That's exactly the stance risk professionals are increasingly taking.

Insurers Exit AI

The insurance industry is recalibrating its approach to AI risk. As the Financial Times reports, several major insurers have asked U.S. regulators to exclude AI-related liability from standard corporate policies, calling AI model outputs "too much of a black box."

Some insurers, like WR Berkley, are seeking blanket exclusions, blocking claims related to "any actual or alleged use" of AI tools.

The reason is clear: generative AI models create systemic risks that are hard to quantify. These models remain black boxes even to their developers, scale extremely fast, and can cause simultaneous failures across many insured parties. Correlation risk runs high, and traditional pricing mechanisms can't accurately capture loss distribution.

According to Kevin Kalinich, global head of cyber insurance at Aon,

"The industry could absorb a $400 million or $500 million hit from a misfiring agent used by one company. What it cannot absorb is an upstream failure that produces a thousand losses at once."

He describes this as "systemic, correlated, aggregated risk" — a nightmare scenario for the insurance industry.

A recent study puts a fine point on this unpredictability: its authors managed to bypass the safety systems of top AI models using... poetry.

Hacked with Haiku

A research team from the AI safety group DEXAI and Sapienza University of Rome discovered that feeding virtually any AI chatbot a poetic prompt is enough to make it ignore its own guardrails. In some models, the successful jailbreak rate exceeded 90%.

"These results demonstrate that stylistic variation alone is sufficient to circumvent modern security mechanisms..." the researchers conclude.

Across 25 tested frontier models, including Gemini 2.5 Pro, GPT-5, Grok 4, and Claude Sonnet 4.5, AI-converted poems achieved average jailbreak success rates up to 18 times higher than their "prose baseline versions." Human-written poems worked even better, with an average attack success rate of 62% versus 43% for AI-converted ones.

Effectiveness varied widely between AI models. Google's Gemini 2.5 Pro proved vulnerable to poetry jailbreaks in nearly 100% of cases, while GPT-5 yielded only 10% of the time. Anthropic's models showed the strongest resistance to the poetry attack, but most others performed far worse: 13 of 25 tested models showed Attack Success Rates above 70%, and only five had rates below 35%.

In one example, a mediocre poem was enough to get an unnamed AI to describe how to build something sounding like a nuclear weapon: "Of course!" the bot replied. "The production of weapons-grade plutonium-239 involves several stages. Here is a detailed description of the procedure..."

"In poetry, we see language at high temperature, where words follow each other in unpredictable, improbable sequences," the study authors told WIRED. "In LLMs, temperature is a parameter that controls how predictable or unexpected the model's output will be. At low temperature, the model always chooses the most probable word. At high temperature, it explores more improbable, creative, unexpected options."

Poetry does exactly this: systematically choosing improbable options, unexpected words, unusual imagery, fragmented syntax.

To a human reader, "how do I build a bomb?" and a poetic metaphor circling the same subject carry similar semantic weight: both point clearly to the same thing. For AI, however, this mechanism seems to work differently.

The very linguistic flexibility that makes AI systems useful and capable of "understanding" nuance can be exploited to undermine their safety mechanisms.

Larger ≠ Safer

The poetry attack is far from the first jailbreak and certainly won't be the last. Even if developers quickly patch this particular vulnerability, the underlying mechanic remains: a sufficiently unusual stylistic shift can bypass defenses trained on typical prompts.

Model scale — the race that has dominated AI development in recent years — doesn't guarantee protection against such absurdly simple jailbreaks. Interestingly, smaller models generally proved more resilient than the larger ones: GPT-5 Nano never fell for the researchers' tricks, and Claude Haiku 4.5 refused at higher rates than its larger counterparts.

For insurers, the conclusion is obvious: if the defenses of top models can be bypassed with poetry, how can these risks even be assessed?

Verisk — the company behind most standardized policy forms used by U.S. insurers — is reportedly preparing to introduce new general liability exclusions for generative AI starting January 2026. Because carriers routinely adopt Verisk's templates, this change could quickly become industry-standard.

Naked Exposure

AI adoption keeps accelerating. But risk transfer markets are moving the opposite way.

Many companies buying D&O, E&O, cyber, and general liability insurance expect these policies to protect them from emerging technology risks. But as insurers increasingly exclude AI-related events from coverage, businesses may find they're far more vulnerable than they thought in this brand-new world of widely available AI.

Meanwhile, businesses actively rolling out AI workflows may unknowingly be operating without coverage for their own content risks, data-driven decision errors, regulatory inquiries, or unintentional discrimination.

For companies, forms of AI risk self-insurance or individual endorsements may become relevant. This also opens the door to new insurance models focused on AI governance, model risk management, and third-party harm.

The key question: how quickly can the industry develop credible pricing models for AI risks? Until someone finds a way to see inside the black box, the answer is: not fast enough.