Cybersecurity insurance + AI: what's covered, what's excluded, what to demand in 2026

Cyber liability policy wordings have changed quietly but materially in 2025-2026, and the changes do not favour the policyholder running AI in production. Lloyd's of London model exclusions (the LMA 5400 / 5401 / 5403 series) provide reference clauses that some carriers and managing general agents are now embedding into renewal wordings. Combined with the broader trend toward stricter privacy, autonomous-system, and deepfake exclusions, the practical effect is that a meaningful share of AI-related loss scenarios fall into ambiguous coverage territory unless the broker has negotiated specifically. This post maps the exclusion landscape, walks five realistic AI claim scenarios, and gives brokers and risk managers a concrete renewal-negotiation checklist. Updated 2026-05-20.

Cyber liability is a market that hard-cycled in 2021-2022, soft-cycled through 2024, and re-tightened on AI risk specifically in 2025-2026. Capacity is broadly available, premiums have stabilised, but underwriters have absorbed enough AI-related claim experience to start narrowing the language around emerging-technology exposures. The Marsh State of Cyber 2024 report and the AON Global Risk Management Survey 2024 both flag AI-related uncertainty as a top concern for risk managers entering the 2026 renewal cycle.

The 2024 NAIC Cybersecurity Insurance Data Call confirmed that U.S. cyber insurers have collected enough claim data to identify AI-adjacent loss categories distinctly from generic cyber claims; the data call methodology is moving toward separate fields for AI-related incidents in coming reporting cycles. The implication for policyholders: claim outcomes will increasingly be analysed against AI-specific cause codes, and ambiguous wordings will be resolved with reference to the carrier's own data, not the policyholder's intent.

Areebi research POV. The CISOs who treat cyber insurance as a paperwork exercise are the ones surprised at first notice of loss. The CISOs who treat the renewal as a structured negotiation - with the AI-specific clause set walked through line by line - are the ones with predictable claim outcomes. The AI governance ROI business case covers why this matters at the board level.

The AI-related exclusion language showing up in renewal wordings clusters into three broad categories. Brokers should be able to identify which category each clause in the policy falls into, and what it actually excludes versus what the marketing summary suggests.

Category 1: Broad-form AI usage exclusions. The most aggressive form is a clause that excludes loss "arising out of or resulting from the use of artificial intelligence, machine learning, or automated decision-making systems." Lloyd's LMA 5400 is the reference broad-form AI exclusion. Read literally, this excludes almost any modern technology-driven loss, because virtually every enterprise security stack now includes ML-based components. Sophisticated buyers push back hard on broad-form exclusions; less sophisticated buyers sometimes accept them without realising the scope.

Category 2: Targeted exclusions for specific AI risks. A more measured form names specific AI-related risks: deepfakes used in social engineering, autonomous-system actions, AI-generated misinformation, and similar. Lloyd's LMA 5401 is a reference deepfake-and-impersonation exclusion. Targeted exclusions are easier to negotiate because the scope is bounded, but they remove coverage for some of the most plausible AI-related claim scenarios (notably deepfake-enabled wire fraud and synthetic-media impersonation).

Category 3: Carveouts for autonomous or agentic systems. The newest form addresses agentic AI specifically. The reference language often excludes loss arising from actions taken by autonomous AI systems without human authorisation, or from agent-to-agent transactions outside the policyholder's control. Lloyd's LMA 5403 is one reference for autonomous-system carveouts. As enterprises increase agentic AI deployments through 2026, this category will become the most consequential. The agent governance primer and the AI agent monitoring and observability guide cover the underlying control discipline.

The LMA 5400 series provides model wordings; carriers adapt them to their own paper. The underlying intent across the three is consistent, but the operative differences matter for what gets excluded versus what gets covered.

The Areebi policy engine and audit log are the substrate that supports the human-in-the-loop and audit-trail carve-backs - underwriters increasingly expect to see the per-interaction record and the policy enforcement trail before agreeing to soften an autonomous-system exclusion. The AI incident response runbook describes the operational discipline that turns audit-log evidence into a claim-ready artefact.

The exclusions above are abstract until they meet a real claim. The five scenarios below are based on patterns observed across the public claim record and the CISA cyber tabletop exercise materials for 2024-2025.

Scenario 1: Prompt injection via customer-facing assistant exfiltrates customer PII. A customer-facing AI assistant is manipulated by an attacker prompt that causes it to disclose data from another customer. Result: customer notification obligations, regulator engagement, remediation cost. Coverage analysis: usually covered under standard privacy and network security wordings if the AI-usage exclusion has been negotiated out; ambiguous if a broad-form LMA 5400-style exclusion is present. The prompt injection deep dive and the prompt injection primer cover the underlying attack class.

Scenario 2: Deepfake voice impersonation of a CFO authorises a fraudulent wire transfer. Generative AI is used to impersonate a senior executive's voice in a phone call to the finance team, instructing a wire transfer. Result: financial loss, internal investigation, regulator engagement. Coverage analysis: explicitly excluded by LMA 5401-style deepfake clauses; sometimes also excluded under social engineering sub-limits. Most policyholders renegotiate this clause aggressively at renewal.

Scenario 3: Agentic system executes an unauthorised vendor transaction. An autonomous agent given access to procurement and treasury systems executes a payment that the policyholder did not approve. Result: financial loss, internal control failure, regulatory exposure. Coverage analysis: LMA 5403-style autonomous-system carveouts apply; coverage typically hinges on whether the agent was operating "outside human authorisation" - which is precisely where audit-trail and policy-engine evidence becomes determinative.

Scenario 4: Model supply chain compromise via poisoned open-source weights. A model fine-tuned on a popular open-source base is compromised by poisoned data introduced upstream. Result: degraded model output, business decisions made on tainted signal, downstream litigation. Coverage analysis: depends on whether the wording includes supply-chain attack coverage and whether the model qualifies as "covered software." The model supply chain security guide covers the technical mechanics; the AI supply chain security primer is the underlying primer.

Scenario 5: Hallucinated regulatory disclosure published at scale. A regulated firm's investor-relations team uses a generative tool to draft a disclosure that contains a hallucinated material fact. Result: regulator letter, possible litigation, reputational cost. Coverage analysis: regulatory defence costs are typically covered; the underlying erroneous-act exposure may fall under D&O or E&O rather than cyber. Brokers should be explicit about which tower responds to AI-content errors versus AI-system breaches.

The checklist below is the one Areebi recommends to risk managers entering the 2026 renewal cycle, organised by clause family. Each item names what to ask for, why, and what evidence the underwriter typically wants in return.

The Areebi AIBOM playbook covers the model bill-of-materials evidence underwriters increasingly request; the CFO AI vendor list is a useful adjacency for the concentration and renewal economics conversation.

AI-specific underwriting questionnaires have proliferated through 2025-2026. Carriers are increasingly asking for evidence rather than attestation, and the questions cluster around five themes.

Theme 1: AI inventory. Do you have a documented inventory of every AI workload in production, including AI features inside non-AI SaaS? The 90-minute shadow AI hunt playbook describes the continuous discovery posture that closes the inventory gap.

Theme 2: Policy and enforcement. Do you have an AI Acceptable Use Policy that is machine-enforceable at the prompt layer, not just published as prose? The Areebi AI policy engine primer covers what machine-enforceable means concretely.

Theme 3: Audit trail. Do you log every AI interaction with model identifier, policy version, user identity, data classes touched, and tool calls invoked? The Areebi audit log overview shows the field schema underwriters typically expect.

Theme 4: Vendor governance. Do you have a documented vendor risk assessment process and a continuous monitoring discipline? The AI vendor risk score tool generates the per-vendor scorecard; the AI vendor risk primer covers the underlying methodology.

Theme 5: Incident response readiness. Have you exercised your AI incident response runbook in the last 12 months, including scenarios for prompt injection, deepfake-enabled fraud, and agentic system overreach? The AI incident response runbook includes the tabletop scenarios; the CISA Tabletop Exercise Packages are the public sector counterpart.

Policyholders who can answer these five themes with evidence - inventory exports, policy versions, audit log samples, vendor scorecards, exercise minutes - consistently negotiate better terms than those who can only attest. The Areebi AI Governance Assessment produces a packaged version of these five themes that several brokers have used as the lead artefact in renewal submissions.

Pitfall 1: Reading the policy summary, not the policy. Broker summaries are useful but they do not capture the operative clause language. Read the actual clause wording, especially the AI-specific endorsements, before signing.

Pitfall 2: Treating cyber as the only tower. AI-related loss can land in cyber, D&O, E&O, crime, kidnap and ransom, or media liability depending on the scenario. A coverage map across the full insurance tower is more useful than depth-only analysis of the cyber policy.

Pitfall 3: Negotiating only at renewal. Some carriers will agree to mid-term clarifications or endorsements when material AI capabilities change (a new agentic deployment, a major customer-facing assistant launch). Build the carrier conversation into the change management process, not just the renewal calendar.

Pitfall 4: Ignoring concentration risk at the carrier level. A single carrier writing all of cyber, D&O, and E&O may apply coordinated exclusion language across the tower. Spread the tower across carriers if the AI exposure is material.

Pitfall 5: Treating the questionnaire as a one-off. Underwriting questionnaires now feed continuous-risk assessment models. The same questionnaire submitted with stronger evidence at renewal n+1 typically produces better terms than a defensive resubmission with the same evidence as renewal n. Documenting the program's maturity arc helps.

Areebi is built to produce the evidence underwriters now ask for in AI-specific questionnaires. Three capabilities map directly to the renewal conversation.

AI inventory and shadow AI discovery. The Areebi platform reconciles the procurement-side inventory with the runtime inventory, catching AI features quietly enabled inside non-AI SaaS. The cost of one shadow AI breach piece covers why this matters for the cyber insurance argument.

Policy engine and DLP. The Areebi policy engine turns the AI Acceptable Use Policy into machine-enforceable rules; the DLP layer reports prompt-level coverage by data class. Underwriters increasingly expect to see policy-version history and DLP coverage reports as part of the submission.

Audit log and incident reconstruction. The Areebi audit log captures the per-interaction record that converts an ambiguous coverage question into a determinative one. For a Scenario-3 agentic-system claim, the difference between "outside human authorisation" and "inside the documented agent policy boundary" is the audit-log entry showing the policy version active at the time of the action. The AI audit primer describes the underlying concept.

For sectoral specificity, the Areebi compliance hub indexes the per-regulation pages that underwriters now scan to gauge the policyholder's regulatory posture; the DORA + AI piece is particularly useful for European financial entities approaching their 2026 cyber renewal.

The references below are the primary sources cited throughout this post. All URLs were verified at the time of publication.

• Lloyd's Market Association (LMA) model wordings - including the LMA 5400 / 5401 / 5403 reference clauses for AI-related exclusions.
• NAIC Cybersecurity Insurance Data Call 2024 - the U.S. state-regulator data call that includes AI-adjacent loss reporting categories.
• Marsh State of Cyber 2024 - the brokerage-side market view including AI exposure and exclusion trends.
• AON Global Risk Management Survey 2024 - the cross-sector risk-manager view of AI uncertainty in coverage decisions.
• CISA Tabletop Exercise Packages - including the cyber insurance and AI-related scenarios used in the public sector exercise library.
• NIST AI 600-1, Generative AI Profile (July 2024) - the technical baseline underwriters increasingly anchor their AI-control questionnaires against.

To take the insurance conversation into the broader risk-and-control posture, work through this cluster.

• AI incident response runbook - the operational artefact underwriters expect to see exercised.
• Cost of one shadow AI breach - the financial argument for tighter coverage and stronger controls.
• CFO AI vendor list - the cost-and-renewal counterpart for the procurement conversation.
• AIBOM playbook - the model bill-of-materials artefact that supports supply-chain coverage analysis.
• AI agent monitoring and observability - the control discipline behind the autonomous-system carve-back conversation.