In January 2026, a prominent legal malpractice insurer quietly updated its policy exclusions to include "losses arising from the use of artificial intelligence tools not approved through the insured's documented technology governance process." No press release. No industry alert. Just a clause change that potentially voids coverage for any AI-related malpractice claim at firms without formal AI governance.

This isn't one carrier being aggressive. At least four major legal malpractice insurers have added AI-specific language to their policies since mid-2025. The insurance industry saw the Mata v. Avianca sanctions, the Morgan v. V2X framework, and the wave of bar guidance, and they did what insurers always do: they adjusted the risk model.

Most managing partners haven't read their updated policy language. They should.

Traditional legal malpractice insurance covers errors and omissions in the delivery of legal services. AI-assisted work product falls squarely within that scope. The question isn't whether AI errors are covered in principle. It's whether your specific policy excludes them in practice.

Three types of policy changes are emerging. New exclusions that carve out losses from unapproved or ungoverned AI tool usage. New conditions that require firms to maintain documented AI governance policies as a condition of coverage. And new disclosure requirements on renewal applications asking firms to describe their AI usage, governance, and training programs.

The disclosure requirements are the most immediate pressure point. Firms that answer "no" to questions about AI governance policies, approved tool lists, and training programs face higher premiums or coverage restrictions. Firms that answer dishonestly face policy rescission if a claim reveals the truth.

Cyber liability policies are changing in parallel. Most cyber policies already exclude losses from employee use of unauthorized software. AI tools fall into that bucket. If a data breach originates from an attorney using an unapproved AI tool, your cyber policy won't cover the notification costs, forensic analysis, or regulatory fines.

The Coverage Gaps You Need to Close

Gap 1: Hallucination liability. If an attorney submits AI-generated research containing fabricated citations and the client suffers harm, does your malpractice policy cover the resulting claim? Most policies written before 2025 don't address this scenario explicitly. Some insurers are arguing that reliance on unverified AI output constitutes gross negligence, which many policies exclude.

Gap 2: Data exposure through AI tools. A client's confidential data enters an AI tool and is exposed. Is this a malpractice claim (covered by your E&O policy) or a data breach (covered by your cyber policy)? The answer depends on the specifics, but the gap between policies is where coverage disappears. Many firms have neither policy clearly covering AI-related data exposure.

Gap 3: Third-party AI vendor failures. Your firm uses an approved enterprise AI tool. The vendor suffers a breach that exposes your client data. Your vendor contract should include indemnification, but vendor indemnification caps are typically $1-5 million. A major data exposure at a firm handling high-value corporate or litigation matters can exceed that easily.

Gap 4: Regulatory defense costs. If a bar association opens a disciplinary investigation into your firm's AI practices, defense costs can run $50,000-$200,000. Not all malpractice policies cover disciplinary defense. Check yours.

What Insurers Want to See

Carriers are developing AI-specific underwriting criteria. Based on renewal questionnaires from major legal malpractice insurers in early 2026, here's what they're evaluating.

Documented AI governance policy. Not a one-paragraph statement. A real policy covering approved tools, prohibited uses, data classification, verification requirements, and enforcement mechanisms. Firms with documented policies are getting standard rates. Firms without them are seeing 15-25% premium increases.

Approved AI tool list. Insurers want to know which AI tools the firm has vetted and approved for client work. They're looking for enterprise-tier tools with data protection agreements, not consumer chatbots.

Training and compliance records. Did the firm train its attorneys on AI governance? Can it prove it? Documented training records reduce the insurer's risk that an untrained attorney will cause a covered loss.

Incident response plan. Insurers are giving preferred rates to firms with AI incident response plans that cover data exposure, output errors, and compliance violations.

Supervisory structure. Who's responsible for AI governance at the firm? Insurers want to see a named individual (general counsel, CTO, or a designated AI governance lead) with clear authority.

What This Means for Your Firm

Pull your malpractice and cyber policies today. Read the exclusions, conditions, and definitions. Look for language about "technology tools," "artificial intelligence," "automated systems," or "software not approved through documented governance." If you find AI-specific exclusions, talk to your broker immediately.

Before your next renewal, get your AI governance documentation in order. The approved tool list, the acceptable use policy, the training records, and the incident response plan aren't just good practice. They're underwriting requirements that directly affect your premium and coverage scope.

Consider an AI-specific rider or endorsement. Some carriers now offer AI liability endorsements that explicitly cover AI-related malpractice claims, data exposure incidents, and regulatory defense costs. The additional premium runs $5,000-$20,000 annually for midsize firms, depending on practice areas and AI usage volume.

Coordinate your malpractice and cyber policies to eliminate the gap between them. Work with your broker to ensure that AI-related data exposure is clearly covered by at least one policy, regardless of whether it's characterized as malpractice or a data breach.

Document everything. When a claim hits, your insurer will ask for your governance policy, your approved tool list, your training records, and your incident response log. The time to build that documentation is now.

The Bottom Line: Your malpractice policy was written before AI changed the risk landscape. If you haven't read the updated exclusions and gotten your AI governance documentation in order, you're potentially uninsured for the fastest-growing category of legal malpractice claims.

AI-Assisted Research. This piece was researched and written with AI assistance, reviewed and edited by Manu Ayala. For deeper takes and the perspective behind the research, follow me on LinkedIn or email me directly.