Blab Tech
U.S. Courts and Regulators Grapple with Liability for Autonomous AI Agents
When an autonomous AI agent missteps, the question of who should answer for the damage becomes urgent. In 2026, U.S. courts and regulators are beginning to carve out the rules that will govern liability when software that can pursue goals and take actions causes harm. The debate centers on whether the human or company that deploys an AI agent can be held responsible, and which existing legal frameworks are most applicable.
The stakes are high because AI agents already populate customer‑facing chatbots, automated hiring tools, and e‑commerce shopping assistants. California’s Assembly Bill 316 (AB 316), which took effect on January 1 2026, explicitly bars defendants from claiming that an AI acted autonomously as a defense in civil actions. The bill is part of a broader trend in which lawmakers seek to keep human operators accountable.
Agency law is the first framework courts are applying. Under the Restatement (Third) of Agency, an agency relationship exists when a principal authorizes an agent to act on its behalf and a third party reasonably believes the agent is authorized. In Mobley v. Workday, Inc., the federal court allowed discrimination claims to proceed on the theory that Workday’s AI screening tools could be treated as the employer’s agent, reasoning that the AI tools functioned as the employer’s agent for liability purposes. A Canadian tribunal similarly rejected an airline’s argument that its chatbot was a separate legal entity, holding the airline liable for the chatbot’s incorrect statements about bereavement fare policies.
Product liability and negligence theories are also gaining traction. Plaintiffs may argue that an AI agent was defectively designed—lacking guardrails, failing to require human approval, or not tested against foreseeable misuse. Courts will likely assess whether safer alternatives were feasible and whether developers considered the risks of autonomous operation. Failure‑to‑warn claims could arise if vendors fail to disclose limitations such as hallucination or security risks. The Florida Attorney General’s lawsuit against OpenAI, which alleges that ChatGPT is addictive and unreliable without safeguards, illustrates how negligence claims can be used to bypass Section 230 protections.
Because liability exposure remains uncertain, many businesses are turning to contractual risk allocation. Vendor agreements frequently contain indemnification clauses, cybersecurity obligations, audit rights, and insurance requirements. Vendors may seek to limit damages and shift compliance responsibilities to deployers, while deployers may require human‑in‑the‑loop oversight as a condition of the agreement. However, contractual allocations do not bind consumers or regulators, and courts may scrutinize attempts to shift responsibility when a party actually controls the AI.
Statutory allocation is becoming more prominent. AB 316 prohibits defendants from asserting that an AI acted autonomously as a defense. The European Union’s AI Act, while not written for agentic AI specifically, assigns obligations to providers, deployers, importers, and distributors, and its risk‑based structure may influence U.S. legislative thinking.
The Computer Fraud and Abuse Act (CFAA) is emerging as a significant constraint on AI agents that access user accounts. In Amazon.com Services LLC v. Perplexity AI, Inc., the district court granted a preliminary injunction against Perplexity’s “Comet” shopping agent, finding that the agent accessed Amazon’s systems with the user’s permission but without Amazon’s authorization. The court relied on Facebook, Inc. v. Power Ventures, Inc., which allows a platform to revoke third‑party access even when users share credentials. The case is now before the Ninth Circuit, and its outcome will determine whether platforms can unilaterally block AI agents from interacting with user accounts.
The legal landscape for autonomous AI agents is still evolving. Courts are applying agency, product liability, contractual, and statutory doctrines in ways that reflect the technology’s complexity. Companies deploying AI agents should review their contracts, disclosure practices, and oversight mechanisms to align with current legal expectations. Upcoming court decisions, regulatory actions, and potential new legislation will further shape the liability framework.
The stakes are high because AI agents already populate customer‑facing chatbots, automated hiring tools, and e‑commerce shopping assistants. California’s Assembly Bill 316 (AB 316), which took effect on January 1 2026, explicitly bars defendants from claiming that an AI acted autonomously as a defense in civil actions. The bill is part of a broader trend in which lawmakers seek to keep human operators accountable.
Agency law is the first framework courts are applying. Under the Restatement (Third) of Agency, an agency relationship exists when a principal authorizes an agent to act on its behalf and a third party reasonably believes the agent is authorized. In Mobley v. Workday, Inc., the federal court allowed discrimination claims to proceed on the theory that Workday’s AI screening tools could be treated as the employer’s agent, reasoning that the AI tools functioned as the employer’s agent for liability purposes. A Canadian tribunal similarly rejected an airline’s argument that its chatbot was a separate legal entity, holding the airline liable for the chatbot’s incorrect statements about bereavement fare policies.
Product liability and negligence theories are also gaining traction. Plaintiffs may argue that an AI agent was defectively designed—lacking guardrails, failing to require human approval, or not tested against foreseeable misuse. Courts will likely assess whether safer alternatives were feasible and whether developers considered the risks of autonomous operation. Failure‑to‑warn claims could arise if vendors fail to disclose limitations such as hallucination or security risks. The Florida Attorney General’s lawsuit against OpenAI, which alleges that ChatGPT is addictive and unreliable without safeguards, illustrates how negligence claims can be used to bypass Section 230 protections.
Because liability exposure remains uncertain, many businesses are turning to contractual risk allocation. Vendor agreements frequently contain indemnification clauses, cybersecurity obligations, audit rights, and insurance requirements. Vendors may seek to limit damages and shift compliance responsibilities to deployers, while deployers may require human‑in‑the‑loop oversight as a condition of the agreement. However, contractual allocations do not bind consumers or regulators, and courts may scrutinize attempts to shift responsibility when a party actually controls the AI.
Statutory allocation is becoming more prominent. AB 316 prohibits defendants from asserting that an AI acted autonomously as a defense. The European Union’s AI Act, while not written for agentic AI specifically, assigns obligations to providers, deployers, importers, and distributors, and its risk‑based structure may influence U.S. legislative thinking.
The Computer Fraud and Abuse Act (CFAA) is emerging as a significant constraint on AI agents that access user accounts. In Amazon.com Services LLC v. Perplexity AI, Inc., the district court granted a preliminary injunction against Perplexity’s “Comet” shopping agent, finding that the agent accessed Amazon’s systems with the user’s permission but without Amazon’s authorization. The court relied on Facebook, Inc. v. Power Ventures, Inc., which allows a platform to revoke third‑party access even when users share credentials. The case is now before the Ninth Circuit, and its outcome will determine whether platforms can unilaterally block AI agents from interacting with user accounts.
The legal landscape for autonomous AI agents is still evolving. Courts are applying agency, product liability, contractual, and statutory doctrines in ways that reflect the technology’s complexity. Companies deploying AI agents should review their contracts, disclosure practices, and oversight mechanisms to align with current legal expectations. Upcoming court decisions, regulatory actions, and potential new legislation will further shape the liability framework.
