Artificial intelligence has moved into business faster than many companies can properly assess. Teams are using it to write copy, summarize documents, assist customers, generate reports, process information, and speed up work that once took hours or days. For business owners, that efficiency is hard to ignore, but Dustin Carlson believes the risk side of the equation is not being discussed nearly enough.

Carlson, President of SRA 831(b) Admin, sees AI risk as similar to the early days of cyber risk. When the internet became central to business, companies quickly embraced the opportunity but often underestimated the liabilities that came with phishing, hacking, data breaches, and system failures. Insurance carriers eventually responded by separating cyber risk from general liability policies, leaving many businesses to discover too late that they were not covered in the way they assumed.

AI may be following a similar path.

Generative AI introduces a range of potential problems for companies. A chatbot could give customers inaccurate information, agree to terms the company never intended, or create brand damage through an off-script response. Employees could use AI tools to create marketing content that unintentionally infringes on another company’s intellectual property. Staff could also paste internal processes, trade secrets, client information, or proprietary documents into third-party systems without understanding where that data might go.

The challenge is that many of these risks are still new. Insurance companies do not yet have decades of claims history to price them confidently, which means their instinct is often to limit exposure. Carlson notes that insurers have already begun adding exclusions tied to AI liability, and that business owners may not notice those changes until renewal or, worse, until a claim is denied.

That is the dangerous part.

Most business owners are not reading every line of their policy forms. A healthcare clinic, manufacturer, professional services firm, or consumer brand may be busy running day-to-day operations and assume its general liability, professional liability, or cyber coverage will respond if AI contributes to a loss. That assumption can be expensive if the policy now excludes losses connected to generative AI.

The problem is not limited to AI either.

Carlson points to a broader insurance environment where carriers are becoming more cautious. Liability claims, large settlements, jury awards, cyber exposure, supply chain disruption, natural disasters, and emerging technology risks have all contributed to a market where insurers are more likely to add exclusions, sublimits, and narrower terms. The policy may get longer, but that does not always mean the coverage is getting stronger.

For companies, the practical takeaway is straightforward: renewal deserves more attention.

Business owners should review policies carefully, ask what exclusions have been added, and understand whether AI-related losses are covered, limited, or excluded. They should also look at sublimits, especially in areas such as cyber, where a policy may appear to offer a large coverage amount while quietly capping specific types of claims at a much lower level.

Carlson’s work at SRA 831(b) Admin focuses on one possible response to these gaps. The company helps businesses use section 831(b) of the tax code to create a structure for setting aside funds to cover risks that traditional insurance may exclude or underinsure. He compares the concept to a 401(k) or HSA for a business, where tax treatment can help companies build reserves for future events.

The idea is not new. Section 831(b) was created in response to insurance availability problems in the 1980s, when certain businesses and public entities struggled to secure liability coverage. Today, Carlson sees a similar need for a pressure valve as businesses face risks that traditional insurers may not want to carry.

AI liability is one example, but the same concept can apply to other exposures such as cyber risk, supply chain interruption, and business disruption tied to events that fall outside standard policies. The goal is not to replace all traditional insurance, but to help companies become more self-reliant where coverage gaps exist.

That message has become more relevant since the pandemic.

During COVID-19, many businesses discovered that their insurance policies did not respond the way they expected. Government relief eventually helped some companies survive, but Carlson warns that business owners should not assume the same kind of intervention will happen every time a major disruption occurs. Building reserves and understanding coverage gaps can give companies more options before they are forced into crisis mode.

AI makes that planning more urgent because adoption is already widespread.

Even businesses that do not think of themselves as AI companies may have employees using AI tools. That means the risk may already be inside the organization, whether leadership has formally approved it or not. Companies should be asking who is allowed to use AI, what information can be entered into these systems, how outputs are reviewed, and whether their insurance policies account for the liability that could follow.

Carlson’s larger point is not that businesses should avoid AI. It is that they should treat it like any other major operational risk. The opportunity may be enormous, but the protection needs to evolve alongside it.

For companies moving quickly into AI, the worst time to learn about an exclusion is after the damage has been done.

Want more Innovation Saves Lives? Check out the articles or head over to Apple Podcasts.