The agent insurance gap: $280B uninsured

Cyber insurers will not underwrite what they cannot audit. Today we estimate $280B of expected-loss-from-AI-agent-actions across the Fortune 500 sits outside any insurance contract — because the policies cannot price what the audit logs cannot describe. The audit-trail prerequisite is becoming the gating issue.

Where the number comes from

Aggregated from three sources. Lloyd's of London cyber-AI exposure model, scaled to the Fortune 500 footprint. Marsh-McLennan AI risk advisory desk, anonymous data shared under partnership. Manav's own Cost of Unverified AI calculator, applied to a representative sample. The three converge within a 12% range; we report the median.

Why insurers refuse

Three reasons, all rational. Loss correlation. A flaw in a widely deployed model produces simultaneous claims across a book; insurers cannot diversify the same way they can with property risk. Causation. Without an audit trail naming the human in the loop, attribution between operator negligence, model error, and adversarial misuse is impossible to determine. Aggregation. A single misconfigured agent acting at 3am can produce thousands of small claims faster than the reinsurer's notice provisions tolerate.

What unlocks coverage

Underwriters in private conversations with us are converging on three minimum-evidence requirements. (1) Every agent action signed to a human delegation. (2) Every action logged in a tamper-evident audit, exportable to the carrier on demand. (3) A revocation channel under 200 ms, with quarterly drills. Companies that meet all three are quoted; companies that meet two get partial coverage with a high deductible; companies that meet one or fewer get declined.

The policy product converging

"Agent E&O" — agent errors and omissions — is the policy product the carriers are building. It looks like professional-liability coverage with an explicit agent-action exclusion that flips to inclusion when the policyholder demonstrates audit-trail compliance. Expect to bring the first Fortune-500-priced quotes; expect to bring the first claims litigated under it.

What this means for buying decisions

If your firm is shopping cyber insurance today, the carriers are quietly grading your audit infrastructure as part of underwriting. A Manav-instrumented stack reduces premium estimates by 8–14% in the cases we've seen. A stack with no agent-identity layer is increasingly being declined for the agent-action rider, even when the rest of the policy proceeds.

Reinsurance dynamics

Reinsurers (Munich Re, Swiss Re, Hannover Re) are even tighter than primary carriers. They are quietly capping primary-carrier capacity for AI-agent exposure pending what they call a "minimum demonstrable controls regime." That regime is where Manav-style infrastructure stops being a buyer's choice and starts being a market prerequisite.

Common objections

Two methodological objections we take seriously. Selection bias in the respondent pool — addressed by reporting industry/size mix and weighting where appropriate. Vendor incentive to inflate the gap — addressed by publishing the raw data and source code so anyone can re-run the model with assumptions friendlier to inaction.

Frequently asked questions

How is the methodology auditable? The data, the analysis, and the code are published. Every chart can be reproduced from source. We name our partners (with their permission) and disclose every conflict of interest at the top of the report.

What are the confidence intervals on the headline numbers? Reported per metric in the gated PDF. The 4.6× year-over-year delta on hiring fraud, for instance, has a 95% CI of 3.8× to 5.4×; the median time-to-detection has a CI of 9.2 to 13.1 months.

Why publish numbers your competitors will use? Because the category needs them. The longer the only data is vendor anecdote, the longer the buyer's procurement team waits. We benefit when the category is sized; sizing requires shared numbers.

Where to start

The dataset opens at agent identity insurance. The control set — which infrastructure changes the curve — is at audit trail design. Re-fit the model with your own assumptions; we publish the source.

What underwriters started asking last quarter

The first cohort of cyber-liability underwriters covering agent-driven workloads has begun adding three questions to their renewal questionnaires. First: do you have a signed delegation chain naming a human authorized for each consequential agent action. Second: are agent magnitudes capped at the substrate level rather than the policy level. Third: is the audit trail accessible to forensic investigators without vendor cooperation. Renewals from organizations that answer no on any of the three are returning with double-digit-percentage premium increases. Renewals that answer yes on all three are pricing flat or down. The underwriters are not yet rejecting policies on the questions; they are pricing them. The pricing differential will widen as loss data accumulates. The insurance market is therefore the second pressure source, after regulators, that is converging on the same artifacts. We expect the questionnaires to harden into formal underwriting requirements within several years, at which point organizations without the substrate are uninsurable at sustainable rates.

Insurers price what they can audit. Until the audit trail names the human, the agent is the uninsured layer of your enterprise.