Key Takeaways
- Cyber insurance policies are changing and insurers are reshaping cyber coverage around AI risk, with new caps and exclusions that often sit in the fine print rather than the headline limits.
- LLMjacking, where attackers hijack your AI services with stolen credentials, can run up tens of thousands of dollars a day and is a key reason carriers are cautious.
- Underwriters increasingly want proof of strong controls and monitoring. Businesses that can document their security posture stay insurable, often at better terms.
- Emerge customers who invest in OmniWATCH Pro are pre-approved for coverage by the insurance firm Converge, turning a strong security posture into a faster path to coverage.
If you carry cyber insurance, the policy you renew this year will probably not look like the one you signed last year. Carriers are rewriting the rules around artificial intelligence, and most of those changes are happening in the fine print rather than the headline coverage figures.
In April 2026, the Financial Times reported that some insurers have proposed new language to cap payouts on losses tied to AI use, as the industry moves quickly to limit its exposure to a technology it’s still learning how to price. The shift is broad, it’s happening fast, and it has real consequences for any organization that’s put AI tools into daily operation.
Here’s what is driving the change, what it means for your coverage, and the steps that can help keep you insurable.
Why Insurers are Pulling Back on AI
Insurance works when a carrier can estimate how often a loss will happen and how much it will cost. AI breaks that math. The technology is being adopted faster than anyone can build a track record of claims, and the loss patterns are still taking shape. When underwriters cannot price a risk with confidence, they do one of two things: they exclude it, or they cap it.
That’s exactly the pattern playing out now. In January 2026, the Insurance Services Office introduced three new exclusions for generative AI in commercial general liability policies, and several carriers adopted them within weeks. Some carriers have gone further, filing absolute AI exclusions across directors and officers, errors and omissions, and fiduciary lines.
Cyber insurance is following a familiar script. Industry analysts have noted that cyber coverage moved through the same stages a decade ago: quiet, unintended coverage first, then add-on endorsements, then strict control-based underwriting. AI is moving through that arc faster, because the playbook already exists. Where coverage is not excluded outright, carriers are raising premiums, increasing deductibles, and capping AI-related limits, treating AI as a specialty exposure rather than a standard one.
Meet the Threat that Has Insurers Especially Nervous
One AI-era threat shows up again and again in conversations about coverage, and it has a name that sounds almost playful for something so costly: LLMjacking. It describes attackers using stolen credentials to hijack a victim’s large language model service, then running their own AI workloads on someone else’s account. The legitimate account holder gets the bill.
The reason this worries carriers is the speed and size of the loss. A compromised credential does not sit quietly. Attackers can run high-cost AI models around the clock, and the charges can climb into the tens of thousands of dollars per day before anyone notices the spike. Researchers studying recent campaigns have documented victim costs that reached well into six figures within a matter of weeks, often traced back to an old API key that was never rotated.
For an insurer, that’s a difficult risk to underwrite. The loss is fast, the ceiling is unclear, and the entry point is frequently a basic hygiene failure rather than a sophisticated breach. So insurers are responding the way they always do with uncertainty: They are drawing tighter lines around what they’ll pay for.
What this Means for Your Business
If your organization uses AI tools, as most now do, here are three changes worth watching at your next renewal.
- New exclusions and caps. Policy language is shifting underneath you. A loss you assume is covered, such as fraud carried out with an AI-generated deepfake or a runaway bill from a hijacked model, may now sit outside your limits or face a separate sub-limit.
- Stricter underwriting. Carriers increasingly want proof that you understand and control your AI exposure. Expect questions about which AI tools you use, how credentials are managed, and what monitoring you have in place. Vague answers lead to higher premiums or declined coverage.
- Coverage as a moving target. Some in the industry expect insurers will eventually sell AI protection as its own line of coverage, separate from standard cyber policies. The market is still in motion, which means the gap between what you think you have and what you actually have can widen between one renewal and the next. It’s a buyer-beware market, for sure.
The encouraging part of this story is that carriers aren’t simply walking away. They’re rewarding organizations that can demonstrate strong governance and active monitoring. The businesses that document their controls — and prove they work — are the ones that stay insurable, and often at better terms.
How Emerge Can Help You Stay Ahead of the Curve
This is where preparation pays off. The organizations that come through this shift in good shape are the ones treating cybersecurity as an ongoing discipline rather than a box to check at renewal time.
Emerge built OmniWATCH Pro for exactly this moment. It delivers continuous monitoring, threat detection, and credential oversight that insurers now look for, including visibility into the types of credential misuse that enable LLM jacking. Just as important, it produces the documentation that turns a strong security posture into something an underwriter can actually verify.
That readiness carries a concrete benefit. Emerge customers who invest in OmniWATCH Pro are pre-approved for coverage by the insurance firm Converge. Instead of facing a longer, less certain underwriting process, you arrive at the table already qualified, with your controls recognized by the carrier from the start.
If you’d like to understand where your current coverage stands and how OmniWATCH Pro can strengthen both your security and your insurability, we’re ready to talk.
