{"url":"https://www.ft.com/content/12e36e02-7ff9-4a45-9544-872822fe9c97?syn-25a6b1a6=1","title":"Insurers cap cyber payouts on AI and LLMjacking","domain":"ft.com","imageUrl":"https://images.pexels.com/photos/7731335/pexels-photo-7731335.jpeg?auto=compress&cs=tinysrgb&h=650&w=940","pexelsSearchTerm":"insurance","category":"Business","language":"en","slug":"7b10636e","id":"7b10636e-e4c8-4928-8101-ca1b8878b25a","description":"Insurers Cap AI Risks: Beazley and QBE propose limits on cyber insurance payouts for AI-related losses and LLMjacking.[[1]](https://www.resultsense.com/new","summary":"## TL;DR\n- **Insurers Cap AI Risks:** Beazley and QBE propose limits on cyber insurance payouts for AI-related losses and LLMjacking.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)[[2]](https://techmeme.com/260422/p6)\n- **QBE Sublimit Set:** QBE draft caps LLMjacking payouts at £188,000 on a £3.8m policy.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n- **Response to New Threats:** Move addresses rapid AI risks like credential theft leading to high bills, as vulnerabilities grow.[[3]](https://www.sysdig.com/learn-cloud-native/what-is-llmjacking)[[4]](https://www.cov.com/en/news-and-insights/media-mentions/2026/04/insurers-move-to-cap-cyber-payouts-related-to-ai-and-llmjacking)\n\n## The story at a glance\nInsurers including **Beazley** and **QBE** are proposing contractual language in cyber policies to cap payouts for losses and regulatory fines linked to AI use and \"LLMjacking\", according to documents and sources reported by the Financial Times' Lee Harris. LLMjacking involves attackers using stolen credentials to access corporate cloud AI accounts and rack up large usage costs. This is being reported now amid fast-evolving AI threats that insurers see as unpredictable, with wording still under development and not yet in active policies.[[5]](https://www.ft.com/artificial-intelligence)[[2]](https://techmeme.com/260422/p6)[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n\n## Key points\n- Beazley and QBE lead groups proposing sublimits on AI-related cyber claims, often around **10%** of total policy limits.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n- QBE's draft policy wording specifically limits LLMjacking losses to **£188,000** ($250,000) on policies up to **£3.8m** ($5m) total.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n- Covers losses from AI use, such as high inference bills, and regulatory fines tied to the technology.[[2]](https://techmeme.com/260422/p6)\n- LLMjacking: attackers hijack cloud-hosted large language models (LLMs) with stolen credentials, running costly queries like chatbot farms.[[3]](https://www.sysdig.com/learn-cloud-native/what-is-llmjacking)\n- Beazley's head of cyber underwriting, **Aidan Flynn**, said AI sublimit wording is in development and not yet applied to existing policies.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n- Insurers view AI risks as cautious bet due to more vulnerabilities than patches in near term.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n\n## Details and context\nThe Financial Times article, based on documents and sources, details how London-based insurers like Beazley and QBE are drafting policy exclusions or sublimits for emerging AI cyber perils. LLMjacking emerged as a threat around 2024, akin to cryptojacking but targeting expensive AI compute: attackers steal API keys or credentials, access services like OpenAI or AWS Bedrock, and generate massive bills—potentially **$46,000/day** or more—while victims foot the cost.[[3]](https://www.sysdig.com/learn-cloud-native/what-is-llmjacking)\n\nThese caps respond to AI's rapid advance, where corporate adoption outpaces security fixes, raising unpredictable claims. Sublimits mean policyholders get partial coverage for AI incidents, shifting more risk back to businesses using generative AI tools.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n\nNo major outlets like Reuters or Bloomberg have published matching full reports yet, so details rely on FT's exclusive sourcing.\n\n## Key quotes\n- Aidan Flynn, Beazley head of cyber underwriting management: \"the AI sublimit wording is still in development and has not yet been applied to in-force policies.\"[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n\n## Why it matters\nInsurers capping AI cyber payouts signals growing wariness over unchecked tech risks, potentially hardening the overall cyber market as claims from generative AI mount. Businesses adopting AI tools face higher uninsured losses or need specialist coverage, complicating risk management for tech-reliant firms. Watch if other carriers like Chubb follow with similar limits, and how regulators respond to policy shifts amid rising LLMjacking incidents.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n\n## What changed\nNo prior state described.\n\n## FAQ\nQ: What is LLMjacking in cyber risks?\nA: LLMjacking is when attackers use stolen cloud credentials to hijack access to large language models, running up huge bills on services like AWS Bedrock or OpenAI. Victims pay for the compute while attackers may resell access or misuse models for malicious code or data theft. It mirrors cryptojacking but hits AI costs hard, sometimes tens of thousands daily.[[3]](https://www.sysdig.com/learn-cloud-native/what-is-llmjacking)\n\nQ: How do Beazley and QBE limit AI cyber payouts?\nA: They propose sublimits capping AI-related claims at about 10% of policy totals, with QBE drafting £188,000 max for LLMjacking on £3.8m policies. This covers losses and fines from AI use. Wording targets rapid tech risks not yet in active contracts.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)\n\nQ: Why are insurers proposing these AI cyber caps now?\nA: AI vulnerabilities grow faster than fixes, creating uncertain, high-cost claims from incidents like credential theft. Insurers aim to limit exposure to \"rapidly advancing technology.\"[[5]](https://www.ft.com/artificial-intelligence)\n\nQ: Are the AI payout limits already in force at Beazley or QBE?\nA: No, the wording is still being developed and has not been applied to existing policies.[[1]](https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts)","hashtags":["#insurance","#cybersecurity","#ai","#cyberrisk","#llmjacking","#beazley"],"sources":[{"url":"https://www.ft.com/content/12e36e02-7ff9-4a45-9544-872822fe9c97?syn-25a6b1a6=1","title":"Original article"},{"url":"https://www.resultsense.com/news/2026-04-22-insurers-cap-cyber-llmjacking-ai-payouts","title":""},{"url":"https://techmeme.com/260422/p6","title":""},{"url":"https://www.sysdig.com/learn-cloud-native/what-is-llmjacking","title":""},{"url":"https://www.cov.com/en/news-and-insights/media-mentions/2026/04/insurers-move-to-cap-cyber-payouts-related-to-ai-and-llmjacking","title":""},{"url":"https://www.ft.com/artificial-intelligence","title":""}],"viewCount":2,"publishedAt":"2026-04-23T14:11:56.805Z","createdAt":"2026-04-23T14:11:56.805Z","articlePublishedAt":"2026-04-21T00:00:00.000Z"}