DO NOT DISTRIBUTE · CONFIDENTIAL

CoverVector

AI Risk Briefing

Governance · Affirmative cover · The carrier · The underwriting layer

Who carries the AI risk on a complex account?

A complex account embeds AI in hiring, pricing, customer service and claims. The exposure does not sit in one place. It falls across as many as 15 lines of coverage, at the same time that the standard market is beginning to exclude AI. Two common answers therefore fall short: an AI governance platform demonstrates that a model is controlled, and an affirmative AI policy responds to a defined AI liability scenario. The account still requires multi-line carriers to underwrite AI across the full tower, and that is a translation problem. This briefing sets out what each category of provider does, in specific terms, and where CoverVector fits.

AI is embedded across operations, not contained in a single line of coverage.

When a large enterprise uses AI to screen applicants, price products, respond to customers and adjudicate claims, the exposure is not a single item an underwriter can isolate. It extends through employment practices, professional services, management decisions, media output, products and data, and a single incident can give rise to several of these claims at once. CoverVector's engine maps that footprint to 15 lines of coverage (EPLI, D&O, E&O, Cyber, Product, Media/IP, Regulatory Defense and others). At the same time, the standard market is removing AI from those lines: ISO's CG 40 47 and CG 40 48 exclusions took effect in January 2026, the phrase "arising out of" requires only a causal connection, and more than 80% of AI-exclusion filings have been approved.¹ The relevant question for a complex account is therefore not whether an AI insurance product exists. It is which carrier will underwrite the AI exposure across the full tower, and what that carrier requires in order to do so.

What the market offers for AI risk, and how far each option reaches.

The account's insurance tower: 15 lines a single AI footprint can affect

EPLID&OE&OCyberProductRecallFiduciaryMedia/IPCrimeAutoWorkers' CompContingent BIReps & WarrantiesReg. DefenseUmbrella

How far each provider reaches across that tower

AI governanceCredo AI · Holistic AI

Off the tower entirely. Internal compliance evidence; places nothing, pays nothing.

Affirmative AI policyArmilla · Munich Re

A defined AI layer. A policy or endorsement for a specific AI liability scenario, sitting outside the account tower.

Standard carrier and towerChubb · Travelers · AIG

Holds all 15 lines, but increasingly silent on AI it cannot price

CoverVectorthe underwriting layer

Scores the exposure · grades evidence · maps all 15 lines → carrier underwrites with full visibility

In summary: for a complex account, governance will not place the risk, and affirmative AI coverage will not replace the account tower. The account still requires multi-line carriers across the implicated lines, and those carriers can underwrite the AI exposure only once it has been made legible. That translation is the function CoverVector performs.

Governance, in narrow terms

What a governance vendor provides

A governance vendor writes AI policy, inventories models, applies a controls library, and runs drift and bias validations to evidence conformance with NAIC, NIST AI RMF, ISO 42001 and the EU AI Act.⁵ Its function is limited to internal demonstration, for a CRO or regulator, that a model is governed.

In practice: it helps document the AI change process: use-case inventories, model documentation, approvals, permissions and related governance evidence. That is useful internal process discipline, but it is not insurance work. It does not translate AI use into implicated coverage lines, loss scenarios, wording issues, carrier questions, market routing or a broker-ready submission. It does not make the account placeable.

Affirmative cover, in narrow terms

What an affirmative AI policy provides

A standalone, claims-made E&S policy (or a vendor warranty) that responds to a defined AI liability scenario: model error or output (Armilla, Munich Re), or AI-as-cyber, such as Coalition's "AI security event" and deepfake funds-transfer fraud.^2,3,4 Limits are monoline, with a separate assessment and exclusions that must be requested.

In practice: this may cover a defined AI liability slice, but it does not replace the account-level tower. It does not determine whether the client's EPLI, D&O, E&O, Cyber, GL, Product, Media/IP, Regulatory Defense or Umbrella policies respond when AI changes how the business operates.

Where the loss falls in the tower

Four AI deployments: three drawn from public record, one a synthetic composite from a CoverVector assessment. In each, the loss does not stay inside a standalone AI liability layer. The account tower still has to respond.

Customer-facing AI agent

T-Mobile's IntentCX and the Air Canada precedent

DeploymentT-Mobile and OpenAI are developing IntentCX, an agent that resolves issues and "takes proactive actions on the customer's behalf."⁶

Loss scenarioIn Moffatt v. Air Canada (2024), a tribunal held the airline liable for its chatbot's incorrect advice and rejected the argument that the chatbot was a separate entity.⁷ An agent that acts can make an unauthorized commitment or mishandle a vulnerable customer.

Which coverage respondsAn affirmative AI policy built on a cyber trigger will not respond to an incorrect binding statement, and CG 40 47 may now exclude the resulting GL or advertising-injury claim from the tower.

What the placement requiresMapping to Media/E&O, GL and regulatory defense, with evidence of the agent's guardrails, so the carrier will continue to cover it.

AI hiring and screening

Workday (Mobley) and the iTutorGroup settlement

DeploymentAI applicant screening. In Mobley v. Workday, the court conditionally certified a nationwide ADEA collective (May 2025); Workday advised the court that its tools had rejected approximately 1.1 billion applications.⁸

Loss scenarioDisparate impact. iTutorGroup paid $365,000 (the EEOC's first AI-bias settlement) after software automatically rejected applicants by age.⁹

Which coverage respondsThis is an employment loss, addressed by EPLI, with vendor Tech E&O exposure. No AI-performance policy responds; the question is whether the client's EPLI responds to algorithmic decisions.

What the placement requiresConfirming that EPLI responds to AI-driven decisions, separating vendor from employer liability, and producing the bias-audit evidence the carrier requires.

AI in regulated, high-stakes decisions

nH Predict and SafeRent: regulated decisions, ordinary coverage lines

DeploymentAI in care-coverage decisions (UnitedHealth/Optum nH Predict) and tenant scoring (SafeRent).

Loss scenarioClass actions and disparate impact: nH Predict is alleged to have driven wrongful denials (Optum disputes the allegations);¹⁰ SafeRent settled for $2.28M.¹¹

Which coverage respondsThe insurance question is not only whether the model was accurate. It is who made the decision, who relied on it, what line responds, and whether AI-related wording changes the tower's response.

What the placement requiresA multi-line view across E&O, D&O, regulatory defense, civil-rights exposure and related coverage issues: the breadth a defined AI liability layer cannot provide.

Synthetic composite · CoverVector assessment

"Northfield Foods": one account, six lines

ProfileA $3.1B packaged-foods company: 14 AI models, 8 vendors and 10 use cases.

Two impediments to placement(1) HR-screening AI with no independent bias audit and an undisclosed EEOC complaint; (2) AI-generated consumer content published with no legal-review gate.

Why only the tower holds itThe footprint touches 6 policy lines: EPLI, Media/IP, E&O, D&O, regulatory defense and Product. No defined AI liability layer covers that breadth, and no governance platform places it.

What CoverVector provides the brokerA scored Dossier (Refer with Conditions), evidence graded by tier, the 6 lines mapped, and a carrier-ready submission with the wording issues already identified.

Where CoverVector sits

Not a governance vendor. Not an insurer. The underwriting layer that enables a multi-line carrier to underwrite AI across the full tower.

CoverVector scores an AI footprint across five weighted risk dimensions, separates control claims from evidence strength, maps the exposure to a 15-line coverage universe, and renders the result as a carrier-ready record with a broker lens: submission readiness, coverage map, wording issues and underwriter question bank, using deterministic, auditable scoring rather than an opinion. Governance evidence may be reviewed, but it is not the output. The output is a placeable, tower-wide underwriting record. Governance platforms document AI use and the change process. Affirmative AI policies address defined AI liability scenarios. CoverVector provides the AI uses that matter, the lines they touch, the loss scenarios they create, the evidence carriers will ask for, the wording issues to check, and the market route to pursue. The carrier carries the account, and CoverVector gives the broker the risk record needed to take that account to market.

Sources and notes

1 ISO/Verisk CG 40 47 / 40 48 / 35 08, eff. Jan 2026 (80%+ of AI-exclusion filings approved). · 2 Coalition Affirmative AI Endorsement, form CYUSP-50EN-000039-0324-01. · 3 Armilla AI insurance materials; Vanguard AI ($25M); exclusions not publicly posted. · 4 Munich Re aiSure / aiSelf (to $50M; Standard excludes systemic risk). · 5 AI governance platform documentation; Gartner AIGP Market Guide; Forrester Wave AI Governance Q3 2025. · 6 T-Mobile and OpenAI "IntentCX," Sept 2024. · 7 Moffatt v. Air Canada, 2024 BCCRT 149. · 8 Mobley v. Workday, N.D. Cal.; ADEA collective cert., May 2025 (no merits ruling). · 9 EEOC v. iTutorGroup, $365K consent decree, 2023. · 10 Estate of Lokken v. UnitedHealth (nH Predict); contested by Optum. · 11 Louis v. SafeRent Solutions, $2.28M settlement, 2024.

CoverVector, Inc. · Patent pending · 2261 Market Street, San Francisco CA 94114. Carrier names (Chubb, Travelers, AIG, and others) are illustrative of the standard multi-line market, not partners or endorsers. Public incidents are cited from court, regulatory and press records to illustrate loss paths; they are not CoverVector engagements and no affiliation is implied. "Northfield Foods" is a synthetic composite. Coverage descriptions are summaries, not advice; read the actual policy. Prepared for broker education.