TL;DR:

  • London-market cyber specialist Beazley and Australian insurer QBE are among the groups introducing sublimits that cap payouts on AI-related losses at around 10% of total policy limits.
  • QBE’s draft wording would limit payouts on “LLMjacking” — where criminals hack into corporate AI accounts to avoid paying usage fees — to around £188,000 ($250,000) on a cyber policy covering up to £3.8m ($5m) in total losses.
  • Marsh’s UK cyber head Kelly Butler and Covington attorney Gretchen Hoff Varner warn the new terms “could potentially restrict cover” for a widening range of emerging AI-related threats, not just LLMjacking.

The sublimit pattern is the latest move in a cautious insurance-market response to AI-generated corporate risk, and it comes as AIG has separately filed with US regulators to remove AI-related losses from corporate insurance policies entirely. For UK enterprises running production AI workloads, the coverage landscape is narrowing even as the threat surface widens.

What “LLMjacking” actually means for policyholders

LLMjacking — a term used by Sophos threat-intelligence director Rafe Pilling and now by underwriters — describes attackers gaining access to corporate AI accounts using stolen credentials, then running up large inference bills. In one case cited by Sophos, criminals used compromised credentials to run a farm of adult-themed chatbots, sticking the victim with the compute costs. The losses can reach tens or hundreds of thousands of dollars within days. UK finance leaders who have not yet added AI-account credential rotation and anomalous-usage alerting to security operations are now running up against coverage caps that assume they have.

The broader coverage-narrowing trend

Beazley’s head of cyber underwriting management Aidan Flynn told the FT the AI sublimit wording is still in development and has not yet been applied to in-force policies. That procedural caveat matters less than the direction of travel. Fitch Ratings noted recently that AI vulnerabilities “are likely to outnumber patches” over the short-to-medium term, and insurers are pricing for that. The evolution historically mirrors cyber insurance itself — excluded in early-2000s policies before being re-offered as a standalone line a decade later. Several London-market participants expect AI cover to follow the same trajectory and become a separate purchasable line.

Looking forward

UK firms renewing cyber cover in 2026 should expect policy schedules to itemise AI sublimits explicitly, not bury them in general exclusions. Brokers including Marsh are already seeing sublimit language introduced into existing policies. The practical ask is twofold: first, document AI usage volumes and credential-security controls as part of renewal submissions so the underwriter sees managed risk rather than open exposure; second, budget for separate AI-cover purchase from 2027, when Lloyd’s syndicates are expected to introduce dedicated AI liability products. Insurance is becoming the enforcement mechanism where regulation has not yet arrived.