Most organizations have by now heard the warning bells of risks that come with the use of artificial intelligence technology, from data privacy and cybersecurity threats to potential copyright infringement and discrimination claims. In face of the recent spike in AI-related litigation, such risks could soon prove costly, leaving one last barrier of defense for companies that use AI: insurance.
While there is no such thing as an AI-specific insurance policy — yet — existing coverage may protect against some of the litigation threats created by artificial intelligence. But as the risk for regulation and waves of lawsuits grow, the extent to which insurers will protect companies is uncertain.
During an "Insurance Considerations for Deploying AI/ML Tools and Technologies" webinar hosted by the law firm Clark Hill, legal professionals highlighted some of the key risks associated with artificial intelligence and the insurability — or lack thereof — of these risks under traditional coverage.
While the majority of existing insurance policies don't explicitly mention AI, legal professionals noted that many of the risks that companies face because of the technology are protected in some shape or form by existing coverage.
Take, for example, the cybersecurity risks that come with using AI or, more recently, with generative AI. Most organizations likely have a cybersecurity policy that may protect them from some of the ransomware, data breach and other cyber liabilities. But the sophistication of cyber threats that generative AI can spur should bolster organizations to take another look at such policies.
"You really need to know what your vendors' terms and conditions say and what your cyber policy covers," said Jennifer Stivrins, a partner at Kissel Straton & Wilmer.
Still, cyber policies are only one part of the puzzle when it comes to protecting organizations against cyber risks, she said, as other types of policies may also include some limited cybersecurity coverage.
"If you're getting a business policy, if you're getting a [directors and officers] policy and they offer you a cyber endorsement, look at that endorsement, see what it covers, is it a little bit more far-reaching?" Stivrins said.
But as the cyber risks surrounding AI continue to grow, organizations without the proper security and governance strategies in place may have more trouble getting coverage. In fact, going forward, Stivrins noted that she expects to see carriers start asking for acceptable use policies, which define how employees can use an organization's information technology resources, such as internal AI systems.
"I think we are there already in some instances. We have seen on applications asking for lists of the vendors that a given entity might use, 'Do any of them employ AI technology?' Particularly in the media sphere," she noted. "But I do think we'll get to that point where we are having to show a policy of how we use AI."
In the past couple of months, intellectual property and copyright have been hot areas for litigation especially regarding the type of media used to train generative AI models.
Stivrins said: "Ideally, you want [your vendors] to indemnify you for intellectual property infringement risks, because they're the ones creating the imagery or the language. I would avoid any AI tools that can't confirm or at least don't assert that they use proper licensing of their source material."
Here again, several business policies may cover some of these risks. A stand-alone media policy is one example, Stivrins said.
General liability policies also may have an advertising cover provision that extends to risks such as copyright infringement.
One of the biggest threats that has emerged in the face of the generative AI wave is to legal professionals themselves. One of the most infamous examples is perhaps the New York lawyer who recently submitted to a court a ChatGPT-written brief with fake case citations.
Here, too, it seems that kind of mistake can be insurable under current insurance provisions, as long as one's liability policy doesn't have any kind of exclusionary language in it for generative AI, noted Meredith Challender, a partner and general counsel at Kissel Straton.
But such exclusionary language could soon become more common. "We are starting to see that in some policies, some insurers [are] trying to include that," she said.
Ultimately, those that may have the trickiest time getting sufficient insurance coverage may be the providers of AI services and products themselves. Up until now, technology errors and omissions insurance has been providing coverage to companies creating software for other businesses to protect the developers in the case of a mistake. But the extent of that coverage may shrink going forward as the number of risks that can fall into that basket continue to grow.
"We are going to see tech E&O companies that produce AI seeking insurance for that kind of work. And I would assume that they will get it but it will be somewhat limited to what the policies are going to provide," Challender said. "I can see a lot of insurance companies saying 'OK, to a point, we will ensure that. But we're not going to be there to cover every single thing that might eventually go wrong.'"
While there aren't bespoke AI-specific insurance policies yet, that may change as the insurance industry becomes more knowledgeable about the technology and adapts its types of coverage provisions.
*****
Cassandre Coyer is a Washington, D.C.-based reporter for Legaltech News. She can be reached [email protected].
Cassandre Coyer
Washington D.C.-based legal technology reporter, covering new things happening around data privacy and cybersecurity law, e-discovery and emerging technologies.