# Insurance Underwriting Brief - the AI-insurance acceleration path

## The problem underwriters have

Insurers cannot underwrite AI risk because there is no standardized evidence of agent
behavior at runtime. A contract requiring appropriate controls creates a **legal remedy,
not a preventive control** &mdash; and to pursue the remedy you must first prove a breach,
which requires evidence that exists, is accessible, and is trustworthy. In agentic
deployments crossing organizational boundaries, those assumptions reliably fail. The
evidentiary basis for any claim ends up being the vendor's own, alterable records.

## The bifurcation

The AI-insurance market is splitting into two postures:

- **AI-excluding.** Policies carve AI out directly, because the risk cannot be measured.
- **AI-embracing.** Carriers who want to write AI cover but lack a defensible evidence basis to price it.

The AI-embracing side needs exactly one thing the market has not had: **standardized,
attributed, independently verifiable evidence of what an agent did.**

## What this bundle provides

The private incident-response fabric turns collaboration into a pricing basis:

1. **Sealed incidents &rarr; signed evidence.** Each incident is a cryptographically bounded
   record, signed at the moment of action &mdash; it exists before any dispute and cannot be
   altered retroactively.
2. **Honored response patterns &rarr; attributed playbooks.** In-network members share
   response techniques without exposing raw detail; contributors are credited.
3. **Conformance tier &rarr; underwritable posture.** A customer's posture becomes an
   `security:underwritable_posture` composite an insurer can **price on real evidence**,
   not claim-based assurances ([`Hypergraph.Underwrite.ThreatProfile@v1`](../hypergraph-pathways/pathways/Hypergraph.Underwrite.ThreatProfile@v1.yaml)).
4. **Offline verification.** The underwriter verifies a Trust Key on their own device &mdash;
   no platform access, no vendor login. The powerful party does least.

## The cross-domain intersection

This is the `xi_incident_underwriting` intersection: Security (the sealed incident and
response playbook) &times; Provenance (the evidence) &times; Authorization (the attested
conformance tier). It is an emergent object &mdash; it only exists when the fabric is
exercised.

## Alignment with the standards community

- **AIUC-1** (`tm:aiuc-1`) already orients AI certification toward underwriting and
  crosswalks to the OWASP Agentic Top 10. This fabric supplies the runtime evidence AIUC-1
  certification can rest on.
- **SOC 2** (`tm:soc2`) attests controls at the organization level; PoC adds the per-action
  evidence that an agent stayed in bounds &mdash; complementary, not competing.
- **FINOS** &mdash; financial-services AI is where evidence-based AI underwriting lands first;
  the CALM collaboration ([`../finos-invitation/OPEN_INVITATION.md`](../finos-invitation/OPEN_INVITATION.md))
  is the natural venue.

## The thesis

When security and AI are part of the underwriting of every industry, a collaborative,
cryptographically-attributed incident-response fabric is how the AI-embracing insurance
industry **reinvents itself**: shared best practices and incident response, priced on
evidence, without surrendering private detail or provenance. This bundle is the acceleration.
