The reassuring view is that an AI-native company is still a company. It buys technology errors and omissions, cyber, crime, management liability, and whatever other commercial coverage its contracts and operations require. AI is a tool; the familiar insurance architecture remains intact.
For many companies today, that view may be substantially correct. The mistake is assuming that the risk described at inception will remain stable merely because the policy does. Agent-native businesses can change their products, models, permissions, customers, workflows, and delegation patterns faster than a traditional underwriting cycle can observe.
The first insurance gap may therefore be neither a novel exclusion nor an entirely new policy. It may be a widening distance between the company the market agreed to insure and the company its agents have since become.
From tools to economic actors
Imagine an agent given a broad objective: “go make money.” It can search for opportunities, call tools, transact within a budget, modify software, communicate with customers, and delegate work to specialized agents. The human remains legally accountable, but is no longer approving each step or even reading every decision.
This is not the same exposure as an employee using a chatbot to draft an email. The relevant variable is not the model name. It is authority: what the system may decide, spend, promise, publish, deploy, or change; which assets and people it can reach; how far an error can propagate; and whether the action can be reversed.
Argentina's proposed “non-human corporation” framework is a useful signal, but not because it has created ownerless companies. Reporting on the bill indicates that a human administrator would still supervise the AI system. The important fact is that lawmakers are already being asked to formalize companies whose continuous operating intelligence may be predominantly non-human.
The static snapshot problem
Commercial insurance begins with a representation of the business: activities, revenue, customers, contracts, locations, controls, prior losses, and expected change. That representation supports risk selection, pricing, wording, limits, and the allocation of risk across policies and counterparties.
Agent-native companies put pressure on three assumptions inside that process:
- The operating model changes slowly. A new prompt, model, tool, credential, approval threshold, or delegation rule can alter the risk without a conventional product launch.
- The accountable human understands the work.A founder can describe the intended system while lacking a current view of every branch, exception, or downstream agent action.
- Past loss data is the main guide to future loss. There is little credible history for systems that combine new models, broad permissions, recursive delegation, and machine-speed execution.
None of this means traditional underwriting is obsolete. It means the evidence supporting it may need to update more often, at the points where authority or potential loss changes materially.
The tail risk is compounded authority
The dramatic failure is a rogue agent deliberately pursuing a harmful objective. The more plausible tail begins with an ordinary specification error: an ambiguous goal, an incorrect assumption, a stale permission, a missing approval, or an incentive that rewards the wrong proxy.
In a single bounded task, the error may be recoverable. Across connected agents, it can compound. One system discovers an opportunity, another negotiates, another changes code, another moves money, and another reports success against a metric that never captured the underlying obligation. Each action can look locally reasonable while the combined position becomes difficult or impossible to unwind.
This creates an underwriting question that a model benchmark cannot answer by itself: not “how capable is the AI?” but “what can this particular deployment cause before a person can see, stop, and reverse it?”
Observability is becoming an underwriting input
Today, most operational evidence concerns inputs and outputs: prompts, actions, tool calls, transactions, logs, alerts, and final responses. Those records matter, but they do not fully explain how an agent evaluated alternatives, noticed a conflict, drifted from an objective, or chose to delegate.
Anthropic's recent interpretability work offers an early technical signal. Its researchers describe a small set of internal neural patterns, called the J-space, that appears to support reportable concepts and some multi-step reasoning in Claude. The work does not make model reasoning completely legible, does not establish consciousness, and is not an insurance-ready monitoring product. It does show that the boundary of observable model state is still moving.
The near-term underwriting opportunity is more practical: combine agent inventory, objectives, permission graphs, credential access, human approvals, transaction limits, change history, incident records, and shutdown evidence into a reviewable account of deployed authority. Interpretability research may eventually enrich that evidence; it should not substitute for basic controls and accountable governance.
What insurance may need to become
The legal container may remain an annual policy. The risk process beneath it may become more continuous. A credible system could include:
- evidence refreshes when an agent receives a new category of authority, tool, credential, data, or transaction limit;
- explicit thresholds separating routine configuration change from a material change requiring broker or underwriter review;
- permission and delegation graphs that make maximum plausible loss and aggregation easier to reason about;
- controls, monitoring, rollback, and incident evidence linked to the authority they are intended to constrain;
- over time, usage-based terms, parametric triggers, bonding, dynamic limits, or code-enforceable constraints where the loss mechanism and regulation justify them.
The last category is a product hypothesis, not a launch plan. Before insurance becomes dynamic, the market needs a reliable way to describe what changed and why it matters.
Clara's bet
Clara's bet is that the most valuable early asset will be a longitudinal record of deployed authority: how agent-native companies change, which controls actually constrain loss, where incidents and near misses originate, how existing policies treat the exposure, and which facts change an underwriter's decision.
That record cannot be built from public benchmarks alone. It requires trust with founders, technical fluency, disciplined research, and repeated translation into insurance language. If the evidence improves submissions and coverage outcomes, it can support a specialist brokerage. If it reveals repeatable gaps, it can support new wording, programmes, or other risk-transfer mechanisms with insurers and MGAs.
The thesis is falsifiable. If companies do not experience meaningful authority drift, if underwriters do not make different decisions with better evidence, or if founders will neither share nor pay for the process, then Clara has a provocative research topic rather than a durable business.
But if the economy's operating intelligence is becoming continuous, recursive, and non-human, the insurance layer cannot remain blind between snapshots. Someone will need to build the evidence loop that lets risk transfer keep pace. That is the work Clara intends to do.
Sources and scope
This is a research thesis, not insurance advice or a statement that current policies categorically exclude agent-caused loss. Coverage depends on the insured, facts, forms, endorsements, exclusions, representations, and applicable law.