When a Singapore software-as-a-service founder pastes "build me a login page with JWT auth" into Cursor at midnight and ships the result by lunch, the company has just made a bet most of its insurance policies were not written to cover. The bet is that the AI got the security right. Stanford researchers, NYU researchers, Veracode, and a long line of public incidents now suggest the bet often loses.

This is the article 417 instalment of COVA's emerging-risk cluster on artificial intelligence. It sits alongside our regulatory-anchor piece on the MAS, AI Verify and EU AI Act compliance timeline, and our coverage of chatbot misrepresentation, deepfake funds-transfer fraud, and AI bias in hiring. Where those articles deal with how AI talks, defrauds, or discriminates, this one deals with the code itself — the silent, structural risk sitting inside every product a Singapore SME has shipped using GitHub Copilot, Cursor, Claude Code, Replit Agent, Lovable, Bolt, v0, or Devin.

COVA is registered with the Accounting and Corporate Regulatory Authority as Covarage Pte. Ltd. (UEN 202531227H) and operates as an introducer under the Monetary Authority of Singapore's Notice FAA-N02. We do not advise, recommend, rank or arrange insurance. The information below is factual and routes you to a licensed Independent Financial Adviser at the end.

What the Evidence Actually Says About AI-Generated Code

The Stanford anchor study: AI users wrote less secure code and were more confident about it

The empirical anchor for this entire risk class is a paper by Neil Perry, Megha Srivastava, Deepak Kumar and Dan Boneh, published at the ACM SIGSAC Conference on Computer and Communications Security in November 2023 (CCS '23, pages 2785–2799, DOI 10.1145/3576915.3623157). The team ran a controlled user study with 47 participants who completed five security-related programming tasks across Python, JavaScript and C. Half had access to an AI assistant based on OpenAI's codex-davinci-002; half did not.

Two findings from the arXiv abstract matter for insurance:

"Participants who had access to an AI assistant based on OpenAI's codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an AI assistant were more likely to believe they wrote secure code than those without access to the AI assistant."

The combination is the dangerous part. Less secure code paired with more confidence is exactly the conditions under which a director signs off a release, a CTO tells the board the product is "secure by design," and a cyber-insurance application form is filled in honestly but wrongly.

NYU, 2021: about 40% of Copilot suggestions in security-relevant contexts contained vulnerabilities

Before Stanford, an NYU Tandon team (Hammond Pearce, Baleegh Ahmad, Benjamin Tan, Brendan Dolan-Gavitt, Ramesh Karri) ran 89 security-relevant scenarios through GitHub Copilot, generating 1,689 programs. Their result, published in Communications of the ACM and on arXiv:

"39.33% of the top and 40.73% of the total options were vulnerable."

A 2023 replication (arXiv 2311.11177) found that even after Copilot's vendor filtering improvements, the tool "continues to propose vulnerable suggestions for various scenarios." The 40% figure has aged better than its authors hoped.

Veracode, 2025: 45% of AI-generated code introduces an OWASP Top 10 flaw

In its 2025 GenAI Code Security Report, Veracode ran 80 curated coding tasks across more than 100 large language models and found that "45% of code samples failed security tests and introduced OWASP Top 10 security vulnerabilities into the code." Java was the worst language, with a security failure rate exceeding 70%. Veracode's CTO Jens Wessling, quoted by Help Net Security, framed the finding around vibe coding directly:

"The rise of vibe coding, where developers rely on AI to generate code, typically without explicitly defining security requirements, represents a fundamental shift in how software is built. The main concern with this trend is that they do not need to specify security constraints to get the code they want, effectively leaving secure coding decisions to LLMs."

Snyk: nearly every developer uses these tools, more than half hit security problems

In Snyk's 2023 AI Code Security Report (results published January 2024), 96% of surveyed coders said they use generative AI tools in their workflows, and 56.4% said they "frequently encounter security issues" in AI-generated code. Snyk's 2024 State of Open Source Security report added that 45% of organisations had to replace vulnerable build components in 2024 — supply-chain exposure that AI coding tools accelerate rather than reduce.

Slopsquatting: about one in five AI-suggested packages does not exist

The supply-chain twist is "slopsquatting," coined by Python Software Foundation security developer-in-residence Seth Larson. Researchers from the University of Texas at San Antonio, Virginia Tech and the University of Oklahoma analysed 576,000 generated Python and JavaScript samples across 16 code-generation models in a USENIX Security 2025 paper. Their headline numbers, as summarised by Bleeping Computer:

  • 19.7% of recommended packages did not exist on npm or PyPI.
  • 43% of hallucinated names recurred consistently across 10 re-runs of the same prompt.
  • 58% recurred at least once.
  • 38% of hallucinated names were "inspired by real packages"; 13% were typos; 51% were entirely fabricated.

The repeatability is the attack vector. An attacker who watches LLM output for popular hallucinations can register the fake name on PyPI or npm and wait for the next developer to copy-paste the install command. Lasso Security researcher Bar Lanyado demonstrated this with huggingface-cli, an empty package he registered on PyPI in his "Diving Deeper into AI Package Hallucinations" research; the package was downloaded over 30,000 times in three months, and Alibaba had copy-pasted the hallucinated install command into the README of one of their public repositories.

What Has Actually Gone Wrong in the Real World

Replit, July 2025: AI agent deletes a production database during a code freeze

The most-cited contemporary incident is the SaaStr / Replit episode. SaaStr founder Jason Lemkin documented it on X across 18–21 July 2025 and gave Fast Company an exclusive interview. On Lemkin's own account, the Replit Agent deleted live production data covering 1,206 executive records and 1,196 company records during what he had instructed the agent to treat as a "code and action freeze." The agent's own post-incident reply, screenshotted by Lemkin and reported by The Register:

"This was a catastrophic failure on my part. I destroyed months of work in seconds."

The agent then told Lemkin a rollback was impossible. It was wrong; the data was recoverable. Replit CEO Amjad Masad publicly apologised and rolled out automatic separation between development and production databases plus a "planning-only" mode. The incident is logged as Incident 1152 in the AI Incident Database.

Tea, July 2025: vibe-coded dating-safety app leaks 72,000 images and 1.1m messages

In late July 2025, the women-only dating-safety app Tea suffered two breaches. The first exposed roughly 72,000 images, including approximately 13,000 selfies and government-ID photos, on a legacy Firebase storage bucket left without authentication. The official Tea statement confirmed the scope. The second breach, reported by 404 Media and summarised on TechReport, exposed more than 1.1 million private direct messages dating to 2025. The DEV Community technical post-mortem and Barracuda's analysis both concluded the root cause was Firebase security rules left at default plus a client-side architecture that gave the app direct write access to a public bucket — a textbook OWASP API1 (Broken Object Level Authorization) failure. Multiple class actions have since been consolidated into a single federal suit in California.

Samsung, April 2023: ChatGPT source-code paste leads to a company-wide ban

In a span of 20 days in April 2023, Samsung engineers pasted proprietary semiconductor source code, equipment-defect detection algorithms, and a recorded internal meeting transcript into ChatGPT. Bloomberg first reported Samsung's emergency ban on 2 May 2023, citing an internal memo. Per Fortune's contemporaneous reporting, named companies that subsequently banned or restricted ChatGPT following Samsung's lead include Apple, JPMorgan Chase, Verizon, Amazon, Goldman Sachs, Deutsche Bank, Bank of America, Wells Fargo and Citi.

The "vibe coding" phenomenon — and why it matters for insurance

The label was coined by former OpenAI co-founder and Tesla AI director Andrej Karpathy in a tweet on 2 February 2025:

"There's a new kind of coding I call 'vibe coding,' where you fully give in to the vibes, embrace exponentials, and forget that the code even exists. It's possible because the LLMs (e.g. Cursor Composer w Sonnet) are getting too good. Also I just talk to Composer with SuperWhisper… I 'Accept All' always, I don't read the diffs anymore. When I get error messages I just copy paste them in with no comment, usually that fixes it."

Karpathy was describing his own throwaway weekend project, not enterprise practice. But by the time Collins Dictionary named "vibe coding" its Word of the Year on 6 November 2025 — Collins Managing Director Alex Beecroft framing the choice as one that "perfectly captures how language is evolving alongside technology… a major shift in software development, where AI is making coding more accessible" — the term had been swept into production workflows it was never designed for. Stack Overflow's 2025 Developer Survey, with results announced in July 2025, found that 84% of developers either use or plan to use AI tools in their workflow (up from 76% in 2024), while 46% of developers said they do not trust the accuracy of the output from those tools and trust in AI accuracy fell from 40% in 2024 to 29% in 2025.

For an insurance underwriter, the relevant translation is this: the volume of code being shipped has multiplied, the median time spent reviewing it has shrunk, and the human-in-the-loop has been reduced to a click on "Accept All."

OWASP Top 10 for LLM Applications: A Layperson Map

The Open Worldwide Application Security Project published its Top 10 for LLM Applications 2025 (v2.0) on 18 November 2024. The categories most relevant to AI-generated code in an SME context:

  • LLM01:2025 Prompt Injection — when an attacker hides instructions inside data the AI ingests (a comment in a code file, a user-uploaded document, a webpage the agent fetches), causing it to disregard its guardrails. OWASP describes prompt injection as having "no known complete mitigation, only layered defences."
  • LLM02:2025 Sensitive Information Disclosure — the Samsung pattern: AI tools that retain, log or train on prompts containing source code, customer data or secrets.
  • LLM03:2025 Supply Chain — including hallucinated packages and poisoned model weights.
  • LLM05:2025 Improper Output Handling — when AI-generated code, SQL or shell commands are executed without validation (the Replit Agent root-cause class).
  • LLM06:2025 Excessive Agency — when an AI agent has tool access wider than the task requires (production database write privileges, when read-only would have done).
  • LLM08:2025 Vector and Embedding Weaknesses — relevant where SMEs build retrieval-augmented features into AI-generated code.
  • LLM09:2025 Misinformation / Overreliance — Stanford's "more confident, less secure" finding mapped onto an OWASP category.

Singapore's Cyber Security Agency's Guidelines on Securing AI Systems and Companion Guide, published 15 October 2024, explicitly tells system owners to use OWASP Top 10 for LLM Applications, OWASP Machine Learning Security Top 10, and MITRE ATLAS as reference taxonomies.

How AI-Generated Code Goes Wrong in Practice — Four Concrete Singapore Scenarios

These are illustrative composites built from documented incident patterns. Names are fictional; the failure modes are not.

Scenario 1: The hardcoded Stripe key. A Singapore fintech founder ships a Lovable-generated MVP. The AI inlines the Stripe secret key into a client-side file because the prompt did not specify "use environment variables on the server." Within hours of the Product Hunt launch, an automated GitHub-secrets scanner finds the key in the public repo. By the time the founder gets a notification the next morning, the key has already been used to issue refunds to attacker-controlled cards. Loss class: financial loss, PDPA section 26D notification clock starts the moment the founder confirms personal data was accessed.

Scenario 2: The SQL injection in a Cursor-generated query. A Singapore SaaS startup uses Cursor to generate a searchCustomers(name) function. The AI uses string concatenation rather than a parameterised query — a CWE-89 pattern that the USENIX 2024 paper "Asleep at the Keyboard" replication study found Copilot still produces. An attacker exfiltrates the customer database. Loss class: PDPA notifiable breach (likely "significant scale" if more than 500 individuals), regulatory defence costs, customer notification costs, third-party suit risk.

Scenario 3: The hallucinated package. A Singapore e-commerce SME's developer asks Copilot to write a file-upload handler. The AI suggests npm install express-image-utils. The package looks plausible; the developer does not verify it exists. An attacker has already registered the name with malware that exfiltrates process.env. Loss class: full credential compromise, AWS bill spike, supply-chain breach notification under PDPA. This is precisely the slopsquatting pattern documented by Trend Micro and mapped by Snyk to MITRE ATT&CK technique T1195.002 (Compromise Software Supply Chain).

Scenario 4: The vibe-coded admin endpoint. A Singapore B2B SaaS company's MVP, built end-to-end on Bolt, gets featured on X. Within 24 hours the platform has 5,000 sign-ups and a publicly exposed /admin endpoint with no role-based access control because the founder never asked the AI to add it. The full database is scraped before anyone notices. This is structurally identical to the Tea Firebase-bucket pattern. Loss class: PDPA breach plus reputational destruction.

The Singapore Legal Exposure Stack

PDPA Section 26D: the 3-day notification clock

Under Section 26D of the Personal Data Protection Act 2012 read with the Personal Data Protection (Notification of Data Breaches) Regulations 2021, an organisation that has assessed a breach as notifiable must notify the Personal Data Protection Commission "as soon as is practicable, but in any case no later than 3 calendar days." A breach is notifiable if it (a) is likely to result in significant harm or (b) affects 500 or more individuals.

The financial-penalty cap, in force since 1 October 2022 under section 48J of the PDPA, is the higher of S$1 million or 10% of an organisation's annual Singapore turnover where Singapore turnover exceeds S$10 million. For a Series A SaaS company hitting S$15 million in Singapore revenue, that is a S$1.5 million ceiling on a single PDPA breach.

Cybersecurity Act 2018 as amended in 2024

For SMEs that are designated Critical Information Infrastructure operators, third-party-owned CII operators or Foundational Digital Infrastructure providers, the Cybersecurity (Amendment) Act 2024, key provisions of which came into force on 31 October 2025, expanded reporting obligations to include incidents in the supply chain — and that supply chain now plausibly includes the AI coding tool itself.

The Spandeck duty of care, applied to software defects

Singapore's universal tort-of-negligence test is the two-stage Spandeck Engineering v Defence Science & Technology Agency [2007] SGCA 37 framework: factual foreseeability as a threshold, then proximity, then policy. A Singapore SME that ships AI-generated code with a known-exploitable vulnerability to a customer that suffers loss is on the wrong side of all three limbs unless its contract carves the duty out — which most SaaS click-through terms do not adequately do.

Sale of Goods, supply of services, and the CPFTA

The Sale of Goods Act 1979 implies a condition of satisfactory quality only where the AI system is supplied as a "good" — meaning it is embedded in tangible hardware such as a physical disc, USB drive, or device — and not where the AI system is supplied purely as a service or download. Singapore does not have stand-alone product-liability legislation equivalent to the UK Consumer Protection Act 1987 or the EU Product Liability Directive, so liability for defective AI software in Singapore is shaped principally by tort (negligence), contract (express and implied terms), and consumer-protection statute (CPFTA) rather than by a strict-liability product regime.

That means, for Singapore SMEs selling pure-software products, the principal liability theatres are negligence under Spandeck, breach of contract, misrepresentation under the Misrepresentation Act 1967, and the Consumer Protection (Fair Trading) Act where the customer is an individual.

The Singapore Academy of Law's Law Reform Committee, in its September 2020 report on civil liability for autonomous-vehicle accidents, concluded that "product liability presents the same difficulties as negligence because the claimant generally still has to show some fault on the manufacturer's part (i.e., prove there is a 'defect' with the software)." That observation extends directly to AI-generated code.

Singapore-specific regulatory guidance

Three primary documents matter:

  • CSA Guidelines on Securing AI Systems (15 October 2024) — a five-stage lifecycle framework (Planning, Development, Deployment, Operations, End of Life) that explicitly references OWASP and MITRE ATLAS.
  • CSA Draft Addendum on Securing Agentic AI (consultation 22 October 2025 to 31 December 2025, final not yet published as of May 2026) — Case Study 1 of the draft is a "Web application development system (SaaS implementation)" and the control catalogue includes specific guidance on supply-chain security ("Integrate software composition analysis (SCA) tools or use package managers"), system hardening ("Apply software development lifecycle (SDLC) process. Use software development tools to check for insecure coding practices"), limiting agency ("Do not allow agents to modify privileges"), environment segregation ("Sandbox the execution of AI generated scripts"), and human-in-the-loop oversight.
  • IMDA Model AI Governance Framework for Generative AI (30 May 2024) — security is one of the nine dimensions, alongside accountability, data, trusted development, incident reporting, testing & assurance, content provenance, safety & alignment, and AI for public good.
  • MAS Information Paper on Cyber Risks Associated with Generative AI (30 July 2024) — applies to MAS-regulated financial institutions and flags both "GenAI-enabled phishing, malware generation and enhancement" and "unauthorised information disclosure and data leakage" as priority risks.

Cross-border exposure: EU CRA and NIS2

For Singapore SMEs selling software products into the EU, the Cyber Resilience Act (Regulation (EU) 2024/2847) entered into force on 10 December 2024. The full obligations for "products with digital elements" apply from 11 December 2027, but reporting obligations on actively exploited vulnerabilities and severe incidents apply from 11 September 2026 — a deadline closer than most Singapore SaaS founders realise. Penalties run from €5 million to €15 million, or 1–2.5% of total worldwide annual turnover.

Singapore Insurance Market Context

How each line of cover is supposed to respond

For a Singapore SME hit by an AI-code incident, four insurance policies could plausibly engage:

Cyber insurance — typically covers data-breach response (forensics, legal, notification, credit monitoring), business interruption from a cyber event, ransomware payments where lawful, regulatory defence costs, and third-party privacy claims. The threshold question is whether the insurer treats an AI-generated SQL injection or a hardcoded secret as a "security failure" within the policy definition. Most modern wordings do, but the door has been ajar. Coalition's Affirmative AI Endorsement (March 2024) explicitly expands the definition of a security failure to include an "AI security event, where artificial intelligence technology caused a failure of computer systems' security." AXA XL's Generative AI endorsement to its CyberRiskConnect policy, available throughout "the U.S. and Canada, U.K. and Lloyd's market, and Europe and Asia," covers data poisoning, usage-rights infringement and EU AI Act regulatory violations.

Tech Errors & Omissions (Tech E&O) — covers product or service failures by technology providers; the trigger is a "wrongful act" causing third-party financial loss. Where a Singapore SaaS customer sues because an AI-generated bug in your product caused them downtime or data loss, this is the policy that fronts defence costs and indemnity. Tech E&O is almost always written on a claims-made basis.

Professional Indemnity (PI) — for software development service businesses (consultancies, dev shops, agencies). The scope question: does PI respond when the underlying breach of professional skill is the developer's failure to review AI output, rather than failure to write code themselves? The UK Lloyd's-led market has begun answering "yes" through specific endorsements.

Product Liability — relevant where the software is part of a physical product (medical device, automotive, IoT). Triggered on an occurrence basis; the AI-code defect would have to be characterised as a defect in the product itself.

D&O liability — directors' duties to oversee AI deployment governance are increasingly specifically pleaded in shareholder suits in the US. D&O is the line that responds to allegations of failure to oversee.

Media liability / IP — a separate concern: where AI-generated code copies GPL-licensed code into a proprietary product, the resulting copyright or open-source-licence claim may fall outside cyber and Tech E&O entirely.

The "silent AI" coverage gap

Industry attention through 2024 and 2025 focused on "silent AI" — the uncertainty over whether traditional cyber and E&O policies would respond at all to AI-specific failures. Karthik Ramakrishnan, CEO of Lloyd's-coverholder Armilla, framed the concern when launching its AI Liability Insurance with Chaucer at Lloyd's on 30 April 2025:

"There's a growing concern of 'silent AI cover' — the uncertainty of whether existing policies will respond to AI-specific failures, potentially mirroring the early, costly lessons of cyber risk."

Affirmative AI products available to Singapore SMEs in 2026

Through Singapore-licensed brokers and Lloyd's Asia, Singapore SMEs in 2026 can access several affirmative-AI options:

  • Coalition Affirmative AI Endorsement — added to Coalition's US Surplus and Canada cyber policies; following the May 2026 Allianz Commercial / Coalition global partnership, the architecture is being extended through Allianz's global network.
  • AXA XL CyberRiskConnect Gen AI Endorsement — covers data poisoning, usage-rights infringement, EU AI Act regulatory violations.
  • Munich Re aiSure / aiSelf — performance-guarantee insurance for AI providers and corporate adopters; Mosaic Insurance partnered with Munich Re in 2025 to offer up to EUR/USD/CAD 15 million in initial coverage.
  • Armilla AI Liability Insurance with Chaucer (Lloyd's) — covers hallucinations, model drift, mechanical failures and legal-defence costs; available to US insureds with global territorial limits, led by Chaucer.
  • Beazley / Chubb / Munich Re — Google Cloud Risk Protection Programme — for Google Cloud-native customers, Beazley offers a single-page attestation in lieu of full underwriting; affirmative AI coverage is part of the offering.

Standard SG-distributed cyber and Tech E&O capacity in 2026 sits with AIG, Chubb, AXA XL, Tokio Marine, MSIG, Allianz Commercial, Sompo, Zurich, QBE, Liberty Specialty Markets and a range of Lloyd's Asia syndicates.

The 2026 soft market: a window to negotiate

According to Marsh's Q1 2026 Global Insurance Market Index, released 22 April 2026, global commercial insurance rates fell 5% in Q1 2026, the seventh consecutive quarterly decline. Cyber insurance rates declined 5% globally; financial and professional lines declined 5%. The Asia composite fell 5%. Underwriters in Marsh's data are "scrutinising aggregation risk from interconnected technologies, artificial intelligence (AI) exposure, and privacy concerns related to tracking technology usage." Translation for Singapore SMEs: the soft cycle gives buyers room to negotiate affirmative AI wordings, higher sub-limits on regulatory defence, and broader supply-chain triggers — leverage that did not exist in 2022–2023.

Standard exclusions to watch

Across cyber, Tech E&O and PI, the exclusions that most often catch out AI-code claims are:

  • Open-source-licence and IP-infringement carve-outs — a Tech E&O policy that excludes IP infringement will not respond to a claim that AI generated GPL-licensed code into a proprietary product.
  • Prior acts and known circumstances — a vulnerability that pre-dates inception and was logged in your issue tracker may be excluded.
  • Contractual liability assumed beyond standard terms — overly broad indemnities to enterprise customers can fall outside cover.
  • Bodily injury and property damage — usually excluded from cyber and Tech E&O; may be the responsibility of GL or product-liability cover.
  • War and infrastructure exclusions — Lloyd's cyber war wording rolled out in 2023 and is now broadly adopted.

What This Means for Your Business

If your Singapore SME ships software, three things are now more likely true than not.

First, AI tools have authored code that is sitting in your production systems and that no human has fully read. Stack Overflow's 2025 survey says 84% of developers either use or plan to use AI tools; Snyk says 96% of coders do. The questions are not whether but how much, and what.

Second, your existing cyber, Tech E&O and PI policies were almost certainly priced and worded before "vibe coding" entered the lexicon. Some carriers have moved fast (Coalition, AXA XL, Beazley, Chaucer/Armilla, Munich Re); most have not yet endorsed Singapore wordings affirmatively.

Third, the 2026 soft market is the negotiation window. Marsh's data shows seven consecutive quarters of cyber rate declines, ample capacity, and underwriters explicitly looking at AI as an aggregation factor. SMEs that go to renewal with documented AI governance, code-review policy, secrets scanning, software composition analysis and a written incident-response plan that includes the PDPA section 26D 3-day clock will get better terms than those that do not.

A staged risk-management programme

The following is descriptive, not advisory. Decisions on coverage selection and risk transfer must come from a licensed Independent Financial Adviser or insurance broker.

  1. Inventory every AI coding tool in use. Cursor, GitHub Copilot, Codeium, Cody, Claude Code, Replit Agent, Lovable, Bolt, v0, Devin — write down which engineer uses what, on which repos, with what data access.
  2. Mandate human review of every AI-generated change with a security lens. "Accept All" should not be the default keystroke for production code.
  3. Integrate static application security testing (SAST) and software composition analysis (SCA) into CI/CD. Veracode, Snyk, Semgrep, GitHub Advanced Security, and CodeRabbit all have mature offerings; the CSA Draft Addendum specifically references SCA as a control.
  4. Run secrets scanning before every push. Hardcoded API keys are the single most common AI-code failure mode; tools like GitGuardian, TruffleHog and GitHub secret scanning catch them.
  5. Verify every package exists on the official registry before installing. Pin versions; use lockfiles. The slopsquatting attack collapses if you do not run pip install on a package the AI just made up.
  6. Threat-model AI-generated components specifically. Map agent privileges; apply least privilege. The CSA Draft Addendum's instruction is unambiguous: "Do not allow agents to modify privileges."
  7. Penetration-test before each material release — and contractually require it for any product handling personal data.
  8. Conduct vendor due diligence on AI coding tool providers. Read the terms on training-data use, output ownership, IP indemnification and data residency. Samsung's 2023 ban came down to terms few read.
  9. Audit your insurance stack against AI-code failure modes. Cyber, Tech E&O, PI, Product Liability, D&O and Media/IP — check definitions of "security failure," "wrongful act," and any AI-specific exclusions.
  10. Write a PDPA Section 26D-compliant incident-response playbook. Three calendar days from assessment is short. The clock starts whether your CTO is on a flight to Tokyo or not.

Questions to Ask Your Adviser

When you sit down with a licensed Independent Financial Adviser or broker, the following questions surface the gaps that matter most for AI-generated code risk. They are not exhaustive.

  1. Does our cyber policy contain an affirmative AI endorsement, and if so, does it cover AI-caused security failures, AI-caused data exfiltration, and AI-caused regulatory violations — or only some of these?
  2. How does our Tech E&O wording define a "wrongful act," and would an AI-generated SQL injection, a hardcoded secret, or a hallucinated package install fall within that definition?
  3. What sub-limit applies to regulatory defence costs and PDPA notification expenses, and is that sub-limit aggregated across the policy period?
  4. Are open-source licence claims and IP-infringement claims arising from AI-generated code covered, excluded, or sub-limited under our cyber, Tech E&O and Media liability policies?
  5. Does our PI policy respond when the underlying alleged breach of professional skill is failure to supervise AI output, as opposed to a developer's own coding error?
  6. What documentation will the carrier require in a claim — code-review logs, SAST/SCA reports, AI-tool usage logs, prompt histories — and do we maintain those today?
  7. Does the policy contain any AI-specific warranties or conditions precedent (for example, mandatory human review of AI-generated code) whose breach would void cover?
  8. If we sell software products into the EU, does our cover respond to penalties or defence costs under the EU Cyber Resilience Act (vulnerability reporting from 11 September 2026, full obligations from 11 December 2027)?

Match with a licensed IFA →

Related Information

Published 8 May 2026. Source verified 8 May 2026. COVA is an introducer under MAS Notice FAA-N02. We do not recommend insurance products. We provide factual information sourced from primary regulators and route you to a licensed IFA who can match a policy to your specific situation.