Do I need AI agent insurance if I already have cyber insurance?
Short answer: probably, and the reason is structural, not a sales pitch. Cyber insurance was built to answer one question: did an outside party breach your systems. AI agent insurance answers a different question: did your AI agent do its job correctly. Most small business operators carrying cyber cover have never had that second question tested, because until recently there was nothing to test it against. This article sets out exactly where a standard cyber policy stops responding and what AI agent specific cover actually adds.
Key takeaways
- Cyber insurance is triggered by unauthorised access to your systems. AI agent insurance is triggered by your AI system's own output or action being wrong. These are two different failure patterns and a policy built for one does not automatically respond to the other.
- Four AI agent loss categories fall outside what most cyber policies were written to cover: hallucination driven loss, faulty autonomous actions, algorithmic bias, and harmful or reputationally damaging outputs, none of which require an external breach to occur.
- Dedicated AI agent products now exist. The AI Underwriting Company (AIUC) wrote the first AIUC-1 backed policy for ElevenLabs in February 2026. Armilla operates as a Lloyd's of London coverholder with coverage up to USD 25 million. Munich Re prices AI performance risk directly through its aiSure product. Counterpart added an affirmative AI coverage endorsement to its Tech E&O line in November 2025.
- You do not necessarily need a new standalone policy. A specific AI endorsement added to an existing cyber, professional indemnity, or errors and omissions policy can close the gap for a smaller operator, provided your broker confirms it in writing rather than by assumption.
- The Air Canada and Mata v Avianca cases both involved AI outputs, not breaches, and both resulted in real financial and reputational cost to the operator, which is the practical proof that this is a live gap, not a theoretical one.
Two policies answering two different questions
Cyber insurance has spent two decades being built around a single underwriting question: has an unauthorised party gained access to your systems, your data, or your network. Ransomware, business email compromise, and data exfiltration through a compromised account all fit that pattern cleanly, and insurers price it with confidence because the trigger is well defined. Something outside your business acted against it, and the policy responds.
AI agent insurance, as it is now being written by carriers like the AI Underwriting Company, Armilla, and Munich Re, answers a structurally different question: did the AI system itself, operating exactly as designed with no outside interference, produce a wrong, harmful, or unauthorised outcome. There is no intruder in this scenario. Nothing was hacked. The AI agent read a customer's question, generated a response, and the response was confidently wrong, or the agent took an action it should not have taken. A cyber policy built around a breach trigger has no natural place to respond to a loss that involves no breach at all.
This distinction is not academic. It is the exact reason why an SME operator can hold a fully paid, entirely legitimate cyber policy and still discover, at the point of a claim, that the loss they suffered simply does not fit inside the policy's defined trigger.
The four gaps a standard cyber policy was not built to close
Hallucination driven loss. An AI agent states something confidently and incorrectly, and a customer or counterparty relies on it. A fabricated refund policy, an incorrect price, a false product specification. No system was breached. The agent simply produced wrong information as part of doing exactly what it was asked to do.
Faulty autonomous actions. Agentic AI increasingly takes real actions rather than just producing text: issuing a refund, sending a message, updating a record, executing part of a transaction. When the action itself is wrong or unauthorised, the loss looks nothing like a breach. It looks like an employee who made a decision that turned out to be wrong, except the decision maker was software.
Algorithmic bias. An AI agent used in hiring, pricing, or credit decisions produces a discriminatory outcome. This is a decision quality failure, not an access failure, and it sits closer to employment practices liability or professional indemnity territory than to cyber cover.
Harmful or reputationally damaging outputs. A customer facing AI agent produces content that is defamatory, offensive, or reputationally damaging. Again, nothing was breached. The system did what it was built to do, and what it produced caused harm anyway.
None of these four categories require a third party to have gained unauthorised access to anything. That single fact is why cyber insurance, built entirely around the access trigger, is structurally the wrong tool for most AI agent risk, even when it is a genuinely strong policy for the breach risk it was designed to cover.
What dedicated AI agent insurance actually adds
The market building products specifically for this gap has moved quickly since 2024. The AI Underwriting Company launched its AIUC-1 certification and coverage standard in 2025, and in February 2026 ElevenLabs became the first company insured under an AIUC-1 backed policy, explicitly modelled on the idea that an AI agent should be insured the way any employee performing similar work would be. AIUC-1 includes adversarial testing across a wide range of failure scenarios before a policy is priced, rather than assuming a general commercial policy already accounts for them.
Armilla, a Toronto based AI risk assessment company operating as a Lloyd's of London coverholder, raised its coverage limits to up to USD 25 million per company in January 2026 following new funding, and tests AI models for specific vulnerabilities before offering coverage. Munich Re's aiSure product takes a parametric approach, pricing cover against measurable AI performance data rather than a discrete breach event, with capacity of up to EUR, USD, or CAD 15 million through its Mosaic partnership. Counterpart added an affirmative AI coverage endorsement to its Miscellaneous Professional Liability and Tech Errors and Omissions lines in November 2025, with triggers that explicitly include hallucination and misclassification outcomes.
What all four products share is a trigger built around AI output and behaviour, not around unauthorised access. That is precisely the gap a standard cyber policy leaves open.
Do you need a new policy or can you patch the one you have
Not every operator needs a standalone AI agent insurance product. The right answer depends on how central AI agents are to what your business actually does.
If you run one AI tool for a narrow, low consequence task, an endorsement added to your existing cyber, professional indemnity, or errors and omissions policy, confirmed in writing, may close the gap adequately. If AI agents make decisions, take autonomous actions, or interact directly with customers at meaningful scale, you are closer to the risk profile that AIUC, Armilla, and Counterpart built their products for, and a dedicated policy or a substantial endorsement is worth pricing directly.
Either way, the starting point is the same: stop assuming and start asking. Put your actual AI agents, what they do, and what actions they can take in front of your broker and ask for a written answer, not a verbal reassurance. The full policy-by-policy breakdown of what typically responds and what typically does not is covered in does my business insurance cover AI errors, the 2026 guide.
Why this gap is not theoretical
Two cases already show what this gap looks like in practice. In Moffatt v. Air Canada (2024), the airline's customer service chatbot invented a bereavement fare policy that did not exist, a customer relied on it, and Canada's Civil Resolution Tribunal held Air Canada liable for its own chatbot's representation. No system was breached. The airline's own AI simply gave wrong information, and the airline was held to it.
In Mata v. Avianca (SDNY 2023), lawyers submitted a court filing containing AI generated case citations that did not exist, resulting in sanctions and significant reputational damage to the firm involved. Again, no breach, no external attacker, just an AI system producing confident, wrong output that a human relied on without independently checking it.
Both cases involved real financial and reputational cost. Neither would have been resolved by a stronger firewall or a better intrusion detection system, because neither loss originated from an intrusion. That is the practical argument for treating AI agent risk as its own category rather than assuming it is already folded into your existing cyber cover. For the specific question of whether a prompt injection style failure, which sits adjacent to this gap, is covered, see is a prompt injection attack covered by my insurance. For the European market view of how insurers are structuring exclusions in cyber and errors and omissions policies specifically, see agentinsured.eu's guide to AI exclusions in cyber and E&O policies.
What to actually do this week
List every AI agent your business uses and what each one is authorised to do: answer questions, issue refunds, send communications, make decisions. Pull your current cyber, PI, and E&O policy wordings and check whether any of them define a covered event in terms that require unauthorised access. Send your broker that list in writing and ask three direct questions: is an AI output failure a covered event, is there an AI specific exclusion in this wording, and would a loss caused by the agent's own decision rather than an external attacker be covered. Run the diagnostic at The Questions to get a structured view of where your specific exposure sits before that conversation.
Frequently asked questions
Does my existing cyber insurance cover AI agent mistakes?
Only in narrow, specific circumstances, and usually not by design. Cyber insurance is built to respond to a breach event: someone gains unauthorised access to your systems, steals data, or locks it with ransomware. An AI agent that gives a customer wrong advice, takes an unauthorised action, or hallucinates a fact has not been breached by anyone. Whether your policy responds depends on how your insurer's wording defines a covered event, and most cyber wordings written before 2024 do not contemplate an AI system as the source of the loss rather than the target of an attack.
What is the actual difference between cyber insurance and AI agent insurance?
Cyber insurance is triggered by unauthorised access: a third party breaches your systems. AI agent insurance, as written by carriers like AIUC, Armilla, and Munich Re through aiSure, is triggered by the AI system's own output or action being wrong, whether that is a hallucinated fact, a faulty autonomous action, a biased decision, or a harmful response, regardless of whether any unauthorised access occurred.
Do I need a separate AI agent insurance policy or can I just add an endorsement?
Either can work, and which one is right depends on how central AI agents are to your operations. A small operator using one AI tool for a narrow task may be able to close the gap with a specific endorsement added to an existing cyber, PI, or E&O policy, confirmed in writing. A business where AI agents make decisions or interact directly with customers at scale is closer to the profile that dedicated AI agent insurance products were built for.
What specific AI agent risks does cyber insurance typically exclude?
The most commonly excluded or ambiguous categories are hallucination driven loss, faulty autonomous actions, algorithmic bias in decisions like hiring or pricing, and harmful or reputationally damaging outputs. None of these require a third party to have breached anything, which is why a breach triggered cyber policy is not built to respond to them.
How do I find out what my current insurance actually covers for AI agents?
Ask your broker three direct questions in writing: does the policy define AI agent output failures as a covered event, is there an AI specific exclusion in the wording, and would a loss caused by the AI agent's own decision be covered. Put the actual agents you run in front of them and ask for written confirmation rather than a verbal assumption.
Related reading
Run the Coverage Audit
The Coverage Audit tool maps your current policies against your AI agent exposure and generates the disclosure summary your broker needs to give you a real answer.
Start the Coverage AuditReferences
- Moffatt v. Air Canada, 2024 BCCRT 149, Civil Resolution Tribunal of British Columbia. Air Canada held liable for a bereavement fare misrepresentation made by its customer service chatbot.
- Mata v. Avianca, Inc., No. 22-cv-1461 (S.D.N.Y. 2023). Sanctions imposed following submission of a court filing containing fabricated, AI generated case citations.
- AI Underwriting Company (AIUC), AIUC-1 standard, 2025. First live policy application: ElevenLabs, February 2026, the first AIUC-1-backed AI agent insurance policy.
- Armilla, AI risk assessment and coverage documentation. Lloyd's of London coverholder, coverage limits of up to USD 25 million per company following its January 2026 funding round.
- Munich Re, aiSure product documentation, parametric performance based cover. Coverage of up to EUR, USD, or CAD 15 million initial capacity via the Munich Re Mosaic partnership, announced February 2026.
- Counterpart, Affirmative AI Coverage endorsement, added to Miscellaneous Professional Liability and Tech Errors and Omissions lines, November 2025.