Valencia v. Invoca and Lisota v. Heartland Dental expose why AI liability diverges from cyber. Underwriters and businesses that treat them as the same face expensive surprises.
Early litigation is drawing a line between AI risk and cyber insurance that many underwriters and businesses have treated as interchangeable. Two federal court decisions – Valencia v. Invoca and Lisota v. Heartland Dental – expose why the old muscle memory will cost those who refuse to update their frameworks.
Peter Hawley, former international head of cyber at Everest Group (EG) and now a strategist in the space, laid out the problem in a recent viewpoint. The cases are not about breaches or ransomware. They arise from ordinary customer calls, chatbot interactions, and default settings inside vendor contracts. The exposure sits in the gap between what an organisation believed it was doing and what its systems actually did on its behalf.
In Valencia v. Invoca, a California federal court declined to dismiss claims that an AI call-analytics vendor was effectively a third-party eavesdropper. The vendor’s product did exactly what it was bought to do – transcribe calls, analyse sentiment, feed results back to the business. No hack occurred. No data left the intended channels. Yet the court found the conduct could violate California’s Invasion of Privacy Act (CIPA).
The Invoca court adopted what Hawley calls the “mere capability” approach. At the pleading stage, it is enough that the vendor could use call content for its own purposes. The plaintiff does not have to prove the vendor actually did. That lowers the bar for plaintiffs significantly and every business using third-party AI tools that touch California residents should take note.
“For two decades, ‘this call may be recorded’ has done quiet, reliable work,” Hawley wrote. “GenAI breaks that sentence.” The notice customers see must match what the AI system actually does behind it. Was the call only recorded, or was it transcribed in real time by a third-party model? Was the transcription retained to improve a vendor’s model? Was sentiment analysed? Each change widens the consent gap. Consent architecture is becoming as important as access control in managing AI exposure.
In Lisota v. Heartland Dental, an Illinois federal court dismissed a similar claim brought only under the federal Wiretap Act. That statute contains an “ordinary course of business” exception that CIPA does not. The court deemed the AI transcription and analysis central to the service, so the exception applied.
The difference is a clear signal. Filings will concentrate in states whose wiretap laws give plaintiffs a foothold the federal statute denies. California, with its broader CIPA, becomes a magnet for AI privacy cases. Businesses with multi-state operations must map their exposure by jurisdiction, not just by product.
Most enterprises are not building foundation models. They are buying tools, enabling features, and accepting default settings. The AI estate of a typical business is an accumulation of procurement decisions made by different teams under different commercial pressures. AI vendor risk adds a dimension cyber underwriting was never built to handle.
Was the vendor merely providing a tool, or was it independently receiving, analysing, retaining, enriching, or using the data? The answer changes whether a notice was adequate, whether consent was meaningful, and ultimately whether a claim lands in cyber, technology errors and omissions, privacy, media, professional liability, regulatory defence, or management liability.
Risk to watch: The claim simply arrives looking for a home. Companies that file AI risk under cyber may discover the coverage gap only when a claim does not fit the policy they bought.
It is no longer enough to say a notice existed, that a vendor was not meant to train on customer data, or that a tool was configured compliantly. Underwriters and boards need to show – with evidence – what the customer saw on the relevant date, which version of the vendor terms applied, and whether model-training rights were switched on or off. Without that evidence, defences crumble.
Hawley notes that recent cases against Google (Gemini smart features switched on by default across Gmail, chat, meet), Figma (terms changed to opt customers into content training defaults), and unnamed healthcare providers (ambient AI tools that recorded clinical conversations without clear consent) all share the same structural concern. The exposure is not in the AI itself. It is in the default settings, procurement decisions, and mismatch between notice and actual system behaviour.
Regulators in the EU, UK, and US are moving over the same landscape, though with different vocabulary. The direction is consistent: transparency, accountability, lawful data use, explainability, governance, oversight, evidence. Hawley does not call for panic. He calls for precision.
The leaders who treat AI as a change in business conduct, relationships, governance, and evidentiary discipline will ask better questions of their vendors, their lawyers, their brokers, and their boards. In underwriting, better questions are the first competitive advantage.
How much of this risk genuinely belongs inside existing insurance classes, and how much of it requires something the market has not yet built? Hawley suggests that is the conversation worth being early to. For now, the immediate task is to audit consent architecture, vendor contracts, and jurisdictional exposure before the next claim arrives looking for a home.
For investors tracking the insurance sector, the shift means that carriers like Everest Group (EG) – with a direct stake in cyber underwriting – and the broader market for AI-specific liability products could see significant repricing. The companies that adapt their underwriting models first will capture the spread.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.