Many insurers and the businesses they cover are treating AI risk as a cyber problem in a new costume. The early litigation is quietly explaining why that is a category error, and the companies that understand the difference first will be the ones ahead when the market corrects.
You can feel the instinct in every boardroom conversation. AI looks like cyber. It chimes with cyber. The underwriting muscle memory reaches for cyber.
That muscle memory is about to become expensive.
Look at where the cases are actually landing. Not breaches. Not ransomware. Not exfiltration. The exposure is arising from an ordinary customer call, a chatbot interaction, a healthcare consultation, a meeting transcript, a default setting buried inside a vendor contract that someone clicked through eighteen months ago.
In Valencia v. Invoca, a California federal court declined to dismiss claims that an AI call-analytics vendor was effectively a third-party eavesdropper sitting silently on customer calls, transcribing, analysing sentiment and feeding the results back to the business that bought the tool. The conduct was not a hack, it was the product working exactly as it had been bought to work.
The thing that got thinking was noticing how often these cases turn on something the business did not consider a decision. A default left on, or a notice drafted three years before the feature existed, perhaps a vendor permission granted in a procurement form by someone who had no view of how the data would later be used. The pattern is not negligence in the traditional sense. It is the gap between what the organisation believed it was doing and what its systems were actually doing on its behalf. Once you see that gap, you stop looking for AI risk in the obvious places and start looking for it in the seams between people, processes and procurement.
That is the question worth holding in mind. Not whether a business uses AI. Nearly all of them do, or soon will. The question is where AI changes the legal character of the relationship between the business and the person affected by it.
Consider consent. For two decades, “this call may be recorded” has done quiet, reliable work. It is familiar. It is accepted. Most customers accept that bargain without thinking about it. GenAI breaks that sentence.
Was the call only recorded, or was it transcribed in real time by a third-party model? Was it analysed for sentiment? Was the transcript retained and used to improve a vendor’s underlying system? Was the customer’s voice, language, emotion or intent processed in a way that exceeded the ordinary expectation created by the notice?
The Invoca court adopted what is being called the “mere capability” approach to California’s Invasion of Privacy Act (CIPA). It is enough, at the pleading stage, that the vendor could be using the call content for its own purposes. The plaintiff does not have to prove the vendor actually did. That is a meaningful lowering of the bar, and it should be read carefully by anyone with a call estate that touches California residents.
In AI exposure, consent architecture is becoming as important as access control.
That does not mean every notice has to read like a legal essay. It means the words presented to customers, patients, employees and users have to actually match what the AI system is doing behind them. The problem is not what the business intended. The problem is what the system did.
Which brings us to vendors, and this is where the cyber comparison breaks down most visibly.
Most businesses are not building foundation models. They are buying tools, enabling features, integrating platforms, accepting default settings. The AI estate of a typical enterprise is less a designed architecture than an accumulation of procurement decisions made by different teams in different quarters under different commercial pressures.
In cyber, vendor risk is framed around dependency, aggregation, outage, security controls, breach pathways. Those issues still matter in AI. But AI vendor risk adds a dimension that cyber underwriting was never built to handle.
And so to legal characterisation. Was the vendor merely providing a tool to your business? Or was the vendor independently receiving, analysing, retaining, enriching or using the data that flowed through that tool? That distinction can change whether a notice was adequate, whether consent was meaningful, whether the business understood the risk it had assumed, and ultimately whether the claim sits in cyber, in technology errors and omissions, in privacy, in media, in professional liability, in regulatory defence, or in management liability. The claim simply arrives looking for a home.
The forum matters too. In Lisota v. Heartland Dental, an Illinois federal court dismissed a similar claim brought only under the federal Wiretap Act, applying an “ordinary course of business” exception to a call platform whose AI transcription and analysis were deemed central to its service. The federal statute has an escape hatch that CIPA does not. Filings will concentrate in jurisdictions whose state wiretap laws give plaintiffs a foothold the federal statute denies them.
We all need to know where AI changes the relationship. A customer-service chatbot is not the same as an internal drafting tool. A call-centre analytics platform is not the same as a marketing copy assistant. An ambient healthcare transcription tool is not the same as a back-office summarisation product. A model trained on public information is not the same as a model fine-tuned on customer content.
The pattern is already visible in the newer filings. Plaintiffs are challenging Google over Gemini smart features said to have been switched on by default across Gmail, chat and meet. They are challenging Figma over changes to its terms that opted customers into content training defaults. They are challenging healthcare providers over ambient AI tools that allegedly recorded clinical conversations and generated notes falsely stating that patients had consented. Different products and different sectors, but it’s the same structural concern.
The use case of AI tells you almost everything in this instance.
You also need evidence. It is no longer enough to say that a notice existed, that a vendor was not meant to train on customer data, that a tool was configured in a compliant way. Can you prove it? Can you show what the customer saw on the relevant date? Can you show which version of the vendor terms applied? Can you show whether model-training rights were switched on or off?
Regulators are moving over the same landscape. The vocabulary differs across the EU, the UK and the US, but the direction is consistent. Transparency, accountability, lawful data use, explainability, governance, oversight, evidence. None of this requires panic, just some precision.
The leaders who file AI under cyber may be discovering the gap only when a claim arrives that does not fit the policy they bought. The leaders who treat AI as a change in business conduct, relationships, governance and evidentiary discipline will ask better questions of their vendors, their lawyers, their brokers and their boards.
In underwriting, and in business, better questions are usually the first competitive advantage.
The harder question is still ahead. How much of this risk genuinely belongs inside the insurance classes that already exist, and how much of it requires something the market has not yet built.
And that is the conversation worth being early to.
Topics
InsurTech
Data Driven
Artificial Intelligence
Cyber
