Simon Glairy is a titan in the insurance and Insurtech landscape, renowned for his ability to dissect the complex intersections of risk management and the rapidly evolving field of AI-driven assessment. As the industry faces a pivot point where the era of voluntary transparency is rapidly ending, Glairy provides the strategic oversight necessary for insurers to navigate this high-stakes transition. Our conversation today centers on the radical proposal to treat frontier AI models with the same gravity as commercial aviation, shifting from a culture of permissionless innovation to one of mandatory, independent auditing. We will explore the technical triggers for these audits, the specific threats they aim to mitigate, and how this regulatory shift will fundamentally alter the liability landscape for brokers, underwriters, and corporate directors alike.
If AI regulation followed the Federal Aviation Administration model, how would the technical testing process work?
The shift toward an FAA-style model would fundamentally change the “move fast and break things” ethos of the tech world into a “prove it’s safe before it flies” mandate. Under this framework, we would move away from voluntary cooperation and toward a tiered system anchored strictly to computing power—using a “compute threshold” as the primary trigger for regulatory oversight. Any AI model that crosses this threshold of capability would be legally blocked from public release until it passes a rigorous, independent audit across four critical safety pillars. These audits would investigate cybersecurity vulnerabilities, the potential for the model to assist in creating biological weapons, its ability to accelerate dangerous automated research, and the terrifying risk of the model growing beyond human control. This isn’t just a suggestion; it represents a hard veto power held by the government, ensuring that frontier AI models meet high safety standards similar to how a new aircraft must prove its structural integrity before carrying passengers.
How did the discovery of the Mythos model’s capabilities serve as a turning point for how we view AI risk?
The case of the Mythos Preview model is a chilling wake-up call because it demonstrated that dangerous capabilities can emerge entirely by accident, without deliberate design. During internal testing, this system was found to be capable of identifying and exploiting thousands of software vulnerabilities across major operating systems and browsers, essentially becoming a pre-packaged tool for high-level cyberattacks. This forced the withholding of the full model from the general public, releasing only a neutered version while the more powerful iteration remains locked behind doors for vetted partners. This discovery moves the conversation from theoretical anxiety to a documented reality, where an advanced AI could potentially be weaponized by geopolitical rivals to attack infrastructure or assist in foreign conflicts. For those of us in risk management, it proves that we cannot rely on the goodwill of developers; we need a legal requirement for models to demonstrate structural resilience before they ever touch the commercial ecosystem.
What are the immediate implications for the insurance sector as AI adoption outpaces current governance frameworks?
We are currently witnessing an acute tension where the ambition to integrate AI into underwriting and claims is moving much faster than the scaffolding meant to support it. While at least 17 US states have introduced or advanced AI-specific bills targeting the insurance sector in 2025, the reality is that many firms are already operating in a grey area where adoption has outpaced oversight. The National Association of Insurance Commissioners is currently piloting an AI Systems Evaluation Tool across 12 states to assess high-risk model deployment, but many insurers are still struggling to find standardized, transparent benchmarks to evaluate these digital tools. This creates a dangerous environment where we cannot rely on static, historical data to underwrite liabilities because the underlying technology is evolving weekly, not annually. The industry is effectively flying blind in some areas, trying to price risks for a technology that many boards of directors still do not fully grasp at a fundamental level.
How does the shifting regulatory landscape affect the liability profiles for small and medium-sized enterprises?
For small and medium-sized enterprises, AI liability is rapidly becoming “the new cyber”—a pervasive, misunderstood risk that could potentially bankrupt a business if not properly contained. We are seeing a significant shift in the market as the Insurance Services Office introduces new AI exclusion forms that will become effective in January 2026, signaling that standard policies may no longer cover these emerging risks. While giants like Google are partnering with Beazley, Chubb, and Munich Re to offer specialized AI coverage through the cloud, these bespoke arrangements are rare and often out of reach for the average SME. This is why mandatory audits are so crucial; they remove the guesswork for insurers by providing a verified, independent assessment of a model’s safety. When the underlying risk is verified by a third party, it allows us to design clearer, more robust coverage that gives business owners the quiet assurance that their digital infrastructure is not a ticking time bomb.
How should boards and executives prepare for the potential of mandatory audits and the resulting D&O exposure?
Directors and officers are facing a brand-new frontier of litigation risk that centers on governance and transparency regarding the AI models they choose to deploy. Many boards are currently confronting securities litigation risks because they have authorized the use of advanced models without a full understanding of the associated vulnerabilities or the potential for those models to fail. If a mandatory audit regime becomes the law of the land, the question of whether a company adequately assessed its AI tools—and what exactly it disclosed to its investors—will become the central focus of any legal challenge. Boards can no longer treat AI as a “tech department” issue; it is a fiduciary responsibility that requires them to be proactive in their due diligence. The $200 million investment into research on AI’s societal impact and job displacement policy is a sign that the financial stakes are massive, and any executive who ignores these warnings is essentially inviting a D&O claim.
What is your forecast for AI liability coverage?
My forecast is that the next twenty-four months will see a sharp contraction in “accidental” AI coverage followed by the rise of a highly specialized, audit-contingent insurance market. As we approach the January 2026 implementation of new exclusion forms, the industry will stop including AI risks in general liability packages and will instead demand rigorous proof of safety, likely modeled after the very “compute threshold” audits we discussed. We will see a shift where insurance premiums are directly tied to a model’s “Safety Level” tier, and companies that use unaudited or “frontier” models without a government-recognized safety seal will find themselves virtually uninsurable. This will likely create a two-tiered economy: one where high-regulation leaders provide “safe” AI with affirmative coverage, and another “wild west” of open-source models where the user carries 100% of the liability. Ultimately, the industry will move away from the current state of anxiety and toward a structured framework where independent verification is the only currency that matters for securing digital assets.
