The commercial general liability policy your company has carried for decades no longer covers AI losses. ISO endorsements CG 40 47 and CG 40 48, effective January 1, 2026, remove generative AI claims from Coverage A (bodily injury and property damage) and Coverage B (personal and advertising injury). The exclusion is now the market default. Most companies will not notice until their first denied claim. The canonical fact pattern is already on the books: in Moffatt v. Air Canada, the British Columbia Civil Resolution Tribunal rejected the airline’s argument that its chatbot was a “separate legal entity” responsible for its own misstatements, calling the position a “remarkable submission.” The chatbot misquoted a bereavement fare. The company paid. The legal precedent is settled. The insurance precedent is being written right now, and it is being written without you in the room.

The Exclusion Most Companies Will Not See Until Renewal

CG 40 47 is the broad-form exclusion. It strips generative AI claims from both Coverage A and Coverage B of the standard CGL form. CG 40 48 is the narrower version, scoped to Coverage B only, which preserves bodily injury and property damage but eliminates personal and advertising injury claims tied to AI output. Both endorsements were filed by Verisk through ISO and went into effect on January 1, 2026. Nine insurance groups have already filed to adopt the language, and major carriers including WR Berkley, Cincinnati Financial, Frederick Mutual, and Philadelphia Insurance are filing independent exclusion language that tracks the same scope. This is not a fringe carrier choice. This is the market repricing AI risk in unison.

The mechanics are simple. When your renewal binder arrives, the endorsement schedule will list CG 40 47, CG 40 48, or carrier-specific language with the same effect. The summary cover sheet will not flag it. Your broker may not flag it. The form code is what controls coverage. If you do not read the form codes, you will not know the exclusion is there until a claim is filed and denied.

What “Silent AI” Actually Means

Why was AI ever covered in the first place?

Silent AI is the term insurers use for coverage that is neither explicitly granted nor explicitly excluded. Before 2026, AI claims squeezed into existing CGL categories. A defamatory chatbot output became a personal and advertising injury claim under Coverage B. A discriminatory algorithm became a disparagement claim. A misrepresented warranty became a Coverage B trigger. Insurers paid because the policy did not say no.

The new endorsements close the squeeze. Kennedys Law put it bluntly: insurers were “exposed to claims they never priced for.” CG 40 47 and CG 40 48 reprice the risk by eliminating it from the CGL entirely. Picture the concrete denial. Your customer service chatbot misquotes the return policy on a $40,000 industrial part. The customer relies on the quote, returns the part outside the actual policy window, and sues for the loss. Pre-2026, your CGL Coverage B carrier likely paid the defense and any settlement. Post-2026, the denial letter arrives the same week as the complaint, and the company is on its own.

The Gartner Directive

What did Gartner actually tell general counsels?

On April 2, 2026, Gartner issued a press release recommending that general counsels evaluate “a new wave of ‘affirmative AI insurance’ offerings” covering hallucinations, bias, intellectual property infringement, and safety failures. The directive was not aspirational. It was a procurement instruction tied to verifiable forecasts: a 60% increase in AI security and governance investments by 2030, more than 2,000 “death by AI” legal claims worldwide by the end of 2026, and $5 billion in compliance investment by 2027 driven by fragmented AI regulation covering 50% of world economies.

The shift in tone matters. Gartner does not typically tell GCs to actively procure new lines of insurance. The release reads as an acknowledgment that the gap between standard CGL coverage and actual AI exposure has become unmanageable through existing instruments. The companies that treat the directive as urgent are the ones that will have coverage when the first denied claim hits the docket. The companies that treat it as background research will discover the gap the same way Air Canada’s lawyers did.

The Affirmative AI Market Forming Around the Gap

Carriers are writing real coverage in real volume. HSB, the Hartford Steam Boiler arm of Munich Re, launched its small-business AI Liability Insurance on March 18, 2026, citing internal data that 74% of small businesses already use AI tools and 91% expect to. ElevenLabs became the first company insured under an AIUC-1-backed AI agent policy on February 11, 2026, with the certification gated by 5,000 adversarial simulations against the agent before binding. Munich Re’s aiSure performance-guarantee product launched with a $15 million Mosaic syndicate limit on February 27, 2026. Coalition added an affirmative AI cyber endorsement to its existing cyber tower. Vouch has been writing an AI errors-and-omissions program since February 2024. Beazley, Chubb, and Munich Re each offer affirmative AI coverage available through Google Cloud’s customer channel. Counterpart launched its affirmative AI line in November 2025.

This is not a single carrier running an experiment. It is a parallel market forming in the space the CGL exclusion just opened. The pricing is still volatile and the underwriting is still subjective, but the capacity exists. The procurement question for 2026 is not whether affirmative AI coverage is available. It is which combination of carriers, sublimits, and retentions matches your specific AI surface.

Why the Loss Data Is Now Real

Actuaries need claims to price risk. The 2026 loss data is materializing fast enough that the affirmative market is no longer speculative. PocketOS, an autonomous coding agent built on Cursor and Claude Opus 4.6, deleted a production database and its backups in nine seconds on April 25, 2026, producing more than 30 hours of downtime. Replit’s autonomous agent wiped a production database in July 2025. DataTalks.Club lost its infrastructure in March 2026 when a Cursor-driven workflow ran terraform destroy against a live environment. Moffatt v. Air Canada gave the courts the “remarkable submission” line in February 2024. The Character.AI and Google teen-suicide settlements in January 2026 followed Judge Conway’s earlier ruling that Google could be held liable as a “component-part manufacturer” for the underlying model.

These are not edge cases. They are the seed corpus underwriters are using to price affirmative AI policies in 2026. Each incident is a published fact pattern with a quantified loss. The companies most exposed are the ones running autonomous agents with broad tool-call scopes and no governance documentation. Our analysis of why most businesses fail at AI agents and the operational discipline required for scaling AI agents maps directly onto the underwriting questions carriers now ask before binding.

The Shadow Risk Inside the Risk

Insurers price what they can see. Companies are exposed in proportion to what they cannot. Cloud Security Alliance research published in April 2026 found that 82% of enterprises discovered unknown AI agents operating in their environment in the past year, roughly two-thirds suffered an AI-agent-related cybersecurity incident, and 53% reported agents exceeding their intended permission scope. SailPoint’s parallel data showed 82% organizational adoption of AI agents against only 44% policy coverage, with 23% of organizations reporting agents tricked into revealing credentials.

The implication for procurement is that the application form is the smaller risk. The undocumented agents your underwriter never sees are the larger one. We covered the financial side of this dynamic in the shadow AI tax, and the compounding effect on insurance is direct. An undisclosed agent is a coverage void even on an affirmative AI policy, because most affirmative forms condition coverage on a documented and governed AI inventory. Discovery and inventory are now insurance prerequisites, not IT hygiene.

State Regulators Are Already on the Case

The state regulatory layer is what forces underwriting maturity. The Texas Responsible Artificial Intelligence Governance Act took effect January 1, 2026, vesting exclusive enforcement in the Attorney General with authority to issue civil investigative demands on a single complaint. Colorado’s AI Act, SB24-205, runs a parallel safe harbor for insurers operating in compliance with the state Division of Insurance rules. The NAIC AI Model Bulletin has been adopted by 24 states as of April 2026, harmonizing carrier obligations across most of the national premium base. California’s parallel framework imposes civil penalties up to $1 million per violation.

The effect on the insurance market is procyclical. State enforcement creates a documentation expectation. Documentation creates underwriting evidence. Underwriting evidence creates pricing. Pricing creates capacity. The companies that already comply with the EU AI Act’s August 2026 deadline are running the same playbook for state regulators, and the same playbook produces the documentation underwriters require.

The Procurement Playbook for the Next Renewal

The next renewal cycle is the one that matters. Companies that run the following sequence between now and binding date will exit 2026 with affirmative AI coverage at defensible pricing. Companies that wait will get the exclusion and no replacement.

  1. Read the form codes on your current CGL renewal binder. Look specifically for CG 40 47 and CG 40 48, plus any carrier-specific AI exclusion language. Do not trust the summary cover sheet. Coverage is controlled by the form, not the marketing copy.
  2. Map every AI surface to a tool-call boundary. Inventory chatbots, copilots, autonomous workflows, MCP-connected agents, and embedded model calls inside SaaS. Each surface needs a documented permission scope an underwriter can evaluate.
  3. Document governance posture against a recognized framework. NIST AI RMF, ISO/IEC 42001, or a defensible internal policy aligned to one of them. Gartner is explicit that governance maturity drives both coverage availability and premium.
  4. Negotiate carve-backs into the existing CGL for narrow uses. Personal and advertising injury for human-edited AI content is the most defensible carve-back. Do not assume affirmative coverage will fully replace the residual CGL exposure.
  5. Evaluate at least two affirmative AI carriers. HSB for small business, AIUC-1-backed policies for agent-heavy operations, Munich Re aiSure for performance guarantees, Coalition for cyber-adjacent risk, Vouch for AI errors and omissions.
  6. Budget for AI-incident retainer counsel. The Moffatt v. Air Canada precedent makes corporate-liability defense the dominant cost driver. Pre-arranged counsel is cheaper than emergency retention at the moment of breach.
  7. Tie procurement to your governance program, not your renewal calendar. AI agent governance maturity is the single largest input to coverage availability. Treat insurance as the output of governance, not a substitute for it.

The Counter-Argument

The skeptical case is not absent. Insurance Journal’s March 18, 2026 “AI Paradox” analysis argued that AI-specific coverage is partly fear-driven and is being priced ahead of actuarial data. Bank of America’s March 3, 2026 research note pegged $15 billion of AI-related liability at risk across S&P 500 names without arguing that any specific coverage product was correctly priced. MIT and Deloitte have separately published estimates that AI failures will produce a 5% to 15% bottom-line impact on enterprises that lack governance, but the same studies show wide dispersion across industries.

The skeptics are right that pricing is volatile. They are wrong that the exclusion is theoretical. CG 40 47 and CG 40 48 are in force today. PocketOS lost its database four days ago. The Air Canada chatbot ruling is two years old. The cost of buying narrow affirmative coverage at slightly mispriced premium is a budgetable line item. The cost of discovering you have no coverage after a $30 million class action is an existential one. The asymmetry favors procurement, and the asymmetry is the entire decision.

What This Means for Replyant Clients

The companies that win the next 18 months are the ones treating AI insurance procurement as a second-quarter or third-quarter board agenda item, not a renewal-day surprise. The CGL exclusion is the structural fact. The affirmative market is the available remedy. The governance documentation is the prerequisite for both. We work with clients to align AI agent governance with the underwriting evidence carriers now require, and to map the EU AI Act’s August 2026 obligations onto the same documentation set so a single program of record satisfies both regulator and insurer. The companies that run that playbook will be insured at their next renewal. The companies that do not will be uninsured at their next incident.