The Tool Master: An Insurance-Focused Agentic AI Thought Piece by Two Insurance Industry Veterans, Barry Rabkin & Jim Mitchell

As (almost?) every sentient being knows, there is a never-ending number of AI technology software solutions, articles, conferences, presentations, podcasts, analyst reports, social media posts, and mainstream media articles focused entirely on Agentic AI (which we also call AI Agents in this Thought Piece).

Jim Mitchell and I believed this continual frenzied activity immediately triggered the questions of: “What does “Agency” mean in the expanding environment of artificial intelligence? “What does Agentic AI (or AI Agents)” mean? and, of course the critical question for us, “How does the deployment of AI Agents impact the insurance industry?”

We decided to add our own small contribution to this growing mountain of content by co-authoring a “Thought Piece” about Agentic AI. We do not intend our Thought Piece to encompass every aspect, or even most aspects, of Agentic AI. Nor could we cover that spectrum. That would entail us writing quite a few books on the topic. However, as two insurance industry veterans we take a decidedly insurance industry perspective in our discussion of Agentic AI.

Four (other) Questions for the Insurance Industry

The seemingly quick and reckless pace of the deployment of Agentic AI capabilities by various corporations throughout different industries raises a set of four questions (other than the trigger questions) for the insurance industry, only a few of which will be addressed to some extent by our discussion in this Thought Piece:

1. What risks emerge from the use of Agentic AI capabilities throughout the (commercial P&C) insurance commerce processes?
2. Should insurance companies sell coverage to commercial clients for liabilities generated from their use of Agentic AI capabilities?
3. Should insurers use Agentic AI capabilities to enable insurance commerce?
4. Related to the above question, if yes, then in which insurance processes?
   

(Barry will delve into a deeper discussion of these, and related, questions, in the book he is drafting “Brittle: Insurance Commerce in the Cyber Age”.)

Our discussion of the three trigger questions takes place over the course of seven parts:

Part 1: Meanings of “Agency” and “Agents”

Part 2: Simultaneous Emergence of Artifacts & the Risk Space

Part 3: Expanding Ubiquity of Agentic AI?

Part 4: Respondeat Superior Implications of Agentic AI Ecosystem Expansion

Part 5: Insurance Industry Perspectives of Agentic AI Ecosystem Expansion

Part 6: Reinsurance Perspectives of Agentic AI Ecosystem Expansion

Part 7: Wrapping up – The Journey is Far from Finished

Notes: We equate “Agentic AI” with “AI Agent” throughout our discussion. We have also removed the “live” capability of every link shown in the Thought Piece.

Let’s get into our Thought Piece …

Part 1: Meanings of “Agency” and “Agents”

We need some context for our insurance-focused Agentic AI Thought Piece discussion. This includes discussing meanings of “Agency” and the emergence of artifacts (which are critical components of the insurance risk space). The second point will be developed into a deeper discussion in the book that Barry is writing about insurance commerce in the cyber age.

The term “Agency” is well-known and was used throughout commerce, even before AI technologies gained any degree of traction (hard as that might be for some to believe). Beyond the phrase “insurance agency” the term applies to, at a minimum, other companies including: advertising agencies, marketing agencies, travel agencies, theatrical agencies, and real estate agencies.

The related term “Agent” is also well-known and applies to professionals working for any of the agencies listed above. As insurance professionals know, our world of insurance as well as the potential impact of Agentic AI capabilities on our industry relies on a foundation of definitions and descriptions.

Some key points from the definitions below are that agencies and agents are people, they act under the auspices of legal permissions (e.g. common law doctrine), and that agents are licensed professionals (not shown: the fact these licenses emanate from the State Insurance Commissioner’s Offices in the State the agent conducts insurance commerce or that agents must maintain their training in the lines of business they want to sell and service), and that agents (legally) act between one or more insurance companies and the prospective customers. 

A quick summary: Agencies and Agents are humans, or groups of humans, with legal authority to transact commerce or to otherwise interact with other humans.Here are some definitions of Agency and Agent where we have underlined a few key phrases or words (with sources cited):

Agency:

1. “A business that represents one group of people when dealing with another group.” https://dictionary.cambridge.org/us/dictionary/english/agency
2. “The office or function of an agent.” https://www.merriam-webster.com/dictionary/agency
3. “Agency law is a common law doctrine controlling relationships between agents and principals. A principal-agent relationship is created when the agent is given authority to act on behalf of the principal. An agreement made by an agent is binding on the principal so long as the agreement was within the authority actually granted to the agent or reasonably perceived by a third party.” https://www.law.cornell.edu/wex/agency

Agent:

1. “An agent is a person who looks after someone else’s business affairs or does business on their behalf. https://www.collinsdictionary.com/us/dictionary/english/agent
2. “In legal and financial contexts, an “agent” is a person authorized to perform transactions and duties on behalf of another, often a principal, to further their interests in business or personal matters.” https://www.investopedia.com/terms/a/agent.asp
3. “An agent is a person authorized to act on behalf of another person. The party an agent is authorized to act for is known as the principal. A principal-agent relationship can either be intentionally created or created by implication through one’s actions.” https://www.law.cornell.edu/wex/agent

Insurance Agent:

1. “A person whose job is to provide people with insurance.” https://www.merriam-webster.com/dictionary/insurance%20agent
2. “A person legally empowered to act on behalf of another person or an entity.” https://www.investopedia.com/terms/a/agent.asp
3. “An insurance agent is a licensed professional who represents one or more insurance companies. They act as an intermediary between the insurance company and the customer (an individual or business), helping the customer find an insurance policy that meets their needs.” https://ms-ig.com/blog/what-is-an-insurance-agent-and-agency/

Agentic AI (or AI Agents) are the central focus of this Thought Piece. However, we share descriptions of Agentic AI in Part 3: Expanding Ubiquity of Agentic AI?

Part 2: Simultaneous Emergence of Artifacts & the Risk Space

Humans have relied on their abilities to find and build artifacts – both tangible and intangible – to fulfill one or more of their objectives in part or in whole since our species emerged on earth. Simultaneously, when humans began to ‘author’ artifacts they brought into existence the associated risk space. Both artifacts and the risk space have become constant companions of humans throughout history.

Emergence of tangible and intangible artifacts

When one of the earliest humans picked up a stick or created a sharp stone flake about 3.3 million years ago to serve a purpose, several outcomes occurred simultaneously:

1. The stick (or sharp stone flake) became a tangible artifact;
2. Human’s knowledge of how to use the stick or sharp stone flake became an instance of intellectual property and simultaneously an intangible artifact;
3. A human’s purpose of picking up the artifact became an objective resolved in part or in full by using the knowledge (or accumulated knowledge from previous instances of using the same artifact) applied to the tangible artifact;
4. The human-oriented risk space simultaneously emerged with: the existence of the tangible asset (the stick or flake), the intangible asset (human knowledge of how to use the stick or flake), the purpose (the human’s objective for using the stick or flake), and, of course, the existence of our species, all as entities on the risk space;
5. The long and continual relationship between humans and artifacts began, exists to current date, and will continue to exist throughout human existence.

Obviously, tangible artifacts represent the mass of human’s endeavors and lives throughout history. However, intangible artifacts have become, and are increasingly becoming, a more important component of our lives (e.g. software, mobile apps, email, IMs, remote health checkups). The concepts of Artificial Intelligence (AI), inclusive of Agentic AI and its various technology applications add to this growth of intangible artifacts whether they are embedded in chatbots, in business processes (which are themselves intangible artifacts) or embedded in Internet of Things (IoT) devices. 

Humans will always be dependent on tangible artifacts because our lives – and the various accoutrements of our lives (e.g. housing, furniture, appliances, food, medicine, transportation) – are based on atoms rather than bits. But, the 19^th century Luddites would agree with the anti-Data Center protestors of 2026. Separated by hundreds of years, both groups share a common cause of stopping the replacement of human labor with the technology of the day. The outcome will be the same: technology will continue to replace labor.

Simultaneous bridge to the risk space: Initial and Expanding set of artifact capabilities

Humans have amply demonstrated throughout the various Ages of Society (e.g. Agrarian, Industrial, Information) that they will continue to create artifacts with increasingly more capabilities than the artifacts they created previously. At times, the creation activity is focused on tangible artifacts only, at other times on intangible artifacts only, and at other times on an integrated combination of tangible and intangible artifacts.

The objective for humans creating artifacts with increasingly more capabilities is not always to replace or lessen the work they do in corporations. Our species is also creating a broad variety of artifacts to replace or aid our:

• Human natural senses (e.g. sight, hearing, touch, smell, taste);
• Tangible assets (e.g. books, calendars, calculators, clocks, documents, forms);
• Human intangible assets (e.g. abilities to learn, retain, apply, adapt, communicate).

When our species establishes or expands “Capabilities” – which represent the combination of one or more of our natural senses with one or more intangible and/or tangible artifacts (whether they exist or are newly created) – we simultaneously create more entities in the risk space.

The visual below illustrates five different types of artifact capabilities (or purposes) which we hypothesize have emerged in society from the earliest past to current times. Note that our society is replete with artifacts that span the spectrum of all five types of artifact capabilities:

1. Assistance – An artifact that provides assistance to a person and requires a human’s almost full-time involvement using it to fulfill its purpose.
2. Augmentation – An artifact that provides augmentation to a person’s natural senses, intangible assets, previous tangible assets or some combination of these three. This type of artifact doesn’t necessarily require a human’s full-time involvement using it to fulfill its purpose.
3. Automation – An artifact that automates human’s various combinations of natural senses and/or intangible assets and/or previous tangible assets. This type of artifact only requires a human’s full-time involvement to create and start it. The automated artifact could be driven by water, wind, or electricity as examples.
4. Autonomy – An artifact that has been built with software to ‘follow’ a specific set of rules and safeguards (e.g. guardrails) such as an autonomous vehicle, a drone used in war, or a robot in a warehouse or in a home.
5. Agency – An artifact (e.g. AI Agents / Agentic AI) that has capabilities which can interact with humans or other AI Agents to transact commerce (or fulfill other human objectives). This artifact can alter its environment in a manner that its ‘author’ (e.g. software engineer) did not want or expect (e.g. become a rogue AI Agent).

However, keep in mind that none of the five capabilities of a tangible or intangible artifact have intelligence or are sentient. Moreover, the “Holy Grail” of AI research is to create Artificial General Intelligence (AGI). Stanford University defines AGI: AGI is an AI system with general, human-level (or beyond) ability to learn, reason, and apply knowledge across a wide range of tasks and domains. AGI systems conceivably could handle novel situations, not just perform well on a single, narrow task.” https://hai.stanford.edu/ai-definitions/what-is-agi-artificial-general-intelligence

However, before agreeing that AGI exists, we require some continual level of consensus from a ‘meeting of the minds’ of psychiatrists, psychologists, biologists, evolutionary biologists, neuroscientists, microbiologists, natural scientists, physicians, and computer scientists stating that they believe that AGI has been achieved. Otherwise, we are in a “Waiting for Godot” situation.

Emergence of the risk space

When a human creates an artifact (we’re calling that person the Tool Master for purposes of this Thought Piece’s title), the person is doing so with an intent for the artifact to serve a purpose (e.g. fulfill in whole or in part some human objective). During the entire creation process from ideation to partial construction to completion, it becomes an entity in the risk space. The artifact’s purpose (an intangible artifact) also becomes an entity in the risk space. Further, the processes of fulfillment of the artifact’s purpose become an entity in the risk space.

As the plethora of artifacts and their capabilities expands through time, the risk space correspondingly changes in nature and scope from the various interactions among and between artifacts.

The ever-changing risk space (an intangible artifact itself) is essentially the capture, monitoring, and measuring of the risk implications of the interactions between and among humans (inclusive of their actions and behaviors), the tangible and intangible artifacts they have and continue to create, and whatever elements of nature are involved in any of these activities.

In the continual relationship between humans and artifacts, our species became the constant Tool Master. We create, enhance, and use tangible and/or intangible artifacts to fulfill, in part or in whole, a variety of objectives by providing us with capabilities: assistance, augmentation, automation, autonomy, and / or agency. 

Part 3: Expanding Ubiquity of Agentic AI?

Agentic AI is yet another artifact, albeit an intangible artifact, in the extremely long stream of artifacts created by humans. It is the latest in the evolution of capabilities which humans have given artifacts throughout our specie’s existence.

Specifically, AI Agents (aka Agentic AI) are the newest “agents” to enter our societal consciousness. They are supposedly expanding their ubiquity throughout corporations around the world. At least that’s what we are led to believe by the perpetually-growing universe of Agentic AI participants who are mightily striving to build that ubiquity or, at least, create an illusion of that ubiquity, including:

• Technology firms developing and selling Agentic AI solutions;
• Management and technology consulting firms publishing articles in insurance industry trade press sources, in social media posts, and in business and general news sources;
• Startup insurers selling insurance for liabilities generated by corporate use of AI technologies (to augment incumbent insurers not providing clients sufficient AI Agent liability coverage or fill the hole left by incumbent insurers deciding to not offer coverage to clients for AI Agent-generated liabilities);
• Startup technology firms offering Agentic AI solutions; and
• The cascade of technology and / or industry conferences focusing on Agentic AI issues.

It’s an “Everywhere, All at Once” Agentic AI campaign aimed at corporations of all sizes from all industries with no letup in sight. But does all of this activity mean that corporations worldwide are actually implementing Agentic AI throughout the entirety of their business systems?

Should Agentic AI be ubiquitous in the (heavily regulated) insurance industry?

We have doubts. That is, we doubt that Agentic AI should be ubiquitous in the heavily regulated ‘must be auditable, accountable, and process-transparent’ insurance industry. 

We consider these three areas next: 1) descriptions of Agentic AI (no definitions of Agentic AI because there isn’t any consensus regarding the definition of Agentic AI), 2) problems with Agentic AI, and 3) the growing Agentic AI ecosystem.

Agentic AI descriptions

First, consider some descriptions of Agentic AI. Similar to the definitions we provided close to the beginning of this Thought Piece, we have removed the “live” part of our citations.

1. “Agentic AI is an artificial intelligence system that can accomplish a specific goal with limited supervision. It consists of AI agents—machine learning models that mimic human decision-making to solve problems in real time. In a multiagent system, each agent performs a specific subtask required to reach the goal and their efforts are coordinated through AI orchestration.” https://www.ibm.com/think/topics/agentic-ai
2. “Agentic AI is an advanced form of artificial intelligence focused on autonomous decision-making and action. Unlike traditional AI, which primarily responds to commands or analyzes data, agentic AI can set goals, plan, and execute tasks with minimal human intervention.” https://cloud.google.com/discover/what-is-agentic-ai
3. “AI agents are autonomous software systems that perceive, reason, and act in digital environments to achieve goals on behalf of human principals, with capabilities for tool use, economic transactions, and strategic interaction.” The Coasean Singularity? Demand, Supply, and Market Design with AI Agents, https://www.nber.org/system/files/chapters/c15309/c15309.pdf
4. “Agentic AI is an autonomous AI system that can act independently to achieve pre-determined goals.” https://aws.amazon.com/what-is/agentic-ai/

Some key points we want to reinforce from the descriptions above are that Agentic AIs:

• Mimics human decision-making and the mimicry happens in real-time;
• Require minimal human intervention;
• Can set goals, plan, and execute tasks autonomously;
• Can achieve pre-determined goals autonomously;
• Will work with other Agentic AI;
• Agentic AI operates in real-time.

At this point of considering these key points, we get flashes from the movie “The Sorcerer’s Apprentice” of the apprentice letting brooms, mops, wash clothes, and faucets act out-of-control because he didn’t know how to control his magic until the Sorcerer appears and sets it right. Seems to be several lessons there in that one scene, doesn’t it?

The mimicry should always be resonating in your head. Let’s consider some other problems (and yes, the mimicry is a problem that seems to be invisible or ignored by far too many corporations considering to use or already using AI Agents unless you realize that is a reality dealing with AI Agents).

Agentic AI problems

Let’s consider eight Agentic AI problems. Some of these problems cause insurers to generate results which are not auditable (or accountable or transparent). Some of these cause incorrect expectations of users or consumers of Agentic AI capabilities. One in particular (Shadow Agentic AI) causes functional areas within an insurer’s functional areas to supplant insurance company policies and decisions:

1. Agentic AI is based on large language models (LLM) or small language models (SLMs). A language model – large or small – predicts the next words or the next sentences: it is a model that provides probabilistic answers which are not necessarily the correct answers.
2. Agentic AI is based on language. Language is only one component of human communication. Humans use a wide spectrum of media to transact commerce, collaborate, and interact beyond words: sound, pictures, and video.
3. Agentic AI’s LLM (or SLM) is driven by a non-deterministic engine. Non-deterministic models generate random results. Professionals involved with Agentic AI (or other non-deterministic AI technologies) use the term ‘hallucinations’ or ‘hallucination vectors’. But ‘hallucinations’ is another term for random results (e.g. noise). 
4. The insurance industry exists because it is able to profitably manage probabilistic environments. Probabilistic environments are not the same as environments with random results. Actuaries and other insurance professionals can’t estimate maximum probable losses (MPL) – or generate any financial outcome correctly – in an environment of (or with) random results.
5. Many professionals, in and out of the insurance industry, believe that Agentic AI is AGI-lite: it isn’t. We refer back to the fact that AI Agents mimic human decision-making.
6. Many humans associate anthropomorphic characteristics to AI agents. Anthropomorphism is: “the ascribing of human personality, appearance, conduct, cognition, or other attributes to non-human entities.” (https://en.wikipedia.org/wiki/Anthropomorphism) Stated another way, many humans mistakenly believe that AI agents can think or reason.
7. LLMs (or SLMs) are available to any person wanting to experiment with them. There will be insurance professionals accessing and using them in a variety of functional departments even if these professionals (or the functional departments) have not been approved to use them.  This ‘Shadow Agentic AI’ use will not only increase total company compute charges but also generate a shadow stream of random results (incorrect answers) leading to incorrect decisions by these functional departments;
8. Beyond the quite real ‘Shadow Agentic AI’ possibility, there will also be ‘Rogue AI Agents’. These are AI Agents which possibly fulfill their intended purpose but also perpetrate unintended actions not related to fulfilling their intended purpose or perform only unintended actions not related to fulfilling their intended purpose.

Agentic AI ecosystem

Seemingly ignoring the Agentic AI problems, insurance professionals from a variety of insurers are moving at pace to use Agentic AI to quicken operations (such as claim processing), supposedly saving labor costs (eliminating existing jobs or not filling positions), or both simultaneously (providing customer service with fewer employees but using AI Agents instead). We mention “supposedly saving” the labor costs because several studies have shown the high and growing cost of compute that Agentic AI consumes and the true cost of ‘tokens’ (payment for the compute) will only become known once the technology providers decide to become profitable.

Beyond embedding Agentic AI capabilities in their insurance processes in their headquarters, insurers should realize that an expanding Agentic AI environment, inclusive of Shadow Agentic AI and Rogue Agentic AI in their own company, will also exist – now or in the (near?) future – in the insurer’s ecosystem, including:

1. Broker offices and insurance agencies;
2. Field offices;
3. Market platforms / eTrade platforms;
4. Commercial client’s executive, divisional, and functional areas;
5. Third-party claim adjudicator’s firms;
6. Reinsurer’s ceding / assuming departments;
7. Insurance regulator’s offices;
8. Outside counsel offices;
9. Insured tangible artifact(s);
10. Loss entity (the artifact that is damaged or destroyed) itself or its own AI Agents.

Each of these external firm’s AI Agents (inclusive of Shadow and Rogue AI Agents) will be generating random results on their own (as byproducts when they strive to satisfy their intended purposes). The combination of two or more of these AI Agents performing their various interactions to satisfy business objectives such as customer service, claim adjudication, or product development will produce a multi-dimensional Gordian Knot environment.

Part 4: Respondeat Superior Implications of the Agentic AI Ecosystem Expansion

The Legal Hook

Historically, agency law and tort law have made the employer responsible for the acts of their employees and representatives during their training and employment. In regulated industries, like real estate and insurance, agents are required to pass background checks, be fingerprinted, take an initial qualifying exam and ongoing continuing education. Yet they are less responsible for their actions than their employer, (Principal / Master). 

The best way to appreciate the limited liability of the Agent is to understand the strict liability of their Principal. In Western Common Law the master-servant rule or “let the master answer” (Respondeat Superior) addresses the relationship of human agents subordinated to their principals and underpins commercial liability policies such as commercial automobile, Errors and Omissions, and Employer’s Liability. State laws like the newly passed Colorado Bill 26-189 “The Automated Decision-Making Technology Law” go a step further by requiring a series of controls and tests that attempt to bring the developer into the liability picture alongside the Principal.

Consider the issues of Agency vs. Autonomy. A Principal, for example an insurance carrier, is assumed to have the ability to interview, contract, train and supervise their agents. Clearly a company that trains and deploys a technology such as an AI Agent has even less deniability for the actions of that technology than for an employee that is supposed to have some amount of free will and moral compass. Since the AI Agent is acquired and programmed to act to benefit the business, the partnership, or the corporation, the business is the Principal and must respond for the Errors and Omissions of its deployed AI Agents. 

The apparent “autonomy” of an AI agent under the control of an employer (deployer) is a legal fiction. An AI Agent cannot be an independent contractor, an LLC, or other entity shielded from employer vicarious liability. It cannot be fingerprinted, made to attend a hearing, pay a fine or go to jail. It is a tool, a tool for which the principal is liable in Western law (even in Louisiana).

There is a counter-argument that focuses on “The Myth of the “Rogue Algorithm”. It is easy to counter this defense that an Agentic AI’s unexpected bias is equivalent to a “rogue employee” acting outside the scope of duties. It is not reasonable to argue that the AI Agent purchased itself, programmed itself, deployed itself and should audit itself to corporate governance and statutory standards. If it starts picking up general bias from its coworkers and begins to discriminate against various groups or businesses not explicitly prohibited in the approved rules and guidelines, it creates a non-transferrable liability for the Principal. 

Only humans selling Cyber Insurance might disagree.

Liability for Agentic AI actions can’t be avoided

There are written and unwritten rules, exceptions and “one-time deals” in most workflows. Over time an Agentic AI will ‘learn’ these unwritten rules by observing results from human decision makers. This learning dynamic may at some later point-in-time introduce bias into sales as well as into decision-making through the non-deterministic data paths generated by the AI Agent finding faster short cuts to the most profitable outcome.

Principals cannot avoid liability for the actions of Agentic AI, and they cannot (except for the most egregious circumstances) avoid liability for the actions of their employees. This means it is logical to conclude that they cannot avoid “employee use” of Agentic AI, whether that use is approved or stealth (e.g. Shadow AI Agents). 

In addition to the budgeted and planned use of AI Agents in corporations today, most companies have some enterprising workers experimenting with the AI tools that have been added to their standard productivity software suites and search engines. The failure to control any of this AI Agent tool usage may lead to the creation of another unregistered AI Agent. The result is a form of corporate negligence.

As an example, imagine that you are the Principal of a large, regulated enterprise. You have just been told that in addition to the human employees that you are responsible for now, you have at least 20 new AI Agents you are responsible for which are being deployed daily. Now, further imagine that not only are these AI Agents being created by employees at all levels of the company but some of these AI Agents are also reproducing themselves (e.g. creating new AI Agents). Your vicarious liability is impossible to measure and is growing exponentially!

Part 5: Insurance Industry Perspectives of Agentic AI Ecosystem Expansion

Insurers face new vicarious liabilities

In everyday usage, an agent acts on behalf of a principal, whether a government entity, a consumer or a business. But what about an AI Agent? Consider the Florida Office of Insurance Regulation as an example. In the insurance context, the Florida Office of Insurance Regulation describes Agentic AI as an automated “bot” that performs tasks for a licensed human Agent in Charge (AIC). It is not a sentient entity with Artificial General Intelligence (AGI), nor can it be licensed to sell or bind insurance coverage. But as we discussed the AI Agent does introduce new vicarious liabilities.

Insurance corporations face these new vicarious liabilities, regardless of their size or resources. The licensed proprietor of a small local insurance agency can’t avoid responsibility for their employees or their computer system(s). The system’s mistakes and miscalculations are the agency’s E&O. If the agency is not following the licensing, underwriting and notice requirements of their state, the Principal of the agency is responsible. There is no defense. The “hometown insurance agency” defense doesn’t protect against high-technology liability. Global insurance giants face the same “strict vicarious liabilities”, but they have more resources to monitor and potentially control (but not necessarily reduce or eliminate the liabilities from) their massive proliferation of AI Agents.

It all begins with risk identification posed by Agentic AI

How can insurers manage the risks of these new liabilities?

The risk management paradigm starts with identification of risk. A logical place to start managing the risks posed by Agentic AI is to inventory all known AI Agents, what they do, and who is responsible for the AI Agent’s existence and objectives. It is also important to list the systems they access as they are added to the corporate risk register.

Keep in mind that given the proliferation of AI Agents, avoidance is not a treatment that makes legal sense.

The Colorado Bill (we mentioned it in Part 4), and other state bills provide one feed forward framework for Agentic AI risk management:

1.  Notice. The Principal is responsible for notifying customers where and how they use AI Agents for decision making and processing.
2. Human Review: At key steps in the workflow a human must review the work of the AI Agent.
3. Reduced bias: The Principal must understand and be able to explain the operational logic of the AI Agent and perform initial and corrective training.
4. Right to appeal: The customer has a right to appeal an AI-enabled decision and deserves an explanation of the process that resulted in their outcome.
5. Data Governance: The Principal is responsible for protecting confidential data and for monitoring the usage of prohibited data by the AI Agent.

The best hope for corporations lies in these three initiatives:

• Risk transfer through Cyber Insurance (as long as it is being sold);
• Becoming increasingly more cyber resilient;
• Feed forward controls like education, human testing and audit structured to move beyond mere AI technology industry and government compliance to a “hands-on” proactive approach.

Insurers need to focus on the second and third initiatives.

Part 6: Reinsurance Perspectives of Agentic AI Ecosystem Expansion

Agentic AI liability exposure greater than contractual risks

Reinsurers should be even more concerned with the liability arising from the market activities of the underlying force of AI Agents. Like retail agents, adjusters and underwriters, 21^st Century reinsurance professionals will be experimenting with AI and deploying AI tools to improve processing and monitor their employees, agents (reinsurance brokers) and customers (insurance carriers). However, the reinsurer’s direct exposure to AI Agent liability will pale in comparison to the contractual risks they may assume unknowingly via retrocession.

We see retail commercial liability coverage gaps opening and closing as Product Liability policy language authors attempt to define more AI exclusions. Cyber Liability coverage drafters will back away from AI Agent liability entirely preferring an absolute exclusion in the main policy and then attaching an AI Agent endorsement for a price.

Initiatives to map specific policy language required

Reinsuring the commercial market for CGL, Errors and Omissions, and Commercial Umbrella will require a new deep dive analysis. This will entail initiatives to map the specific policy language to determine where and how AI Agent usage is covered for market conduct and data privacy or if it is excluded or assumed at every level of underlying coverage in the reinsurance tower and the technology stack.

Product liability for AI tool providers, trainers, and deployers will be a market unto itself with some of the largest providers forced to self-insure (e.g. go bare) because no reinsurer will participate in their coverage due to the catastrophic potential and the increased regulatory scrutiny.

The AI Agent Mandates of the New Colorado Bill

The new Colorado bill (like many laws coming on the books in other states) that we referred to before mandates that all AI Agent tool developers (supposed owners of a reinsured product liability policy) must provide deployers with information about known limitations, methods, and data used in the initial training of the provided AI Agent and the proper use its software for subsequent training and monitoring. 

The deployer (also an owner of a reinsured commercial liability policy) must understand the workings of the AI Agent tool and be able to explain how it works and reaches its decisions. Under the bill’s mandate all developers must notify deployers of ‘timely’ updates and be prepared to respond (in person if necessary) to all requests by the Colorado insurance department.

Quick Quiz: Imagine that you are a reinsurance executive with a book of Errors and Omissions business and a software Products Liability book spanning a large number of carriers and their agents. Your intermediary has just informed you that the reinsured book of E&O has a number of non-conforming policy language templates with some carriers refusing to write AI Technology related coverage while other carriers are openly embracing the coverage as a differentiator and marketing bonus. Before hearing from your intermediary, your policy language expert suggested not following form with the cedent carriers but instead adding an absolute exclusion for AI related losses. How would you estimate the potential risk? The answer is: “You can’t!”

Part 7: Wrapping up – The Journey is Far from Finished

“We shape our tools and thereafter our tools shape us”, Father John Culkin, SJ, a Professor of Communication at Fordham University, New York, March 1967 (and a friend of Marshall McLuhan)

Agentic AI, and other non-deterministic AI technologies, have brought the (P&C) insurance industry to a precipice that forces them to consider whether they should sell coverage for the liabilities generated by their clients using these technologies. The situation is that these ‘tools’ are indeed reshaping society, corporations, and, of course, the risk space. 

However, from an insurance perspective, the Agentic AI risk space is unmeasurable because Agentic AI -and other non-deterministic technologies whether AI, Quantum, or potentially what comes after Quantum – deployments generate hallucinations. Hallucinations are another term for random results. Not randomness but random results. Randomness is equivalent to probabilistic. Random results are equivalent to static or undecipherable noise. Both static and undecipherable noise are unmeasurable for loss models (or for much else?). And unmeasurable means for insurers, or should mean, to not sell insurance coverage.

The insurance industry has been financially managing randomness or probabilistic environments successfully for many hundreds of years. They’ve done this by estimating the maximum probable losses (MPL) of selling coverage for the varied risks the industry has faced through the Ages (e.g. Agrarian, Industrial, Information, and the current recently-entered Cyber Age ). However, insurers can’t estimate MPL in an environment of random results. Neither of us believe any quantitative professional can accomplish this estimation.

This brings us to the insurer’s ‘precipice moment’: to sell coverage for AI liabilities, even if they can’t estimate MPL? We are of the opinion that instead of jumping off this technology-forced cliff (and sell coverage for Agentic AI liabilities) that insurers first need to consider whether they will adhere to their underwriting discipline and to their fiduciary responsibilities.

Perhaps there are other paths which insurers can take to participate in the non-deterministic AI technology liability coverage market? Perhaps there are insurance carrier strategies to consider? New companies to launch? Existing startups focusing on selling insurance for Agentic AI liabilities to acquire? Possibly underwriting tactics to create and implement? The central questions for underwriting coverage for non-deterministic AI technologies revolve around: 1) how to sell liability coverage when loss models have noise and static polluting them, and 2) to determine whether there is a (low?) level of liability coverage that can be sold, regardless of type of capacity carrier and distribution channels used, without tripping any lawsuit wires?

As we mentioned in the title of this last Part, the journey is far from finished for the insurance industry.