From launch failures to pending AI regulations, this edition of Risk Wrap highlights six developments shaping compliance, governance, and insurance exposure across high-risk industries.
Rapid Iteration in Launch Systems Highlights Growing Tension Between Innovation and Oversight
On a test flight earlier in 2025 in its Boca Chica facility in Texas, SpaceX suffered a catastrophic failure when its giant Starship rocket exploded minutes after liftoff, scattering debris over environmentally sensitive areas. The incident prompted the Federal Aviation Administration to ground the company’s Starship Super Heavy program while a full investigation was conducted.
The failed launch raised questions about whether proper risk management was conducted and whether SpaceX adhered to safety protocols. The company is known for its rapid approach to development and regulators may struggle to keep up with the pace of innovation. Some also consider Musk’s drug use and other forms of misconduct to be compliance risks.
Implications for brokers and their clients:
- Obtain robust launch insurance that explicitly covers catastrophic failures and third-party property damage.
- As scrutiny increases, firms should secure insurance that covers the costs of regulatory investigations, compliance audits, remediation efforts, and legal defence.
- Ensure appropriate D&O insurance is in place in case directors are accused of intentional or unintentional non-compliance.
Source: PlanetCompliance (March 27, 2025). Regulatory Implications of SpaceX’s 2025 Explosion: A Broader Perspective on Compliance and Risk Management.
The Hidden Cyber Exposures Lurking in GSaaS Supply Chains
Satellites and ground-based systems are becoming increasingly interconnected, introducing new cyber risks into the space economy.
A recent UK government review warns that the shift toward cloud-based Ground Station as a Service (GSaaS) is widening the attack surface. Since the ground segment of space infrastructure often supports multiple missions at a time, and manages control and mission data, it is an appealing target for hostile actors.
GSaaS adoption is accelerating thanks to lower costs and flexibility, but providers vary widely in how they implement security. Larger, established operators tend to follow stricter standards, while smaller firms often delay cyber investments to focus on growth.
Shared responsibility between GSaaS providers and satellite operators creates ambiguity over who secures what. Supply chain vulnerabilities are another concern, with state-backed actors seen as the most significant threat across both hardware and software. In addition, encryption of command and telemetry data is also inconsistent, leaving sensitive communications exposed.
The report emphasizes that organizations adopting GSaaS need a clear understanding of their security obligations and stronger best practices, similar to the discipline required when moving traditional IT systems to the cloud.
Implications for brokers and their clients:
- Firms operating in the space economy should obtain cyber liability insurance that explicitly addresses the threats associated with interconnected space and ground systems.
- Ensure that tech E&O coverage protects against mission impact caused by supplier defects, software flaws, or third-party service failures.
- Maintain coverage that protects against physical security threats affecting ground-based property and assets.
Source: GOV.UK (August 8, 2025). Cyber risks of cloud computing in the ground segment of the space sector.
Traditional Insurers Back Out of In-Orbit Cover as Debris Levels Rise
Satellite breakups in orbit are adding to a growing cloud of debris around Earth. In October 2024, a $500 million (uninsured) satellite exploded over the Indian Ocean and fragmented into at least 20 pieces, joining the 14,000 tonnes of existing debris.
Out of approximately 12,787 satellites orbiting the planet, only about 300 were insured against in-orbit accidents as of mid-2025. Many operators are foregoing insurance entirely as launch costs drop, but the risks of collision and debris-related damage increase with each new launch and each fragmentation event. The worst-case scenario would be Kessler Syndrome, a chain reaction of destruction causing an exponential increase in debris.
Determining whether a satellite broke up due to an internal explosion or a collision with untracked debris can be extremely difficult and some insurers have withdrawn from the in-orbit market entirely.
Implications for brokers and their clients:
- Operators should investigate comprehensive in-orbit insurance that protects satellites throughout their operational life. This should include coverage for debris strikes, collisions with other objects, unexplained failures, and total or partial loss while in orbit.
- Policies should include liability for de-orbiting failures or improper decommissioning practices.
- Service providers relying on satellite data should obtain coverage for business interruption in case collusions disrupt services.
Source: Space.com (June 28, 2025). Satellites keep breaking up in space. Insurance won’t cover them.
New Study Warns That Smart Contract Exploits by Agentic AI Are Advancing at a Rapid Pace
A joint research effort by MATS and Anthropic’s Fellows project examined the capabilities of AI agents to exploit smart contracts.
Using a new benchmark called SCONE-bench, which measures how much simulated value an AI can steal by identifying flaws and generating working exploit scripts, researchers tested 10 leading models on 405 test cases. The models successfully produced functioning exploits for just over 50% of the test cases, representing $550 million in simulated stolen funds.
The study also found that the most capable models are quickly improving. Over the past year, the potential exploit revenue generated by frontier AIs has doubled roughly every 1.3 months. Researchers suggest this is driven by better tool use, error recovery, and long-horizon task execution.
They also state that this rapid growth won’t continue indefinitely. However, it demonstrates how autonomous, profitable contract exploitation by AI systems is already technically feasible.
Implications for brokers and their clients:
- Web3 companies should investigate specialized smart contract failure insurance that covers losses arising from exploits and code errors.
- Verify that crime insurance explicitly covers digital asset losses resulting from on-chain exploits.
- Ensure coverage responds to operational disruption or reputational harm caused by smart contract failures or exploits.
Source: Anthropic (December 1, 2025). AI agents find $4.6M in blockchain smart contract exploits.
35 States Warn of “Disastrous Consequences” as AI Regulation Clash Erupts
Attorneys General from 35 states and Washington DC are pressing congressional leaders not to block state-level authority over AI, warning of “disastrous consequences” if the technology remains unregulated.
Their intervention comes as the industry anticipates new laws scheduled to take effect in 2026. Colorado’s forthcoming law, which has drawn significant pushback, aims to prevent algorithmic discrimination in areas like housing, hiring, and education.
In California, companies will have to disclose training data sources and build mechanisms to identify AI-generated content. In addition, major developers will have to explain plans to mitigate potential catastrophic risks.
New York Attorney General Letitia James emphasized that states must retain the ability to enforce their own safeguards to protect residents. However, OpenAI, Google, Meta, and other firms are lobbying for a unified federal framework instead of a fragmented state-by-state regime.
The Senate voted 99-1 against blocking these AI laws. Meanwhile, Trump is considering suing and defunding states to block them.
Implications for brokers and their clients:
- Work with insurers that have expertise in AI regulation during these uncertain times.
- If the laws are not blocked, growing state-level scrutiny will heighten exposure to claims alleging negligent model development or training-data risks. Verify whether tech E&O policies explicitly cover algorithmic harms, model output errors, and training data liabilities across multiple jurisdictions.
- New disclosure and data handling requirements, especially in states like California, raise compliance and breach-related risks. Review cyber policies to ensure they cover failures in data governance, training data exposure, model traceability obligations, and penalties.
Source: Insurance Journal (December 2, 2025). Dozens of State Attorneys General Urge Congress Not to Block AI Laws.
