Introduction: AI That Acts#
We’ve moved beyond chatbots. The AI systems emerging in 2025 don’t just answer questions, they take action. They browse the web, book flights, execute trades, send emails, modify code, and interact with other AI systems. They operate with varying degrees of human oversight, from constant supervision to complete autonomy.
This shift from “AI that advises” to “AI that acts” creates profound liability challenges. When an autonomous AI agent causes harm, who bears responsibility? The developer? The deployer? The user who set it in motion? The AI itself?
These questions aren’t philosophical exercises anymore, they’re live litigation issues.
What Makes an AI Agent “Autonomous”#
The Autonomy Spectrum#
AI autonomy exists on a spectrum:
Level 1: Tool AI - Responds to specific prompts, takes no independent action (traditional chatbots)
Level 2: Guided Agents - Can execute multi-step tasks but requires approval for each significant action
Level 3: Supervised Agents - Operates independently within defined parameters with periodic human check-ins
Level 4: Autonomous Agents - Makes decisions and takes actions with minimal human oversight
Level 5: Fully Autonomous - Self-directed goal pursuit with no human involvement
Most commercial AI agents today operate at Levels 2-3, but Level 4 systems are increasingly common in specific domains.
Current Agent Capabilities#
Today’s AI agents can:
- Browse and research: Navigate websites, extract information, compile reports
- Transact: Make purchases, book services, execute financial trades
- Communicate: Send emails, schedule meetings, negotiate with vendors
- Code and deploy: Write software, test it, and push to production
- Coordinate: Work with other AI agents to accomplish complex tasks
Each capability carries distinct liability implications.
The Legal Framework Challenge#
Agency Law Meets AI#
Traditional agency law provides a starting point but imperfect fit. Under agency principles:
- A principal is liable for the acts of their agent within the scope of authority
- Agents must have capacity to understand and consent to the relationship
- Authority can be actual (explicitly granted) or apparent (reasonably perceived by third parties)
AI systems complicate each element:
- Can an AI have “authority” without legal personhood?
- What constitutes the “scope” of an AI’s authority when its capabilities are uncertain?
- When third parties interact with AI agents, what authority can they reasonably assume?
Courts are beginning to address these questions, with our agentic AI liability resource tracking the emerging answers.
The Control Principle#
Liability law generally correlates with control. Those who control an activity bear responsibility for resulting harms. But AI agents disrupt this logic:
The Developer’s Control: Created the system’s capabilities and limitations but can’t control deployment or use
The Deployer’s Control: Configures and releases the agent but may not control its runtime decisions
The User’s Control: Initiates the agent but may not understand or monitor its actions
The AI’s “Control”: Makes decisions and takes actions but isn’t a legal person capable of bearing responsibility
This fragmented control creates liability gaps, situations where harm occurs but responsibility is unclear.
Liability Theories for Autonomous AI#
Respondeat Superior (Vicarious Liability)#
Under traditional vicarious liability, employers are responsible for employee acts within the scope of employment. By analogy:
- If an AI agent operates within its intended function, the deployer may be liable
- “Scope of authority” for AI agents may be defined by system prompts, guardrails, and documented capabilities
- Frolic and detour (acting outside scope) provides a potential defense
Key Question: Can an AI agent take actions “outside the scope of its authority” if it’s operating as designed, just with unexpected results?
Negligence#
Traditional negligence analysis asks whether the defendant:
- Owed a duty of care
- Breached that duty
- Caused harm
- That was foreseeable
For AI agents, each element presents challenges:
Duty: What duty does an agent deployer owe to third parties the agent interacts with?
Breach: What is the standard of care for deploying autonomous AI? Industry standards are still forming.
Causation: When an AI agent takes a chain of actions leading to harm, proving causation can be complex.
Foreseeability: Novel AI behaviors may be “unforeseeable” in specific terms but predictable in general categories.
Strict Liability#
Some scholars argue autonomous AI should trigger strict liability, liability without fault, because:
- AI systems are “abnormally dangerous” (like explosives or wild animals)
- The activity creates value for the deployer who should bear resulting risks
- Injured parties have no practical ability to protect themselves
Courts haven’t widely adopted this view yet, but it has traction in autonomous vehicle contexts and may expand.
Product Liability#
When AI agents are deployed as commercial products, product liability theories apply:
- Design defect: The agent’s design makes it unreasonably dangerous
- Manufacturing defect: Something went wrong in this specific instance
- Failure to warn: Inadequate disclosure of agent capabilities and risks
The challenge: AI agents that learn and evolve may have “defects” that didn’t exist at deployment.
High-Stakes Agent Applications#
Financial Trading Agents#
AI agents that execute trades create particular risks:
- Market manipulation (even unintentional)
- Fiduciary breaches when acting on behalf of investors
- Cascading failures when multiple AI agents interact
- Robo-adviser liability when recommendations go wrong
Regulators increasingly require human oversight of algorithmic trading, but the line between “human oversight” and rubber-stamping is fuzzy.
Customer Service Agents#
AI agents handling customer interactions can:
- Make unauthorized commitments binding on the company
- Engage in defamatory statements
- Discriminate against protected classes
- Violate consumer protection laws
Courts have found companies bound by AI chatbot promises, treating them as agents with apparent authority.
Healthcare Agents#
AI agents in healthcare settings, scheduling, pre-diagnosis triage, treatment recommendations, carry life-and-death stakes. The learned intermediary doctrine may not protect when AI acts without physician involvement.
Legal Research Agents#
AI agents conducting legal research can hallucinate citations, miss relevant authority, or apply superseded law. When lawyers rely on agent outputs without verification, malpractice exposure follows.
Risk Mitigation Strategies#
Define and Document Authority#
Clearly specify what the agent can and cannot do:
- Explicit capability documentation
- Hard limits on high-risk actions (financial transactions, external communications)
- Approval requirements for significant decisions
This documentation serves both operational and litigation purposes.
Implement Guardrails#
Technical controls should enforce authority limits:
- Action confirmation for sensitive operations
- Spending limits and transaction controls
- Communication review before external sending
- Audit logging of all agent actions
Maintain Meaningful Oversight#
Human oversight must be genuine, not theatrical:
- Understand what the agent is doing
- Have capability to intervene
- Actually review and course-correct
- Document oversight processes
Disclose Agent Status#
Third parties interacting with AI agents should know they’re dealing with AI:
- Clear bot identification
- Limitations on agent authority
- Escalation paths to humans
- These disclosures may limit apparent authority claims
Prepare for Agent Failures#
Have an incident response plan for agent malfunctions:
- Detection mechanisms for unusual behavior
- Kill switches and rollback capabilities
- Notification procedures for affected parties
- Documentation for regulatory and litigation purposes
Insurance Considerations#
AI insurance coverage is essential but evolving:
- Many policies exclude autonomous system actions
- Coverage may depend on human oversight levels
- Emerging AI-specific policies may provide better protection
- Review coverage with AI-literate insurance professionals
The Road Ahead#
Regulatory Developments#
Regulators worldwide are grappling with autonomous AI:
- The EU AI Act imposes specific requirements on autonomous systems
- US state laws increasingly address AI agents
- Sector-specific rules (financial services, healthcare) constrain agent autonomy
Emerging Best Practices#
Industry standards are forming around:
- Agent capability disclosure
- Human oversight requirements
- Testing and validation before deployment
- Ongoing monitoring and auditing
The Personhood Question#
Some jurisdictions are debating whether AI systems should have limited legal personhood, capable of holding assets, entering contracts, and bearing liability. This remains controversial but reflects real frustration with existing frameworks.
Conclusion: Autonomy Without Accountability?#
The deployment of autonomous AI agents represents a fundamental shift in how work gets done and how risks get created. Our legal system, built on assumptions about human decision-making and control, is adapting, but adaptation takes time.
In the meantime, those deploying AI agents should:
- Understand their agents’ capabilities and limitations
- Implement genuine controls and oversight
- Document everything
- Prepare for things to go wrong
- Ensure adequate insurance coverage
The agents are here. The law is catching up. Don’t get caught in the gap.
For more on autonomous systems across industries, see our guides on autonomous vehicles, agentic AI liability, and AI governance.