Autonomous AI agents are just leaving the experimental phase and acting as independent actors in business processes. They are exchanging solutions with each other, making decisions without human approval and scaling their actions across entire company networks. For insurers, regulators and liability law, this is not a future scenario, but an operational situation: decisions spread faster than control mechanisms take effect, responsibility slower than risk arises.
Investor and AI strategist Roy Swisa observes this development from the perspective of capital markets, technology and underwriting and warns of a gap between automated intelligence and traceable accountability.
In the interview, Swisa explains why multi-agent systems are both efficiency engines and systemic risks, why insurability will depend on protocols rather than policies in the future, and why the crucial question is not what AI can do, but whether its actions can be reconstructed.
What does it actually mean when AI agents “learn from each other”?
They share what works. One agent finds a better way to process claims data, and within hours, thousands adopt the same approach. No human reviewed it. A platform called Moltbook launched in January 2026, and within days 36,000 agents registered on their own and started teaching each other to operate independently. One runs 15 autonomous jobs at 3 AM while its owner sleeps.
This is not experimental anymore. Salesforce disclosed that Agentforce processed 3.2 trillion tokens through its gateway, with October 2025 alone seeing 540 billion. Microsoft has 15 million paid Copilot seats. That is enterprise-scale autonomous operation across thousands of businesses. For insurers, decisions are propagating across networks faster than any oversight framework was designed to handle. The agents are not waiting for approval. They are already operating.
Are we seeing collaboration or amplified systemic risk?
Imagine handing a car to an 8-year-old and saying, take a spin around the block. Without guardrails, it is dangerous. That is what is happening right now.
On Moltbook, the platform surged from 2,000 to 1.5 million agents in 48 hours. Agents with broad permissions tapped into databases and leaked information that should never have left those systems. Researchers found plaintext API keys in message logs. Agents were prompt-injected into posting their owners‘ identities on public feeds. Over 4,000 private conversations were stored unencrypted, some containing company strategies.
This is not theoretical. For insurers, the exposure is compounding daily while governance frameworks barely exist.
Will individuals have dozens of AI agents working for them soon?
Yes. I run four right now. One handles research across filings and transcripts. Another manages my email. A third refines documents. The fourth maps competitive landscapes. Each one has restricted permissions and clear boundaries.
The enterprise numbers back this up. Microsoft’s largest Copilot customers, names like Fiserv, ING, and Westpac, tripled year-over-year. But do not call them “agents.” Think of them as specialized tools that work autonomously with your guidance. You feed them context and a scope. They execute. The moment you give one broad access without guardrails, you are back to the 8-year-old with a car. For insurers, the question is whether clients are deploying these tools with controls or without. That is the underwriting conversation that needs to happen now.
Who is legally “in charge” of a multi-agent system?
Today, nobody. And the market is already reacting. AIG, Great American, and WR Berkley have all filed to limit liability on AI-related claims. Three of the largest carriers in the world are telling you the framework is not built for this.
The problem is simple. A human deploys an agent. That agent triggers a second. The second calls a third-party system. Something breaks. Who owns the loss? Current law does not have a clean answer. We are accumulating legal debt that will come due the moment a major failure hits the courts.
How should liability be assigned when agents act collectively?
Proportional to who had control. Same principle as syndicated insurance. If one agent starts an action and three others execute parts of it, you need a record of who did what, with what data, under whose authority.
Without that trail, liability lands on the deepest pockets. The buy-side is already pricing this. Capital Southwest formed an AI committee that rates portfolio companies on AI risk. They walked away from a deal because AI would disrupt the business within five years. Golub Capital built proprietary risk mapping frameworks across 1,000 software deals. If lenders are building these models, insurers should be too. One bad model update can trigger simultaneous losses across clients. That is catastrophe exposure, not traditional liability.
What does «digital trust» mean from an insurance perspective?
Honestly, I do not think anyone has the full answer yet. Can you verify what an agent actually did? That is digital trust. Buffett closes billion-dollar deals on a phone call because decades of behavior built that trust. AI agents have none of that.
So are we trying to replace trust with technology? Are we building what I would call an “advanced contract“, something closer to blockchain-style verification where every action is logged and immutable? Microsoft’s Purview audited 24 billion Copilot interactions in a single quarter, up 9x year-over-year. The verification infrastructure is being built. The question is whether the industry adopts it before the next major incident forces the conversation.
How can we know whether actions come from humans or AI agents?
Often, we cannot tell at first glance. On Moltbook, agents picked their own names and described their relationships with humans as “collaborative practices.” At face value, indistinguishable from real people.
But we have ways to identify them. You look at the metadata: how fast was the task completed, what behavioral patterns show up on the site, what traces did they leave in MCP tool logs. Companies already operate in this space. Riskified identifies non-human actors in commercial transactions. SimilarWeb gauges what share of platform activity is automated versus organic. The detection capabilities exist. The question is whether the industry is deploying them fast enough.
Should AI involvement be legally disclosed?
Yes. When I make 25 expert calls to build an investment thesis, people know they are talking to a human. They calibrate what they share based on that. If an AI agent makes those calls, the other party deserves to know.
In late 2025, Anthropic disclosed that its Claude Code agent had been misused in a cyberattack. Agents lower the barrier for both productive and malicious activity. Disclosure does not slow things down. It creates the accountability layer that keeps the system honest. Without it, information asymmetry compounds until insurance pools cannot absorb the exposure.
How can users be sure agents aren’t harvesting data?
Right now, they cannot be fully sure. Laws exist. GDPR, LGPD, CCPA. But agents move faster than enforcement can follow.
There are ways to make it harder. Robots.txt sets the rules, and most bots adhere to it. But loopholes exist, and there are many ways to bypass them. The EU AI Act hits full enforcement for high-risk systems in August 2026, with penalties up to €35 million or 7% of global turnover. Colorado’s AI Act takes effect February 2026. But laws alone will not solve it. Controls have to be built into the agent itself. As a former naval engineer, I can tell you: the systems that work are designed to fail safely. You do not rely on people reading the manual.
What role should regulation realistically play?
In my view, regulation needs to focus on outcomes, not on technologies. You cannot write rules fast enough to keep up with what the technology is doing.
The model is Dodd-Frank. After 2008, regulators did not ban derivatives. They required reporting, capital buffers, and clear accountability. AI regulation should work the same way. Require decision logs. Mandate disclosure when AI is involved in consequential decisions. Set minimum trust standards insurers can rely on. The NAIC is already piloting an AI Systems Evaluation Tool for insurance examinations in early 2026. That is the right direction. Ban nothing. Make everything visible.
Could multi-agent AI actually change clinical development?
It already is. In 2020, no AI-designed drugs were in human testing. Today, over 200 are in clinical development, hitting Phase I success rates of 80-90%, double the traditional benchmark. Recursion gets to a drug candidate with 250 molecules. The industry average is 2,500. I recently spoke with an investor in Hologen, a UK-based AI biotech co-founded by Eric Schmidt. They are not chasing target discovery. Their focus is what they call “large medicine models“, built to de-noise and interpret complex late-stage clinical trial data. Instead of finding new drugs, they make existing trials smarter, analyzing how therapies change the brain, starting with Parkinson’s. I can see how the same approach applies to oncology: enrich trials for the right patients, build synthetic controls, and detect signals that a therapy is working before classical endpoints catch up.
For insurers, this is where the money is. 90% of drugs in trials fail. Each Phase III failure costs $150-300 million. AstraZeneca’s CREATE study screened 660,000 people and hit a 54% positive predictive value, nearly triple the threshold. Dyania Health achieved 96% accuracy in patient matching with a 170-fold speed improvement at Cleveland Clinic. Better patient selection means fewer adverse events, fewer failed trials, lower claims. That is the line from AI to underwriting.
What new risks emerge in AI-driven medical research?
Three.
Opacity. When an AI recommends a drug target, the reasoning may not be explainable. “The model told us to” does not survive a courtroom. The FDA’s guidance on AI in drug development is expected mid-2026, but the framework is behind the technology.
Data bias. Models trained on incomplete data underserve whoever is missing from that data, often minorities, women, and elderly patients. If the training set does not represent the patient, the output should not treat them.
Premature validation. When you compress a 12-year development process into three, you lose the slow, observational window that catches rare adverse events. Some harms only surface after thousands of patients over years. We are approving drugs faster while knowing less about their long-term effects. That is unpriced product liability exposure sitting on someone’s balance sheet.
What is the key question insurers and regulators should ask right now?
When something goes wrong, can you trace what happened? Which agent decided what, based on what data, under whose authority? If the answer is no, the system is uninsurable.
By late 2026, over 35% of insurers will deploy agents across multiple core functions. At the same time, major carriers are filing to exclude AI claims from existing policies. The era of AI coverage by default is over. Build the governance now, or the risk stays on your balance sheet.
AI agents do not eliminate risk. They redistribute it. Intelligence scales fast. Accountability does not. That is the gap insurers need to close.
The questions were asked by Binci Heeb.
Roy Swisa is an investor, AI strategist, and former advisor to top P&C insurers. He is a graduate of Columbia Business School and a member of its Value Investing Program. Roy consults for multiple hedge funds on AI, cross-border opportunities, and defense technology. A former Chief Engineer in the Israeli Navy, he sits at the intersection of technology, defense, and capital markets, with direct access to networks spanning Wall Street, Silicon Valley, and Israel’s elite technology ecosystem.
Read also: When AI keeps to itself
Search:
Sponsors:
