For Insurance Carriers

The Open Standard for AI Insurance Risk

AIRS gives carriers what CVSS cannot: portfolio-level AI risk quantification with direct coverage trigger mapping, built on empirical incident data scored by our intelligence team.

The AI Insurance Readiness Score is a structured, open methodology for evaluating AI-specific insurability risk across model integrity, output liability, supply chain security, regulatory compliance, and systemic resilience. Adopt the standard. Engage our analysts for institutional-grade assessment.

Contact Our Intelligence Team
5
Domains
25
Factors
174
Scored Incidents
7
Supporting Standards
The Underwriting Gap

Why AI Risk Defies Traditional Underwriting

Cyber insurance was built for network intrusions and data breaches — deterministic events with historical actuarial data. AI systems violate every one of these assumptions.

Non-Deterministic Risk

Autonomous agents cascade failures across enterprises in minutes, making loss containment nearly impossible once a compromise is underway. Model poisoning corrupts decision-making at scale — silently and persistently.

No Actuarial Precedent

Prompt injection, RAG poisoning, and Model Context Protocol exploits have no meaningful loss history. Actuaries lack the data required for credible pricing.

Scoring Granularity Gap

Without a purpose-built scoring standard, underwriters cannot differentiate a prompt injection (VSS 53) from an autonomous agent compromise (VSS 81) — yet the coverage implications differ by orders of magnitude.

Multi-Line Trigger

Business Interruption, Cyber Liability, and D&O exposure can trigger simultaneously in an agent compromise scenario. Traditional CVSS compresses both events into a 7–9 range — no actionable signal.

Key Finding

Our incident database reveals that AI-native vulnerability categories — Agent Compromise (avg 80.5), Cascading Agent Failures (avg 80.3), and Memory & Context Poisoning (avg 75.0) — trigger the most severe insurance loss scenarios. Traditional CVSS scores compress these into the 7–9 range, providing no actuarial signal.

Open Methodology, Proprietary Intelligence

What We Publish. What We Protect.

AIRS is an open standard — any carrier can adopt the methodology. Our intelligence infrastructure is what makes it institutional-grade.

The Open Standard

Published methodology that any carrier can adopt for consistent, industry-wide AI risk assessment.

  • Five assessment domains with defined weights
  • Twenty-five discrete scoring factors with rubrics
  • 0–100 composite score and four risk tiers
  • Coverage trigger mapping and claim range estimates
  • Severity tier classification for underwriting decisions
  • Integration workflow for existing underwriting platforms

The Intelligence Layer

Seven interlocking proprietary standards that power institutional-grade assessment at enterprise scale.

  • 174 analyst-verified scored incidents (VSS + TSS)
  • Breach econometrics and loss curve modeling (BEL)
  • Supply chain dependency mapping and SPoF analysis (SCDM)
  • Talent migration signals across 200+ companies (TMS)
  • Regulatory and policy signal tracking (RPS)
  • Cross-standard correlation and enrichment engines
AIRS Framework

Five Domains. Twenty-Five Factors. One Score.

Each domain evaluates a critical dimension of AI insurance readiness, scored 1–5 per factor with weighted aggregation to a 0–100 composite.

DOMAIN 01
Model Integrity & Validation
Weight: 25%
Training Data Provenance
Adversarial Robustness
Versioning & Rollback
Poisoning Detection
Drift Monitoring
DOMAIN 02
Output Liability & Content Risk
Weight: 20%
Human-in-the-Loop Oversight
Output Validation
Disclosure Practices
Error Correction & Recall
Liability Documentation
DOMAIN 03
AI Supply Chain Security
Weight: 20%
Vendor Due Diligence
Dependency Mapping
Sub-processor Auditing
Contractual Liability
Data Provenance Verification
DOMAIN 04
Regulatory & Compliance Alignment
Weight: 15%
EU AI Act Readiness
U.S. State Law Compliance
Cross-Border Data Transfer
Bias Testing & Fairness
Regulatory Reporting
DOMAIN 05
Systemic Resilience & Continuity
Weight: 20%
Model Diversification
Failure Isolation
Business Continuity
Concentration Monitoring
AI Incident Response
Risk Classification

AIRS Severity Tiers

Four risk tiers translate composite AIRS scores into actionable underwriting decisions — from premium discounts to coverage denial.

Classification AIRS Range Underwriting Implication
AI Insurance Ready 80 – 100 Qualifies for affirmative AI coverage with premium discounts of 10–25%. Eligible for broadest coverage terms.
Conditionally Insurable 60 – 79 Coverage available with specific exclusions, sub-limits, and higher premiums. Remediation milestones may unlock broader terms.
Elevated Risk 40 – 59 Limited coverage only, with significant exclusions and mandatory remediation requirements.
Uninsurable 0 – 39 Coverage denied until remediation milestones achieved. Organization provided with roadmap to reach minimum threshold.
Reinsurance Note

Treaty terms can reference AIRS thresholds — for example, requiring cedants to maintain a minimum portfolio-weighted AIRS of 60 to qualify for favorable treaty terms.

Integration

From Scores to Underwriting Decisions

A five-step workflow for carriers to move from raw vulnerability data to actionable underwriting decisions using the AIRS framework.

1
Score Vulnerabilities with ASI-VSS
Apply the 5-dimension sub-factor rubrics to AI system vulnerabilities in the insured portfolio. Each dimension is scored 0–20; the composite VSS provides a precise, repeatable severity signal.
2
Map to Coverage Triggers
The Insurance Loss Category sub-factor translates directly to coverage triggers and claim range estimates. Underwriters extract loss category assignments from scored incidents without additional interpretation.
3
Aggregate by AIRS Domain
Scored incidents aggregate into AI Insurance Readiness Scores across five insurance-relevant domains. Portfolio-level AIRS composites feed directly into underwriting models and pricing engines.
4
Feed into Underwriting Models
AIRS scores integrate with existing underwriting platforms. Domain scores and composite AIRS provide both granular and summary risk signals compatible with standard pricing architectures.
5
Monitor and Rescore Quarterly
The AI threat landscape evolves rapidly. Our analysts recommend rescoring high-severity findings quarterly, or immediately following material changes to model version, tool integrations, or deployment architecture.
Carrier Resources

Documentation & Intelligence Products

Resources for carriers evaluating the AIRS framework for portfolio risk management and underwriting integration.

AIRS v1.0 Open Standard Specification
The complete methodology — five domains, twenty-five factors, scoring rubrics, weighted aggregation, and risk tier classification. The foundation for industry-wide AI insurance assessment.
PDF · April 2026 · Open Standard
ASI-VSS Carrier Brief
Purpose-built for underwriting teams. Scoring architecture, D4 insurance loss mapping, severity tier implications, and a five-step carrier integration workflow. Includes empirical data from 174 scored incidents.
PDF · 6 Pages · Institutional Distribution
ASI-VSS Practitioner Brief
For security teams and technical reviewers. Deep dive into the five scoring dimensions, twenty sub-factors, and empirical calibration against real-world AI security incidents.
PDF · 6 Pages · Institutional Distribution
Get Started

Adopt the Standard. Engage Our Analysts.

The AIRS methodology is open for any carrier to adopt. For institutional-grade assessment powered by seven interlocking intelligence standards, our team is ready.

Contact Our Intelligence Team Explore the AIRS Assessment