Liability Uncertainties When Agentic AI Misfires

Published On -

Tommaso (Tommy) Ceccuzzi Corporate and Business Law

Agentic AI refers to AI agents that can act on a user’s behalf, not only searching and comparing products, but also completing transactions, for example, purchasing. Consumers could instruct the agentic AI: “Book me a flight from New York to London on Date XYZ for no more than $1,000.”

The technology largely exists today. One bottleneck is payments: how can an AI be authorized to spend money safely? Credit card companies are responding with “agentic tokens.” A consumer authorizes an AI agent, and the payment network issues a token with predefined limits (amount, merchant, product category, duration, etc.). The AI can transact only within those parameters (e.g., no more than $1000 or the token will reject the purchase). For example, Visa has published information on its Visa Intelligent Commerce and Intelligent Commerce Connect initiatives (https://lnkd.in/df6BXtfF), while Mastercard has announced its Agent Pay platform (https://lnkd.in/diDfJdyr).

These systems are designed to prevent an AI from exceeding authorized spending limits. But they do not necessarily resolve all risks.

What if the AI:
• Books the wrong flight while staying within budget?
• Misunderstands instructions and selects an itinerary with multiple layovers and no checked baggage?
• Is manipulated through prompt injection or another attack?
• Purchases from a fraudulent merchant and no ticket is ever issued?

At that point, the issue is no longer authorization, but liability. Who bears the loss?
• The consumer, because he authorized the agent?
• The AI provider?
• The merchant?
• The payment network?
• Or is the answer determined by contract?

Agentic tokens may solve the authorization problem, but the above legal problems remain unsolved.

Several solutions are theoretically possible.

Under agency law, often the principal will bear the loss if the agent acts in an unauthorized fashion because the principal chose the agent. Can we think of examples either by common law decision statute or regulation in which this model of liability putting the loss on the principal is modified?  Yes, of course: the common-law rule is often summarized as: between an innocent third party and a principal who selected the agent, the principal frequently bears the loss if the agent acted with actual, apparent, or inherent authority.

But there are many statutory, regulatory, and common-law departures from that baseline.

The federal government regulates card user liability for credit cards and debit cards. But given that limitation, who bears the loss when there is a misuse of the card?

In most card-payment systems, the loss is ultimately allocated among four parties:

  1. The cardholder
  2. The merchant
  3. The issuing bank (the bank that issued the card)
  4. The payment network (e.g., Visa or Mastercard), although the network itself usually does not absorb the loss directly.

Federal law primarily limits how much of the loss can be passed to the consumer. It does not determine who ultimately absorbs the remaining loss.

For example:

  • Credit card fraud (unauthorized use)
  • Under the U.S. Fair Credit Billing Act, consumer liability is generally capped at $50, and most issuers voluntarily provide zero-liability protection.
  • The issuing bank initially reimburses the customer.
  • The bank then attempts to recover the loss through the chargeback process.
  • Depending on the circumstances, the loss may end up with the merchant or remain with the issuing bank.
  • Debit card fraud
  • Consumer liability depends on how quickly the loss is reported.
  • After the consumer is protected, the issuing bank again seeks recovery through the payment system.
  • The final loss is allocated according to network rules.

The key question is usually: Did the merchant properly authenticate the transaction?

If the merchant failed to follow required procedures (for example, accepted a counterfeit card or ignored security requirements), the merchant often bears the loss.

If the merchant complied with all network requirements, the issuing bank frequently bears the loss.

A good example is the EMV chip liability shift:

  • If a merchant refuses to use chip technology when required and accepts a counterfeit card, the merchant typically bears the loss.
  • If the merchant used the chip correctly, the issuer generally bears the counterfeit-fraud loss.

This allocation of losses is why banks invest heavily in fraud detection and why merchants invest heavily in authentication systems.

One possibility is to solve the liability issue in the case of an agentic AI’s misfiring is have in place a system like the credit card unauthorized transaction or the debit card one.

In the context of the “agentic AI”, however, if an authorized AI agent makes a purchase that the consumer later claims he did not intend, is that an unauthorized transaction (bank’s problem) or an authorized transaction that the consumer simply regrets (consumer’s problem)?

The answer to that question of course will largely determine who ultimately bears the loss.

Some important examples:

  1. Forged checks under the Uniform Commercial Code

A forged check is often treated differently from an unauthorized act by an agent.

Under Articles 3 and 4 of the Uniform Commercial Code, the drawee bank generally bears the initial loss for paying a forged drawer signature because the bank is expected to know its customer’s signature. However, the loss may be shifted back to the customer if the customer was negligent in safeguarding checks or failed to review bank statements and report the forgery promptly.

Thus, the law does not simply say, “the customer chose the employee who committed the fraud, therefore the customer pays.”

  1. Electronic Funds Transfer Act

For consumer debit-card and electronic-transfer fraud, Electronic Funds Transfer Act intentionally departs from ordinary agency principles.

Suppose a spouse, child, caregiver, or employee gains access to a debit card and makes unauthorized transfers. Under traditional agency concepts, one might ask whether the principal created the risk by entrusting the card. Instead, Congress capped consumer liability and placed much of the loss on financial institutions.

  1. Credit-card statutes

The Fair Credit Billing Act similarly rejects a pure agency approach.

If someone steals a card and uses it, the cardholder is not liable for the full amount merely because he possessed or selected the card. Congress imposed a statutory allocation of risk favoring consumers and requiring issuers to absorb much of the loss.

  1. Securities law

In some circumstances, securities laws impose liability on controlling persons or firms, but they also create defenses based on reasonable supervision.

For example, under provisions such as Section 20(a) of the Securities Exchange Act of 1934, a controlling person may avoid liability by establishing good-faith defenses. The law therefore does not always place losses automatically on the principal who selected the agent.

  1. Employee theft and fidelity bonds

Commercial practice often reallocates losses through insurance. An employer may be the victim of an employee’s fraud, but a fidelity insurer may ultimately bear the economic loss.

This is not a change in agency law itself, but it is a deliberate departure from the idea that the principal always absorbs the consequences of selecting the agent.

  1. Cybercrime and payment fraud

Modern payment systems increasingly allocate losses according to compliance obligations rather than agency principles.

For example, if a business employee is tricked by a business-email-compromise scam into wiring funds, courts frequently analyze the dispute under UCC Article 4A. The critical question may be whether the bank’s security procedures were commercially reasonable, not whether the customer selected the employee who initiated the transfer. The loss can fall on the bank even though the customer’s agent triggered the payment.

  1. Bankruptcy trustees and receivers

A bankruptcy trustee or court-appointed receiver may not always be charged with the misconduct of the debtor’s prior managers. Courts sometimes refuse to impute wrongdoing to the trustee because the trustee represents innocent creditors rather than the wrongdoers themselves. This is a significant departure from ordinary principal-agent attribution rules.

Conclusion

The tension between traditional agency law and consumer-protection loss-allocation rules is likely to become one of the central legal issues for AI agents that can spend money autonomously.

In my opinion, the most direct analogy to agentic AI may actually be payment-card law itself. If an AI assistant is viewed as the consumer’s agent, common-law agency principles would suggest that the consumer bears losses caused by the AI’s mistakes. Yet consumer-protection statutes governing cards and electronic transfers were enacted precisely to override that type of risk allocation. The policy judgment was that banks and payment networks are often better positioned to prevent, detect, insure against, and spread fraud losses than individual consumers.  In my opinion, in case of agentic AI, a similar reasoning could (and maybe should) be done.

Tommaso Ceccuzzi