and remediation. Preserve all conversation logs from the affected period. Notify your insurer. Do not communicate with affected customers about compensation or remediation without legal review of the communication.

Section 3: Unauthorised actions

What happens

This is the agentic scenario. Your AI is not just answering questions or generating content. It is connected to external systems and can take actions: submitting purchase orders, making bookings, sending communications on your behalf, executing API calls that commit funds or resources. In this configuration, an error is not a wrong answer that a human will review before acting. It is a transaction that has already happened before you knew about it.

The failure mode specific to agentic AI is scope creep: the agent interprets its instructions broadly and commits to something outside what you intended. A procurement AI instructed to "maintain stock levels" places a large order because it modelled a demand spike that did not materialise. A scheduling AI books a conference facility for 200 people when you asked it to find a meeting room for 20. A financial AI agent, given access to your payment systems, initiates a transfer based on a misinterpretation of its approval parameters.

The legal and insurance consequences of unauthorised agent actions are distinct from the other two scenarios because the harm is not to a customer who relied on wrong information. It is to your own business through commitments made without authorisation, or to a third party who received a commitment they were entitled to rely on.

Legal exposure

Agency law determines whether a commitment made by your AI agent binds you. In most jurisdictions, a principal is bound by acts taken by an agent within the actual or apparent scope of the agent's authority. Actual authority is what you explicitly authorised the AI to do. Apparent authority is what a third party could reasonably conclude the AI was authorised to do, based on how you presented and deployed it.

If your AI agent is integrated with your ordering system and presents itself to vendors as your procurement agent, a vendor who receives an order from that agent has reasonable grounds to believe the order was authorised. You may have difficulty cancelling the order on the grounds that the AI exceeded its instructions, because the vendor had no way of knowing what the AI's internal scope constraints were. Your contractual right to rescind depends on whether you can establish that the agent acted outside its actual authority and whether the vendor had notice of those constraints.

The internal dimension is equally serious. Funds committed by an AI without authorisation are funds at risk. If the commitment has already been executed (a payment sent, a contract signed, a booking confirmed with a deposit taken), unwinding it may require legal action, may not be possible at all, or may itself trigger a breach of contract claim. The financial exposure from a single unauthorised agent action can be significant, and the timeline is compressed because the harm exists before detection.

Does standard insurance cover it?

This is where the coverage picture is most complex. The applicable policy type depends on the nature of the unauthorised action and where the loss lands.

If the AI committed funds belonging to the business without authorisation, a Crime or Fidelity policy may respond, because the economic profile resembles an internal fraud or misappropriation. Crime policies that have been updated to address AI-specific risks may include coverage for AI-initiated financial commitments. Crime policies that have not been updated will likely require the loss to fit the traditional employee dishonesty or computer fraud definitions, which creates coverage uncertainty for AI actions that were not technically fraudulent, just out of scope.

Technology E&O is the most likely respondent where the AI was a technology product deployed as part of your business operations and the loss resulted from that product functioning incorrectly. If the AI exceeded its scope because of a configuration error, a prompt engineering failure, or an integration defect, those are the types of technology errors that Technology E&O is designed to cover. The challenge is that most Technology E&O policies were not written with agentic AI in mind, and the policy's definition of a covered error may need to be tested against the specific facts.

Cyber insurance is unlikely to respond unless the unauthorised action was caused by a security compromise: a prompt injection attack, a jailbreak, or an external party manipulating the AI's inputs to cause it to take actions that benefited them. In that scenario, the cyber trigger of an unauthorised access event may exist. For operational scope failures where the AI simply did more than intended, the cyber trigger is absent.

Standard general liability will not cover financial commitments made by an AI agent on your behalf. Financial loss without property damage or bodily injury is outside the general liability trigger.

Practical response

Constrain the agent's action capability immediately. If you cannot disable it without disrupting operations, reduce its authorisation scope to the minimum necessary. Identify every external commitment made since the agent last operated correctly. Before attempting to reverse any commitment, take legal advice on your position, because reversal may itself create a claim. If funds have been transferred, contact your bank and your payment processor promptly. Preserve all logs. Notify your insurer.

Section 4: The EU regulatory layer

SMEs often assume that lighter EU AI Act obligations mean limited exposure. The assumption is partially right on the regulatory side and wrong on the liability side.

For most SME AI deployments, the EU AI Act's high-risk system obligations under Article 26 (human oversight, technical documentation, conformity assessment) do not apply.[3] The prohibitions in Article 5 do apply, including the prohibition on AI that manipulates individuals financially by exploiting their vulnerabilities. The transparency obligations in Article 50, requiring disclosure that a user is interacting with an AI system, apply from August 2026 regardless of risk classification or company size. A customer-facing AI financial assistant that does not identify itself as AI is in breach of Article 50 before any financial error occurs.

The product liability picture is different. Directive 2024/2853, the revised EU Product Liability Directive, applies from December 2026 to all AI software regardless of company size or system risk classification.[2] It treats AI software as a product. Where that product is defective and causes loss to a consumer, the economic operators in the supply chain (including the SME that deployed it) face strict liability: the consumer does not need to prove negligence. They need to show the product was defective and the defect caused their loss. Article 10 of the Directive creates a rebuttable presumption of causation where technical complexity makes the causal link disproportionately difficult to establish. For AI-related financial losses, that presumption will apply frequently.

The practical consequence is that the SME who deploys an AI tool to give customers financial information, set prices, or take procurement actions cannot rely on the size or classification of their deployment to limit their product liability exposure. Directive 2024/2853 does not have an SME carve-out.

For European SMEs who want a detailed map of the product liability and EU AI Act double exposure, the analysis at agentinsured.eu covers the coverage framework for both obligations in full.

Section 5: Five steps to take immediately after a financial error

When you discover your AI agent has caused a financial error, the order in which you act matters. The steps below apply across all three scenario types, with variations noted where the sequence differs.

Step 1: Stop the agent. Disable the specific feature or integration that caused the error. For pricing errors, pull the AI from your live pricing system and revert to manual pricing. For advice errors, disable the chatbot or flag its outputs as unverified pending review. For unauthorised actions, remove the agent's access to the external systems it used to commit the action. Do not wait to understand the full scope of the problem before containing it. Containment reduces ongoing harm and is evidence to your insurer that you acted promptly.

Step 2: Preserve logs. Before you do anything else to the system, ensure that the relevant logs are preserved in their current state. This means conversation logs for advice errors, pricing system logs showing what prices were published and when, and action logs for agentic systems showing every commitment made. Do not delete, overwrite, or modify any log from the affected period. Do not restart systems in ways that would overwrite log data. The logs are the evidence for your insurance claim and for any regulatory investigation. Losing them creates coverage uncertainty and may itself constitute a regulatory failure.

Step 3: Notify your insurer. Most insurance policies require notification of a potential claim event promptly and within a defined window, often 7 to 30 days from discovery. This notification requirement is a condition of coverage: breach it and the insurer may decline the claim entirely, not on the merits, but on the procedural ground that you failed to notify in time. You do not need to know the full value of the loss or whether a formal claim will be made. You need to notify the insurer that an event has occurred that may give rise to a claim. Do this in writing and keep a record of when and how you notified.

Step 4: Document affected transactions. Build a complete list of the financial harm caused. For pricing errors: every transaction made at the wrong price, the correct price that should have applied, the difference. For advice errors: every customer who may have received and relied on incorrect information, and the financial decision they were making when they received it. For unauthorised actions: every commitment made by the agent, the amount or value, and the current status (executed, pending, revocable). This documentation is the damage quantification your insurer and any legal proceedings will require.

Step 5: Assess regulatory reporting obligations. Financial errors by AI agents can trigger multiple reporting obligations running in parallel. If personal data was involved in the error (customer data exposed, customer profiles used to generate incorrect advice), GDPR Article 33 requires notification to the supervisory authority within 72 hours of discovering the breach if it poses a risk to individuals.[5] If you operate in financial services, your sector regulator may require notification of operational incidents affecting customer outcomes. For high-risk AI systems under the EU AI Act, Article 26(5) requires deployers to notify the provider and the market surveillance authority of serious incidents without undue delay. Most SME deployments do not involve high-risk AI, but the assessment should be made, documented, and kept on file.

For a detailed version of the incident response process including template notification language and carrier communication guidance, the AI agent incident response plan on this site covers the full procedure.

Frequently asked questions

Am I legally obligated to honour a price set by my AI agent, even if it was wrong?

In most jurisdictions you are not automatically required to complete a sale at a clearly erroneous price, but cancelling or adjusting accepted orders creates its own exposure. Under general contract law, an obvious unilateral mistake may allow rescission, but courts look at how obvious the error was and whether the customer had already relied on the price. The Air Canada case established that businesses are responsible for what their AI agents tell customers. If your AI published a price and a customer transacted at it in good faith, the risk of a dispute, a chargeback, or a consumer protection complaint sits with you, not with the model provider.

Does standard professional indemnity insurance cover an AI chatbot giving wrong financial advice?

Usually not without a specific endorsement or written confirmation from the carrier. Standard PI policies respond to errors by named professionals providing professional services. An AI agent generating advice without human review may fall outside the professional services definition depending on policy wording. Policies renewed after mid-2024 are more likely to contain explicit AI exclusions. Ask your broker in writing whether AI-generated customer-facing financial advice is within scope, and get a written answer before an incident occurs.

If my agentic AI makes an unauthorised purchase, can I cancel the transaction?

Possibly, but the outcome depends on whether the third party who received the commitment knew, or should have known, that the AI was acting outside its authority. If the vendor had no reason to doubt the commitment was authorised, cancellation may itself cause a breach of contract claim. Seek legal advice before unilaterally cancelling a commitment made by an agentic AI, particularly where the vendor has already taken steps in reliance on the commitment. Simultaneously, preserve all logs showing what the agent was authorised to do and what it actually committed to.

What does the EU AI Act require of SMEs who deploy AI that gives financial information?

Most AI giving general financial information to consumers sits outside the EU AI Act's high-risk categories, which means the mandatory conformity assessment and human oversight obligations of Article 26 do not apply. However, Article 5(1)(b) prohibits AI techniques that exploit psychological vulnerabilities to cause financial loss regardless of risk classification. Article 50 requires transparency labelling for AI that interacts with natural persons. From December 2026, the revised Product Liability Directive applies to all AI software regardless of company size, making the software a product for strict liability purposes. Lighter EU AI Act obligations do not mean no obligations.

Related reading

Check your current coverage position

Before a financial error occurs, use the Coverage Audit tool to map your current policies against the three AI agent risk types described in this guide. It takes ten minutes and produces the document your broker needs to review your position.

Get covered

Footnotes

  1. Moffatt v. Air Canada, 2024 BCCRT 149 (BC Civil Resolution Tribunal, February 14, 2024). Tribunal member Christopher Rivers. Air Canada argued its chatbot was a separate legal entity for whose statements it bore no responsibility. The tribunal rejected this argument and held Air Canada responsible for representations made by its automated customer-facing system. Full decision available at crt.bc.ca.
  2. Directive 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products. OJ L, 2024/2853. Entered into force 9 December 2024. Implementation deadline: 9 December 2026. Article 4 definitions explicitly include software and AI systems as products. Article 8 establishes joint and several liability across the supply chain. Article 10 creates a rebuttable presumption of causation where technical complexity makes the causal link disproportionately difficult to establish.
  3. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). OJ L, 2024/1689. Article 5(1)(b) prohibits AI techniques that exploit vulnerabilities to cause financial harm. Article 26 sets out deployer obligations for high-risk AI systems. Article 50 sets transparency obligations for AI interacting with natural persons, effective from 2 August 2026.
  4. Mata v. Avianca Inc., Case No. 22-cv-01461 (PKC) (SDNY). Order re: sanctions, June 22, 2023 (Judge Kevin P. Castel). Sanctions imposed on attorneys Roberto Mata, Steven Schwartz, and their supervising partner for submitting AI-generated fabricated case citations without verification. The court found that the obligation to verify the accuracy of submitted legal authorities was not discharged by the fact that an AI tool generated those authorities.
  5. Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Article 33. Notification of a personal data breach to the competent supervisory authority is required within 72 hours of becoming aware of the breach where the breach is likely to result in a risk to the rights and freedoms of natural persons. Notification must include the nature of the breach, the categories and approximate number of individuals concerned, and the measures taken or proposed to address the breach.
  6. HSB (Hartford Steam Boiler), a subsidiary of Munich Re, offers AI Liability Insurance for SMEs covering AI-generated errors and omissions. Coalition, Vouch, and Corgi have offered AI endorsements on cyber and E&O policies for SME deployments. AIUC (Artificial Intelligence Underwriting Company) is active in the specialist AI insurance market but currently primarily serves larger enterprise deployments. For current carrier availability and coverage scope, see the Get Covered directory. Standard Commercial General Liability (CGL) policies typically classify AI advice errors under the professional services exclusion, meaning the CGL trigger (bodily injury, property damage) does not apply to financial advice errors.