HOW USEFUL WAS THIS POST? RATE, LEAVE A COMMENT REQUESTING CHANGES, AND WE’LL AMEND ACCORDINGLY.
From AI safety to crypto custody, this edition of Risk Wrap highlights six developments shaping compliance, governance, and insurance exposure across high-risk industries.
Is AI Getting Out of Control? International AI Safety Report Warns of Growing Risks
The International AI Safety Report 2026 finds growing evidence across multiple categories of AI risk, including malicious use and malfunction.
Evidence of AI misuse has increased since the previous report. Documented cases include scams, fraud, blackmail, extortion, defamation, and non-consensual explicit imagery. Deepfakes and voice cloning have been used to impersonate individuals and trick individuals into transferring funds.
Media-reported incidents involving AI-generated content continue to rise, as shown below.
AI capabilities in cyberattacks have advanced. In one competition, an AI agent identified 77% of vulnerabilities in a system, placing it in the top 5% of over 400 teams, most of them human. AI systems themselves are also targets of attacks, including tampering during development to alter behavior after deployment.
Risks from malfunctions include hallucinations, flawed code, and misleading advice. In multi-agent systems, failures can arise from miscoordination or poor management of shared resources.
Loss-of-control scenarios are another risk, where systems operate beyond human control and where regaining control is prohibitively expensive or impossible. Contributing factors include increased agentic capabilities, behaviors that bypass or disable monitoring, manipulative or deceptive tactics, and autonomous replication and adaptation.
Implications for brokers and their clients:
- AI companies should seek robust tech E&O, cyber, and crime insurance policies that explicitly cover the vast array of risks facing AI systems.
- Investigate D&O insurance that’s tailored to AI operations, ensuring protection from accusations of poor governance leading to cyberattacks or malfunctions.
- Collaborate with insurers that have sector-specific expertise and can offer bespoke coverage in accordance with clients’ unique needs.
Source: International AI Safety Report (February 3, 2026). International AI Safety Report 2026.
LSD Treatment Developer Accused of Trade Secret Misuse
A clinical-trial provider has taken legal action against Definium Therapeutics, the New York-based biotech advancing LSD-derived psychiatric treatments, accusing it of stealing trade secrets and sharing them with a rival.
The complaint was filed by Signant Health who Definium hired to assist with its phase two trials in 2021. The company alleges that Definium shared confidential information with EMA Wellness who assisted during phase three trials in 2024.
The lawsuit claims the motivation was that a Definium executive has a financial stake in EMA Wellness and wanted to ‘shore up EMA’s nascent capabilities and mask EMA’s inability to perform.’
Signant requested a court order to block Definium from misusing its IP and an unspecified number of damages. Definium disagrees with the claims.
Implications for brokers and their clients:
- Investigate insurance that covers litigation and recovery costs if proprietary data, trial methods, or platforms are misappropriated by partners, vendors, or former employees.
- Robust D&O coverage is critical to protect against claims tied to conflicts of interest.
- Review whether policies cover the costs associated with trial disruptions caused by legal proceedings.
Source: Reuters (February 3, 2026). LSD therapy biotech Definium sued for alleged trade secret theft.
MIT Warns Healthcare AI Could Threaten Patient Privacy by Memorizing Health Records
Researchers at MIT have shown that large foundation models may inadvertently memorize specific patient data, a vulnerability that could be exploited to reveal highly sensitive health information.
Usually, foundational models (known to be prone to leakage) draw on the Electronic Health Records of many patients to make predictions. In memorization, the model’s output is based on a single patient’s records.
‘Even with de-identified data, it depends on what sort of information you leak about the individual,’ explained Sana Tonekaboni, first author of the paper. ‘Once you identify them, you know a lot more.’
Researchers developed a series of tests to measure how much information an attacker would need to extract to meaningfully compromise individual privacy. They demonstrated how to distinguish model generalization cases from patient-level memorization and discussed the risks of more benign cases like age or demographic leakage versus disclosures like diagnoses for conditions like HIV or substance abuse.
The work shows that patients with unique conditions are particularly at risk, and that the more information a model has about a patient, the higher the chance it will be leaked.
In the past two years, the US Department of Health and Human Services recorded 747 breaches of health information affecting over 500 people. Most were classified as hacking or IT incidents.
Implications for brokers and their clients:
- Review tech E&O policies to confirm whether liabilities arising from unintended memorization and unauthorized disclosure of personal data by AI systems are explicitly covered.
- Investigate coverage for costs associated with adherence to emerging data protection regulations, including audits, fines, and required remediation actions stemming from compliance failures.
- Secure robust cyber liability insurance and crime policies that cover AI-specific risks.
Source: MIT News (January 5, 2026). MIT scientists investigate memorization risk in the age of clinical AI.
Texas Expands Medical Marijuana Program as Patient Numbers Surge
Texas’ medical marijuana program is undergoing significant expansion as state regulators move to license new operators. The Texas Department of Public Safety has issued nine provisional licenses, and many existing operators are ramping up their production capabilities to meet growing demand.
The changes stem from recent updates to the Texas Compassionate Use Program, which expanded the list of qualifying medical conditions, increased allowable THC limits, added new treatment options, and improved dispensary access.
Those changes have already driven patient enrollment significantly, with 135,470 individuals registered by the end of 2025, a 32% increase on the previous year.
Existing companies are opening satellite locations tied to their main licensed operations, allowing them to serve patients across large regions of the state.
After approval, newly licensed operators will have up to two years to become fully operational but a spokesperson for Goodblend estimates that it will happen within nine months to a year.
Implications for brokers and their clients:
- Cannabis companies should investigate coverage that helps offset losses tied to licensing delays, compliance costs, or regulatory enforcement actions.
- As patient numbers and THC limits increase, companies face higher exposure to claims involving product safety, making comprehensive product liability coverage essential.
- Expanding cultivation sites and distribution increases vulnerability to weather events, theft, and operational shutdowns. Investigate business interruption insurance tailored to cannabis operations.
Source: Texas Tribune (January 12, 2026). A blossoming Texas medical marijuana industry adds new businesses, products and patients.
Crypto Exchanges in South Korea Face Tough New Liability Proposals
South Korean lawmaker Park Seong-hoon has introduced a proposal to amend the Virtual Asset User Protection Act to make cryptocurrency exchanges directly liable for user losses caused by hacks or system failures.
This change would transfer the burden of proof to VASPs. Instead of users having to prove exchange negligence, exchanges would have to prove they implemented rigorous security protocols or that a user’s gross negligence or intentional fault caused the loss.
The legislation also mandates immediate reporting of security incidents to financial authorities, including system failures that prevent users from accessing funds and technical vulnerabilities that expose user data or funds. This mandate stems from concerns about delayed reporting, which has exacerbated user losses in some cases.
The approach is considered more aggressive than frameworks in other jurisdictions. For example, the EU’s MiCA and Japan’s Payment Services Act both impose security requirements yet don’t explicitly shift liability.
VASPs operating in South Korea may need to increase their security investments. This may affect fee structures and cause cost pressures for smaller platforms.
Implications for brokers and their clients:
- Investigate dedicated crypto custody insurance designed for the exposures VASPs face in South Korea and worldwide.
- Secure robust cyber liability coverage and crime insurance that explicitly cover losses from hacks, system failures, and required compensation under proposed laws.
- Secure D&O insurance to protect against accusations of failures in governance and oversight.
Source: Bitget (January 21, 2026). Crypto Exchange Liability: South Korea’s Revolutionary Proposal to Shield Investors from Hacking Damages.
Ireland Launches New Gambling Licensing Regime With €20 Million Fines on the Table
The Gambling Regulatory Authority of Ireland (GRAI) has started accepting applications and issuing licenses to remote and in-person betting operators after a government order brought key parts of the Gambling Regulation Act 2024 into force on February 5.
The move ushers in a modernized and simplified gambling license framework that replaces century-old laws and establishes comprehensive oversight, including enforcement and complaints mechanisms.
Under the new regime, the GRAI can license operators as soon as feasible once their existing licenses expire (from July 1 for remote services and from December 1 for in-person services).
The legislation also incorporates wide-ranging compliance obligations, like prohibitions on credit-card gambling payments, safeguards to prevent underage gambling, requirements to report suspicious gambling activity, and other protections for account holders. The order allows the watchdog to issue court orders against illegal operators and fines of up to €20 million or 10% of turnover (whichever is greater).
Implications for brokers and their clients:
- Secure insurance that covers costs arising from breaches of licensing terms, fines, and enforcement actions under the new framework.
- Investigate player liability cover that protects against losses caused by player disputes.
- Work with specialized insurers that provide policies designed for the gambling industry.
Source: Law Society Gazette (February 4, 2026). Gambling watchdog can begin issuing licences.
