LESTO
Back to guides

AI Liability: How to insure a product whose errors are inherently unpredictable

A strategic guide for CTOs and founders facing the limitations of traditional insurance when confronted with artificial intelligence risks.

Sami Zarzour·6 min read

A chatbot that mistakenly approves a 90 percent discount or a credit scoring algorithm that systematically rejects profiles for no explainable reason: these situations are not bugs in the traditional IT sense. For a CTO or a founder of a startup specializing in artificial intelligence, the transition from deterministic code to probabilistic models radically changes the nature of technical risk. While traditional software follows a logical sequence of instructions, AI produces results whose accuracy is never guaranteed at one hundred percent, placing the company in a complex legal and insurance gray area.

The end of deterministic software and the challenge of proof

In the world of classic software, an error is generally the consequence of a poorly written line of code or a missing integration test. Liability is then simple to establish because there is a fault, a causal link, and a resulting damage. With artificial intelligence, this logical chain breaks because the machine can make a damaging decision without any programming error being committed. The model simply followed its statistical logic on training data that contained a flaw or produced an erroneous but statistically probable response.

Traditional insurers struggle to understand this absence of direct fault. For them, the insurance that covers your liability if a client claims you made an error in your services (Professional Indemnity) is often based on the notion of negligence. However, how can one prove negligence when the system behaves exactly as it was designed, which is to say, stochastically? This inherent unpredictability makes standard contracts ineffective because they are not dimensioned to cover algorithmic outputs that no one, not even the creator, can anticipate with certainty.

Why classic insurance models fail when facing LLMs

Most insurance policies on the market were written for IT service companies or management software publishers. These contracts often contain hidden exclusions or definitions of professional error that do not fit the reality of an AI scale-up. Insurers view AI as a black box for which they do not know how to evaluate the frequency of a covered incident or its potential scale.

The main point of friction lies in hallucinations, those moments when a model generates entirely invented facts. If your solution advises a user on a dangerous medical procedure or a disastrous financial strategy based on a hallucination, a classic insurer might argue that this is not a covered technical error but an intrinsic defect of the product that you should have known about. Similarly, algorithmic biases, which can lead to accusations of discrimination, are often excluded from guarantees because they touch on areas of civil liability that insurers consider too risky or related to company policy rather than its technology.

AI insurance is not about guaranteeing the mathematical perfection of models, but about securing the financial consequences of their inherent imperfection.

Rethinking coverage: the real-risk approach

At Lesto, we work backward from the market. Instead of offering you a standard contract and hoping it applies to your case, we start by analyzing the specific risks related to your technological deployment. What is the worst thing that could happen if your model is wrong? Who suffers the loss? Is it physical damage, pure financial loss, or a hit to your reputation?

Once these risks are mapped, we build the appropriate coverage. This often involves contractually redefining what constitutes a covered incident. For a growing company, it is imperative that hallucinations are explicitly integrated into the scope of the insurance that covers service errors. We do not try to guarantee that the model will never make an error; we aim to ensure that if an error occurs and causes a financial loss to your client, the insurer will pay the compensation without debating the probabilistic nature of the software.

Protecting the personal assets of directors

Beyond technical performance, the unpredictability of AI poses a threat to the founders themselves. If a major algorithmic drift leads to a drop in company valuation or a class action by dissatisfied users, the personal liability of corporate officers can be triggered. This is where the insurance that protects your personal assets if a shareholder or employee holds you personally liable (Directors and Officers or D&O insurance) comes into play.

In the tech sector, investors during Series A or B funding rounds increasingly demand solid guarantees on these points. They know that the regulatory framework, such as the AI Act in Europe, will impose strict transparency and risk management obligations. If management has not put in place adequate protections to cover the consequences of a poorly controlled model, they may be accused of management misconduct. Well-calibrated coverage then becomes a reassurance argument for your financial partners.

Steps for a robust risk transfer strategy

To secure your growth trajectory, AI risk management must move beyond simple compliance to become a sales lever. A large corporate client will be much more inclined to sign an annual license agreement if they know your liability is backed by an insurance policy capable of covering the maximum amounts you might owe them in the event of a problem (the limit of liability).

The first step is to audit your client contracts to align liability limits with what your insurer actually agrees to cover. It is useless to promise a two-million-euro compensation if your insurance includes a portion you pay out of pocket (the deductible) that is too high or if it excludes non-consequential financial losses. Next, you should document your risk mitigation processes: how do you test your models? What human safeguards are in place? These operational elements are what allow you to convince risk carriers to support you for significant amounts.

As a fractional risk partner, we do more than just find an insurance policy. We intervene to translate your technical complexity into a language that the insurance market can understand, in order to build solutions where standard products stop. The goal is for your coverage not to be a forced expense line, but a solid foundation for your most aggressive commercial ambitions.

If you wish to evaluate the robustness of your current protection against the specific risks of your models, we can analyze your contracts together to identify areas of vulnerability.

Tags

  • #Artificial Intelligence
  • #Professional Indemnity
  • #Risk Management
  • #Scale-up
  • #Tech Insurance
Sami Zarzour

Sami Zarzour

Co-founder, Lesto

Sami is a co-founder of Lesto. He writes about insurance brokerage, business risk management, and the transformation of the industry.

LinkedIn →