The Agent Liability Gap: Your AI Broke Something — Who Pays?

May 14, 2026 Galea Team

An AI agent deletes your production database. A chatbot makes a legally binding promise your company never authorized. An autonomous coding tool pushes a change that leaks customer PII.

The damage is real. The question nobody has a clean answer to: who pays?

Not in theory. In practice — when the lawyers show up, when the insurance claim is filed, when the regulator asks for documentation. Right now, the answer for most companies is a shrug and a contract that was written for passive software.

Months of fees — typical vendor liability cap

CG 40 47

New ISO exclusion for AI claims (2026)

Per-violation penalty — Colorado AI Act

Three forces are converging to create a liability vacuum. Vendors are limiting their exposure. Insurers are excluding AI. Regulators are writing new rules. And most enterprise contracts are still stuck in 2019.

The liability chain — and where it breaks

When an AI agent causes harm, liability doesn't land on a single party. It flows through a chain. Hover over each node to see where the exposure sits.

Layer 1

Model Provider

OpenAI, Anthropic, Google

Liable for foundational design, training data composition, and known limitations they failed to disclose. But terms of service disclaim most responsibility for outputs. Liability capped at subscription fees.

Exposure: contractually limited

→

Layer 2

Orchestration Vendor

LangChain, CrewAI, custom runtime

Responsible for planning logic, tool-use scaffolding, and safety guardrails. Most frameworks are open-source with no liability at all. Commercial vendors cap at contract value.

Exposure: minimal or zero

→

Layer 3

Deploying Enterprise

Your company

Bears the most liability. Responsible for deployment context, oversight design, access controls, and consent. Under agency law, you're liable for your agent's actions — including your AI agent. This is where most claims land.

Exposure: uncapped

→

Layer 4

Affected Person

Customer, employee, patient

The person harmed by the agent's action. Under EU Product Liability Directive (2024 revision), burden of proof shifts — the affected person no longer needs to prove exactly how the AI failed, only that it did.

Exposure: filing claims

Notice the pattern. The model provider limits liability to subscription fees. The orchestration vendor often has no commercial relationship at all. The affected person has new regulatory tools to file claims. All of the exposure concentrates on Layer 3 — the deploying enterprise. That's you.

The gap: what contracts assume vs. what agents do

Most enterprise AI vendor agreements were written for a different kind of software — deterministic, passive, and firmly under human control. Here's what that gap looks like in practice.

What contracts assume

Software produces predictable outputs

Human reviews every action before execution

Errors are reproducible and debuggable

"Loss of data" exclusion covers edge cases

Liability cap at 12 months of fees is proportional

THE GAP

What agents actually do

Produce non-deterministic, context-dependent outputs

Execute multi-step actions autonomously

Fail in ways that are novel and unreproducible

Data loss is the primary failure mode

A $500/mo subscription can cause $5M in damage

Clifford Chance put it directly: vendors are releasing agentic capabilities faster than contracts can evolve. Businesses relying on unmodified agreements may find themselves exposed to significant contractual, legal, reputational, and operational consequences.

"Outputs should not be relied upon."

— Standard clause in most AI vendor agreements — now applied to agents making autonomous decisions

That clause was written for chatbots generating text. It's now being applied to agents that delete databases, authorize payments, and make legally binding promises.

Your insurer is already moving

While most enterprises are still figuring out their AI agent contracts, insurance carriers have already decided where they stand.

ISO CG 40 47 — Artificial Intelligence Exclusion (2026)

Excludes all claims arising from generative AI outputs across both Coverage A (bodily injury / property damage) and Coverage B (personal / advertising injury). Covers defamation, privacy violations, copyright infringement, and AI-driven harm recommendations.

ISO CG 40 48 — Generative AI Exclusion, Coverage B Only

Narrower scope. Removes AI coverage only from personal and advertising injury claims. Retains bodily injury / property damage coverage under Coverage A.

The practical result: CGL, D&O, and E&O policies renewed in 2026 may contain AI exclusions that prior renewals did not. Your enterprise deploys a third-party AI model. The model produces a discriminatory outcome. The customer sues your company — not the vendor. Your carrier denies the claim citing the AI exclusion. You hold full liability despite never owning the model.

There is one emerging bright spot. Carriers are starting to underwrite governance. Companies with audit trails, model inventories, continuous monitoring, and documented incident response are gaining access to coverage that ungoverned competitors cannot obtain. Investigation infrastructure is becoming an insurance qualification.

The regulatory timeline

Regulators are not waiting for the market to sort this out. Here's what's already in effect or taking effect in 2026.

November 2024

EU Product Liability Directive — revised

Explicitly covers software and AI systems as products. AI developers can be held strictly liable for harm — regardless of negligence. Burden of proof shifted toward the deployer.

August 2025

EU AI Act — first enforcement provisions

High-risk AI systems require conformity assessments, human oversight, and transparency. Violations carry penalties up to €35M or 7% of global revenue.

Up to €35M or 7% global revenue

January 2026

ISO CG 40 47 / CG 40 48 endorsements available

Carriers begin adding AI exclusions to commercial general liability policies. Silent AI coverage — the default — starts disappearing.

June 2026

Colorado AI Act takes effect

First comprehensive US state AI law. Deployers of high-risk systems must conduct impact assessments and maintain active risk management. Enforced by the Attorney General.

$20,000 per violation

2026–2027

Additional US state AI bills in progress

California, Connecticut, and others have AI governance legislation in committee. Federal guidance from NTIA emphasizes liability across the full AI supply chain.

The pattern is clear: the window where AI agents operate in a legal gray zone is closing. Companies that lack audit trails, investigation capabilities, and documented governance will face compounding exposure — from regulators, insurers, and affected parties simultaneously.

The precedent is already set

This isn't hypothetical. Courts have already ruled.

What the company argued

Air Canada, 2024

"The chatbot's responses are not binding. It is a separate legal entity."

What the tribunal ruled

Moffatt v. Air Canada

"Air Canada is responsible for all information on its website, whether from a static page or a chatbot." Ordered to pay $483 CAD.

The principle: companies are legally bound by what their AI agents tell customers. The chatbot fabricated a refund policy. The company was held to it. "The AI did it" is not a defense.

Now extend that to agents with tool access. An agent that authorizes a payment, modifies a contract, or changes customer data is not producing text — it's taking action. The liability surface is orders of magnitude larger than a chatbot making a promise.

Is your contract ready?

Most enterprise AI agreements are missing critical provisions for agentic systems. Check where your contracts stand.

Contract readiness check

Does your vendor agreement include audit rights over AI agent decision logs?

Does your contract specify liability for autonomous actions — not just outputs?

Do you have the right to real-time suspension of AI agent capabilities?

Does your vendor provide investigation cooperation — access to traces, tool call logs, and decision context — during incidents?

Are your insurance policies confirmed to cover AI agent actions (no CG 40 47 / CG 40 48 exclusions)?

Do you maintain continuous audit trails — not quarterly batch reports — of agent behavior?

What to do about it

The liability gap is structural, but it's not inevitable. Four moves that reduce exposure now:

Renegotiate vendor contracts for agentic capabilities. Standard SaaS terms don't cover autonomous actions. Add audit rights, investigation cooperation clauses, liability provisions for agent-initiated actions (not just outputs), and real-time suspension rights. Clifford Chance recommends addressing content safety, security attestations, and indemnification for both regulatory enforcement and third-party claims.
Verify your insurance coverage explicitly. Don't assume your existing E&O or CGL policy covers AI agent actions. Ask your broker about CG 40 47 and CG 40 48 endorsements. If your carrier has added exclusions, you need to know before an incident — not after.
Build the governance infrastructure that unlocks coverage. Carriers are underwriting governance. Model inventories, continuous monitoring, audit trails, and documented incident response procedures are becoming prerequisites for coverage. This is where investigation infrastructure — not just monitoring — becomes an insurance qualification.
Prepare for Colorado (and what follows). Impact assessments and active risk management programs are required by June 2026. The EU AI Act is already enforcing. These requirements compound — and they all require the same foundation: documented evidence of what your agents did and why.

How Galea closes the gap

Every incident in this article has the same root cause: nobody was asking whether the agent should have done what it did. Monitoring confirmed the tool calls succeeded. Investigation would have caught the violations before they became liability.

Galea is the investigation layer for agent workflows. It sits above your existing orchestration — LangGraph, OpenAI Agents SDK, Claude Agent SDK, CrewAI, Temporal, custom code — and provides the evidence trail that contracts, insurers, and regulators now require.

Here's what Galea would have caught for each scenario in this article:

The liability exposure

Without Galea

Agent deletes production data
No audit trail of the decision
No evidence of constraint violations
Insurer denies claim — no governance proof
Regulator asks for documentation — none exists

The investigation response

With Galea

Every tool call traced + scoped to authorized actions
Constraint violations flagged before execution
Signed audit chain — exportable for legal/compliance
Continuous monitoring qualifies for insurance coverage
Impact assessments generated from real agent behavior

Specifically, Galea addresses each dimension of the liability gap:

Contracts Audit rights you can actually exercise

Vendor contracts increasingly require audit trails and investigation cooperation. Galea captures every workflow event across any framework — tool calls, model decisions, handoffs, memory reads — into a normalized trace model. When you need to demonstrate what happened, the evidence already exists. No vendor cooperation required.

Insurance Governance infrastructure that unlocks coverage

Carriers are underwriting governance. Galea provides exactly what they're looking for: continuous monitoring (not quarterly batch reports), documented incident response through investigation narratives, model behavior audit trails, and anomaly detection against per-project baselines. Companies with Galea can demonstrate the governance posture that CG 40 47/48 exclusions are designed to filter for.

Regulation Colorado and EU compliance from day one

Colorado's AI Act requires impact assessments and active risk management. The EU AI Act demands human oversight, transparency, and conformity assessments. Galea's investigation engine produces these automatically: every workflow is investigated against your company's specific priorities, findings are scoped to your risk profile, and the signed audit export satisfies documentary requirements across jurisdictions.

Case law Evidence before the tribunal rules

Air Canada was held liable because it had no evidence the chatbot deviated from policy — only that a customer relied on its output. Galea checks every agent output against company context and flags correctness violations, policy contradictions, and unauthorized commitments. The investigation catches what happened before a customer files a claim.

The pattern across every dimension — contracts, insurance, regulation, case law — points in the same direction. The question is no longer whether your agents need investigation. It's whether you'll have the evidence when someone asks for it.

Galea gives you that evidence. Every tool call, every decision, every output — traced, investigated against your company's priorities, and audit-ready. Not instead of monitoring. Above it.

If your agents touch production systems, customer data, or financial transactions, the liability gap described in this article applies to you today. Talk to us → [email protected]

Want to see how Galea investigates a real agent workflow? Request a demo → [email protected] or follow us at @galeafoo