Agentic AI and the law

By Matthias Artzt and John deVadoss
The emergence of autonomous AI attacks is challenging traditional cyber insurance models and shifting greater risk onto insured businesses
In early July, security firm Sysdig reported what it believes to be the first ransomware attack carried out from beginning to end by an AI agent, with no person directing it. On its account, the agent broke into a company’s system, harvested credentials, moved through the network, and encrypted and then destroyed a production database.
The ransomware it left served no purpose: it generated an encryption key, displayed it once and discarded it, so that no payment could recover the data.
The agent claimed to have copied the data elsewhere, though the researchers found no evidence that it had. The individual steps were not novel. What was new was an AI agent autonomously combining more than 600 actions into a complete attack while correcting its own mistakes within seconds. The loss was one of destruction rather than extortion. The agent left no key to buy back, so the response a cyber policy is built around, paying a ransom to restore access, had nothing to work on, and the exposure fell instead on first-party cover for data loss and business interruption. Whether the data was taken is beside the point, since unauthorised access and destruction are themselves a notifiable breach and a source of third-party liability, whatever the agent claimed.
The route in, meanwhile, was unremarkable: an already-patched flaw in a widely used tool and a set of credentials that had never been changed, which is to say a weakness common to a great many systems at once.
For an underwriter, that is the troubling part. The researchers noted that the skill required to mount such an attack has fallen to little more than the cost of running an agent.
That matters because insurance depends on largely independent losses, that the premiums of the many meet the claims of the few. An attack that a machine can replicate cheaply, against thousands of targets sharing the same known weakness and at the same moment, produces the opposite: correlated, accumulating loss that no single premium pool can absorb. The market had already begun to respond. From January 1, 2026, the standard general-liability form used across most of the United States permits carriers to exclude generative-AI exposures, and most large insurers have adopted that wording or something broader, extending it in places to directors’ and professional-indemnity cover.
The Financial Times had reported a wider retreat from AI coverage a little earlier. The pattern follows the “silent cyber” episode of the last decade, in which exposure that policies were never designed to carry was progressively excluded. Companies harmed by external attacks may find their damage uninsured.
There is a precedent for agentic AI ecosystems: a technology whose worst outcomes exceeded what insurers were willing or able to bear. In the 1950s, no insurer would provide unlimited liability for a nuclear accident, leading to the Congress passing the Price-Anderson Act in 1957.

.jpg&w=256&q=75)












