Back to blog

AI in Insurance: Exclusions First

FilingFocus TeamFebruary 18, 20264 min read

AI liability language is picking up in admitted policy forms. The early pattern: exclusions lead, and affirmative coverage is slow to develop.

AI language in admitted policy forms from 2019 to 2025, split by exclusions, coverage, applications, and other

Of the 186 forms mentioning AI in 2025, 62 are exclusions, 46 are applications asking about AI usage, 11 are affirmative coverage forms, and 67 reference AI in other contexts - definition amendments, insured persons expansions, and similar. The first affirmative AI coverage appeared in 2020, a tenant homeowners endorsement covering homes with robots using artificial intelligence. The first generative AI coverage - addressing deepfakes, prompt injection, and AI-caused breaches - didn't appear until 2024.

The exclusion wave

ISO published standard generative AI exclusions effective January 2026, already adopted by 20+ carriers. Most of the exclusion spike visible in 2025 reflects carriers filing these forms ahead of that effective date. For CGL, carriers can choose from three modular forms:

  • CG 40 47 excludes all bodily injury and property damage arising from generative AI
  • CG 40 48 targets Personal and Advertising Injury Liability only
  • CG 35 08 targets Products/Completed Operations only

CU 34 69 is the Umbrella equivalent, excluding both coverages.

All define generative AI broadly as any machine-based learning system that creates content including text, images, audio, video, or code.

Umbrella and Excess leads with 46 exclusion forms since 2019, driven by ISO's standard generative AI exclusions. Commercial Package follows at 21, then CGL at 20.

The range of approaches beyond ISO is wide, and worth understanding:

Berkley (PC 5138000) filed an absolute AI exclusion across their Private Company Management Liability program, covering D&O and EPL. It excludes not just AI usage, deployment, and development, but also claims arising from a company's public statements, disclosures, or risk assessments related to AI. They filed variants that carve back Side A personal liability or securities claims, but the base form is absolute.

Frederick Mutual (FM XAI 01 2025) went the most granular, naming specific tools (ChatGPT, DALL-E 2, Sora, Midjourney) and activities (creating documents, marketing materials, researching, decision-making) in the exclusion. Their form includes a Cyber Suite carve-out.

E&O carriers have largely skipped exclusions in favor of data collection. Ninety-one E&O application forms now include AI-related questions, making it the most active product line for AI underwriting data.

The coverage split

While exclusions dominate, affirmative AI coverage is emerging. It's concentrated almost entirely in cyber (21 affirmative coverage forms, 3 exclusions), where carriers are extending existing coverage grants to address AI-specific perils like deepfake fraud and prompt injection.

Coalition (CYUSP-00EN-000035) filed an "Affirmative AI Endorsement" that defines "AI Security Event" as a new covered peril, extends data breach coverage to AI-caused breaches, and explicitly names prompt injection as a covered attack vector. It also extends funds transfer fraud coverage to include deepfake-generated fraudulent instructions.

Travelers (CYB-19191) extended CyberRisk to cover AI deepfake fraud, amending their computer fraud, funds transfer fraud, and social engineering fraud definitions to all include AI and deepfake-generated instructions. If a deepfake impersonates a CEO to trick an employee into wiring money, it's explicitly covered under three separate coverage grants.

Beazley amended their fraudulent instruction definition to include AI and deepfake-generated instructions, filed across both Cyber and E&O/MediaTech products.

Most coverage is concentrated in cyber, with a handful of endorsements applying to other products.

AI forms by product: exclusions, applications, and affirmative coverage since 2019

A Recent Comparison: Crypto

Crypto offers a recent example of how insurers have responded to a new technology risk. Named crypto and digital asset forms first appeared in admitted filings in 2015. By 2025, the market was producing 167 distinct crypto-related forms per year. AI is on a similar trajectory but compressed into a much shorter timeline.

Named emerging risk forms over time

The difference is how each risk was received. When crypto first appeared, carriers covered it before they excluded it. In 2015, there were 24 coverage and endorsement forms versus just 5 exclusions. Carriers expanded money and property definitions to include digital assets, wrote sublimits for cryptocurrency theft, and added blockchain-related coverage grants. The exclusion wave didn't hit until five years later.

Crypto and digital asset forms by intent from 2015 to 2025

There was no equivalent period for AI. Coverage arrived late, stayed narrow, and remains concentrated almost entirely in cyber. The market's first instinct was to exclude. Whether AI follows crypto's path toward a more balanced coverage response remains to be seen.

What's worth watching

How states are handling AI exclusions: Kansas required carriers to confirm that base rates don't already contemplate the excluded coverage, citing KSA 40-954: "a restriction of coverage is tantamount to a rate increase." Pennsylvania raised similar questions about premium impact. Illinois went further, conditioning approval on the carrier adding an AI underwriting question to the application.

D&O is expanding insured persons, not coverage: Beazley's E16465 expands the definition of Insured Persons to include CISOs, CTOs, CDOs, Chief Privacy Officers, and any senior executive responsible for the company's use of advanced technologies, naming artificial intelligence, machine learning, and automation specifically. Berkshire Hathaway Specialty filed a similar CISO endorsement.


Data sourced from FilingFocus.