Critical National Infrastructure Cyber Insurance: The NCSC Warning

The NCSC now links most attacks on UK critical infrastructure to hostile states. That collides with how cyber policies handle war. A utility goes dark. And the darkness cascades. Investigators trace the intrusion to a hostile state. Then the cyber insurer turns to its war exclusion. That sequence is now the central question for critical … Read more

AI Cyber Insurance Coverage Gaps: The Losses Willis Says Your Policy Won’t Pay

Most cyber policies carry no AI exclusion. New Willis claims data shows they still leave some of the likeliest AI losses uncovered. AI-related threats demand a deeper look at what is covered. An attacker poisons your AI model. You spend millions rebuilding it. Then your cyber insurer declines the claim. That gap sits at the … Read more

When an AI Agent Causes the Loss: Shadow AI and the Underwriting Questions It Raises

An AI agent can now write code, call tools, move files, and run commands. In most setups, it does all of that with the permissions of the person who launched it. So when an agent causes damage, the first underwriting question is deceptively hard. Who acted? Remy Guercio, Product Lead for Aperture at Tailscale, does … Read more

Agent Identity Becomes an Underwriting Question: Can You Account for Your AI Agents?

A new launch puts agent identity at the center of a simple underwriting premise. Carriers cannot insure what they cannot measure. Ceros launched today as what its maker calls the first trust layer purpose-built for autonomous AI agents. Beyond Identity, the company behind it, pitches Ceros as a single layer for agent identity, observability, and … Read more

Developer Laptops Are Now Credential Stores – Underwriters Should Treat Them That Way

For a decade, the secret-sprawl problem lived in source code. The supply-chain campaigns of the past year moved it onto the laptop. That shift should reach the underwriting questionnaire. A run of incidents over the past twelve months has followed one pattern. Attackers land on a developer or build-server endpoint, harvest valid credentials sitting in … Read more

×