The Coalition playbook, applied to AI agents.

In the early 2010s, cyber insurance looked the way agent insurance looks today. Traditional carriers did not want to write it. The attribution was messy. The losses were weird. The exclusion language in GL and property policies kept growing.

Then a small number of companies, led by Coalition, did something different. They built a proprietary data layer first. Coalition Control was a security monitoring platform they offered at low cost or no cost. Every policy they wrote was priced using data from the monitoring product. They could see what the insured was running, what had been patched, what had not, what indicators of compromise were surfacing.

That data was the moat. Legacy carriers were writing cyber on questionnaires. Coalition was writing it on runtime evidence. The pricing was better. The selection was better. The claims were lower. Near-zero to $16B in a decade. $29B projected by 2027. The legacy carriers are now partners.

The failure mode is identical. Traditional carriers cannot price agent risk because the attribution is messy, the losses are weird, and their actuarial models do not have a column for this class. They default to exclusion. AIG, WR Berkley, Chubb, Great American are all filing it.

What is different is the compression. Cyber had a decade to build. Agents have two years, maybe. EU AI Act enforcement begins August 2026. Gartner projects 2,000+ legal claims by end of 2026. The carriers who win will be the ones with proprietary runtime evidence, priced on that evidence, with active mitigation embedded in the policy.

Stage 1 is the data layer. Coalition Control for agents. Ingest production traces. Score them against an incident pattern library. Produce claims-grade verdicts. Make it complimentary for enterprises to get scored, so the data flywheel starts. This is where Agendex is today. 3,000+ events already scored. 7 of 9 risk pathways covered at evidence level.

Stage 2 is the policy layer. Pricing, policy language, capacity. Coverage modules priced against live runtime evidence instead of questionnaires. First policy write-ups with actuarial sign-off. Lloyd's coverholder and syndicate conversations. This is the next six months.

Stage 3 is active mitigation. MDR-style response embedded in the policy. When the risk score drops, the carrier tightens controls automatically. When a pattern emerges across a book, the model updates and every insured gets the benefit. This is where Coalition is today on cyber. It is where we will be on agents.

The Gen 1 players are Munich Re aiSure, AIUC, Armilla, Testudo. A mix of point-in-time audits, pre-deployment certifications, adversarial testing, and cyber/E&O retrofits. Most of them ship coverage language ahead of underwriting capability.

The tell is this: none of them have runtime evidence feeding the model. Their certifications go stale the moment the deployment evolves. Adversarial testing tells you what could happen in a lab, not what is happening in production. Retrofits leak through the attribution question.

You cannot build an insurance business for a new class of risk using old data. You need the data moat first. That is the whole game.

We are building the stack ground-up. Risk Core is live. Insurance workflows are next. Active mitigation after that. The only player building the full stack, purpose-made for agents.

If you are an enterprise with agents in production and you want to know how insurable they are, get a risk report. If you are a carrier, coverholder, or syndicate exploring AI as a class, we want to talk.