The AI Governance Gap in Insurance: Why Agents Are Moving Faster Than Carriers

The Numbers Tell a Fractured Story

AI software spending in insurance is forecast to hit $297 billion by 2027. Yet according to Liberty Mutual data cited in the Cake & Arrow report, only 8% of independent agents use AI on a daily basis.

That gap between investment and actual usage isn’t a technology problem. It’s a deployment and design problem — and it’s creating real risk at the front lines of the business.

Most agents interviewed fell somewhere between “ungoverned” and “informal” on a spectrum of AI governance maturity. In practice, that meant agents were handed tool access with little guidance, left to learn from peers, and in some cases unsure whether they were even allowed to use the AI already sitting on their desktops.

One sales manager at a captive agency put it plainly: more training around use cases and prompting “would go a long way.”

Shadow AI Is Already Inside the Building

Here’s where the compliance risk gets real.

When organizations don’t provide clear guidance, employees don’t stop using AI — they just use their own. Gartner research cited in the report found that 88% of employees with enterprise AI access also use personal AI tools for work tasks. The agent interviews confirmed this pattern directly.

Participants described routing client work through personal ChatGPT accounts and consumer apps their employers have zero visibility into. Not out of recklessness. Out of necessity.

One commercial account manager captured the dynamic perfectly: “I’m honestly not sure how I’d manage a book this large without it, so I’m not asking a lot of questions.”

That’s shadow AI in its most dangerous form — not malicious, but invisible. Sensitive client data flowing through uncontrolled channels creates both compliance and security exposure. And the agents most likely to be using unauthorized tools are often among the most productive, which makes the behavior nearly impossible to discourage without offering something better.

Shallow Use Is Leaving Most of the Value on the Table

Even agents actively using AI are mostly scratching the surface.

The common use cases: drafting emails, summarizing policies, comparing quotes. Useful, but nowhere near the compounding productivity gains that come from deeper workflow integration.

Gartner data cited in the report makes the stakes clear: employees who use AI across nine to twelve use cases are five times more likely to report high productivity than those using it for just one to three. Most agents are nowhere near that threshold.

The agents extracting the most value from AI, researchers found, aren’t necessarily the most tech-savvy. They’re the ones with enough domain expertise to know when an AI output is wrong.

An account executive with 31 years of experience told researchers: “You need to be able to look at an AI output and know something’s not quite right.”

That judgment isn’t built through prompting. It’s built through years of experience — which creates a specific and serious risk for newer agents.

The E&O Claim Waiting to Happen

Newer agents are the most likely to treat AI output as a primary source of truth. They’re also the least equipped to catch its errors.

One veteran agent in the study described that scenario directly as “an E&O claim waiting to happen.”

That’s not hyperbole. In a regulated industry where advice carries legal weight, an agent who acts on a hallucinated policy detail or a misread coverage summary is exposed — and so is their firm. The governance gap doesn’t just create operational inefficiency. It creates professional liability.

The irony is that the organizations best positioned to prevent this are the same ones that haven’t yet provided the training, guardrails, or sanctioned tools their agents are clearly asking for.

The Knowledge Drain Makes This Urgent

There’s a longer-term dimension to this story that makes the governance gap even harder to ignore.

50% of the insurance workforce is projected to retire over the next 10 to 15 years. That’s not just a headcount problem — it’s a knowledge problem. Decades of underwriting judgment, client relationship nuance, and institutional memory are walking out the door.

AI is uniquely positioned to help capture and transfer that institutional knowledge before it disappears. But only if organizations build the tools and governance structures to make that possible. Right now, most aren’t close.

The agents with the deepest expertise are the ones who know when AI gets it wrong. When they retire, that check disappears — unless carriers act now to encode that knowledge into governed, well-designed systems.

What the Adoption Gap Is Actually Telling You

The Cake & Arrow report frames the problem clearly: this isn’t a technology failure, and it isn’t a people problem. It’s a design and organizational investment failure.

The organizations pulling ahead aren’t the ones deploying the most tools. They’re the ones doing the slower, harder work of understanding how agents actually operate before building systems meant to help them.

That distinction matters enormously for anyone evaluating AI tools in this space. A tool that gets deployed without workflow context, training, or governance doesn’t just underperform — it creates risk.

What This Means for the AI Tools Ecosystem

For founders and product teams building for the insurance vertical, the signal here is clear: governance features are no longer optional. Audit trails, permission controls, usage visibility, and training scaffolding aren’t enterprise add-ons — they’re the product.

For carriers and MGAs evaluating AI platforms, the question to ask isn’t “what can this tool do?” It’s “what happens when an agent uses it wrong, and will we know?”

For independent agents navigating this on their own, the practical reality is that the tools you’re already using carry risk your firm may not have accounted for. That exposure is yours too.

Conclusion

The AI governance gap in insurance isn’t a future problem. It’s already producing compliance risk, knowledge gaps, and shadow AI behavior at scale — right now, across thousands of agencies. The organizations that close that gap first won’t just reduce risk. They’ll build the kind of institutional AI fluency that compounds over time.

The ones that wait are funding a problem they haven’t named yet.