Artificial intelligence is rapidly moving from experimentation to real-world deployment across the insurance sector, but it is also introducing new and complex risks that traditional models are not designed to assess. In this piece, Nik Kairinos, CEO & Co-founder of RAIDS AI, explores how insurers can begin to quantify and underwrite AI risk in an environment where historical data no longer provides the answers.
How do you ensure something you can’t inspect, predict, or historically model? That’s the question facing every insurer as AI moves from pilot programs into production. It has to create a mechanism to protect clients when AI goes wrong, but without any of its usual tools to do so.
Consider a simple car insurance claim; often it is fairly easy to establish fault, and the appropriate insurer pays the necessary costs. But how can you offer insurance models when there is no historical data on how AI might behave or the consequences it might cause?
These are huge questions, but they are ones that the insurance industry must answer, as the age of AI is already upon us. All of this also falls within the context of the regulatory landscape, with the EU AI Act already in force.
Opportunity…
Deloitte projects that the AI liability insurance sector will reach $4.87 billion by 2032. This emerging market provides cover for enterprise exposure to AI failures, regulatory violations, and operational disruptions.
Some insurers are already capitalising. Munich Re’s aiSure is one of the most established AI performance insurance products in the market and serves as a key provider of reinsurance capacity. Additionally, Lloyd ‘s-backed Armilla Insurance launched in April 2025, covering AI hallucinations and model failures.
But all of these models have the same limitations. Current policy limits of $1-5 million prove inadequate when single incidents generate losses exceeding $1 billion.
While not specifically attributed to AI, the CrowdStrike incident in July 2024 affected 8.5 million systems globally and generated insured losses estimated in the low- to mid-single-digit billions of dollars. Caused by a faulty configuration update to sensor software, it demonstrated how risk can cascade across entire industries. Additionally, UnitedHealth faces lawsuits over AI-driven claims denials and Air Canada was held liable for its chatbot providing false information.
These examples show that businesses need to be insured in case they need to pay substantial damages when AI goes wrong.
As a result, the gap between demand and available coverage clearly represents a significant opportunity, but for any insurer to capitalize, they need to overcome the risk assessment challenge.
…and challenge
Traditionally, insurers rely on historical data, predictable failure patterns, and the ability to inspect and validate the insured asset to understand the level of risk and, therefore, the level of coverage required. But AI systems break all three assumptions. No meaningful historical loss database exists, failures are unpredictable, and models operate as black boxes, with proprietary architectures and training data that cannot be inspected or assessed.
So, while enterprises need substantially higher limits, insurers cannot justify offering them without confidence in their risk assessment. This constraint creates a market failure with businesses facing exposure far exceeding available coverage. Insurers recognize demand but cannot price higher limits accurately, reinsurers hesitate to provide capacity without better risk intelligence, and the market remains nascent despite explosive enterprise AI adoption.
The regulatory time pressure
All of this sits against a backdrop of regulatory deadlines that are getting ever closer. Under the EU AI Act, many insurance-related AI systems used for creditworthiness and access to essential services are treated as high-risk, with full obligations (including conformity assessment and post-market monitoring) applying by December 2027. In addition, around two dozen US jurisdictions mandate that AI governance frameworks align with NAIC guidance, which explicitly prohibits insurers from relying solely on vendor claims.
So, it is not simply the pressure of capitalising on an emerging market, or the risk of missing out. Much more importantly, failure to solve the AI monitoring problem will leave insurers themselves exposed to compliance sanctions as well.
Continuous monitoring
Solving the policy limit problem requires solving the underlying risk assessment challenge. Insurers need continuous visibility into AI system behaviour in production, not just pre-deployment audits that quickly become obsolete as models drift and evolve. In short, since traditional assessment methods don’t apply, a new process needs to be established. And this process must be rooted in constant, real-time monitoring.
It is the continuous nature of this monitoring that is key. Round-the-clock monitoring means that insurers have real-time risk visibility and can establish statistical baselines for normal operations, enabling them to detect deviations.
What’s more, insurers can also be safe in the knowledge that they’re satisfying compliance obligations, including EU AI Act Article 17 (independent post-market monitoring), prEN 18286 Clause 8.6.4 (continuous behavioural surveillance), and ISO 42001 Controls A.7.3-A.7.4 (ongoing AI system monitoring).
A new model
There are a number of ways that continuous AI monitoring could be integrated into insurance policies.
One is a bundling opportunity whereby enterprises can purchase monitoring to achieve compliance, then access better insurance terms based on demonstrated risk management. For insurers, regulatory alignment reduces underwriting risk. By requiring AI monitoring as a policy condition or incentivising adoption through premium discounts, insurers satisfy regulatory mandates while improving their risk position.
Another option is that insurers offer substantial premium discounts for enterprises deploying AI monitoring that they purchase themselves.
For reinsurers backing AI liability policies, portfolio-level risk intelligence is needed that individual carrier data cannot provide. AI monitoring platforms can license anonymised, aggregated monitoring data to reinsurers for pricing models, capacity decisions, and portfolio risk assessment.
The insurance sector’s ability to underwrite AI risk will be determined by whether it embraces continuous monitoring as a core underwriting input, rather than an optional add-on. Firms that build this capability now will define the market; those that wait will find themselves unable to price the high risks their clients need covered most.
Nik Kairinos is the CEO & Co-founder of RAIDS AI
