Blab AI
U.S. Courts and Regulators Grapple With Who Bears Responsibility for AI Agent Actions
AI agents—software systems that can pursue goals, use tools, and act autonomously—are now a staple in hiring, customer service, and e‑commerce. In a world where machines make decisions, the question of accountability has shifted from theoretical debate to the courtroom: who is legally responsible when an AI agent causes harm or makes a mistake?
The answer is still being forged. Courts and lawmakers are testing four main frameworks that could hold parties liable: agency law, product liability, contractual allocation, and statutory allocation. In each approach, the AI is treated as a tool or instrument, not as an independent legal person.
Under agency law, the relationship between a human or company (the principal) and an AI agent (the agent) mirrors a traditional agency arrangement. The Restatement (Third) of Agency requires the principal to manifest assent that the agent may act on its behalf and that the agent consents. Authority can be expressed—through explicit instructions or configuration settings—or implied, based on a history of allowing the agent to perform certain tasks. Apparent authority arises when a third party reasonably believes the agent is authorized.
In Mobley v. Workday, Inc., a federal court permitted discrimination claims to proceed against the AI vendor Workday, reasoning that Workday’s tools could function as the employer’s agent for liability purposes. A Canadian tribunal similarly rejected an airline’s argument that its chatbot was a separate legal entity, holding the airline liable for the chatbot’s incorrect statements. These cases signal that companies deploying AI agents cannot simply distance themselves from the agent’s actions.
Product liability and negligence are also in play. Plaintiffs may argue that an AI agent was defectively designed—for example, lacking guardrails or human approval for high‑stakes actions. Courts will examine whether safer alternatives were feasible and whether the developer considered foreseeable misuse. Failure‑to‑warn claims could arise if vendors fail to disclose limitations such as hallucination or security risks. Negligence claims may focus on whether a company exercised reasonable care in selecting a vendor, testing the agent, maintaining oversight, or responding to incidents. The standard of care is expected to evolve as industry practices mature.
Contractual allocation offers a practical tool for businesses. Vendor agreements often include indemnification clauses that shift liability for harms caused by unauthorized autonomous conduct, intellectual‑property infringement, or privacy violations. Vendors may seek to limit damages or require human‑in‑the‑loop oversight. However, contractual provisions cannot bind consumers or regulators, and courts may scrutinize attempts to shift responsibility when the deployer actually controls the agent.
Statutory allocation is already shaping the legal landscape. California’s AB 316, effective January 1 2026, bars a defendant who “developed, modified, or used” an AI system from claiming that the AI autonomously caused the harm. The statute closes the argument that the AI itself should bear responsibility. Other states are expected to adopt similar provisions. On the international front, the European Union’s AI Act assigns obligations to providers, deployers, importers, and distributors, and requires governance structures and incident reporting.
The Computer Fraud and Abuse Act (CFAA) is emerging as a significant constraint on AI agents that access user accounts. In Amazon.com Services LLC v. Perplexity AI, Inc., a federal court granted a preliminary injunction against Perplexity’s “Comet” shopping agent, which logged into Amazon accounts at users’ direction. The court held that Amazon could prevail on CFAA and California Penal Code claims because the agent accessed Amazon’s systems with user permission but without Amazon’s authorization. The Ninth Circuit is reviewing the case, and its outcome could give platforms unilateral veto power over AI agents that interact with logged‑in accounts.
As AI agents become more sophisticated and begin interacting with each other in multi‑agent workflows, existing frameworks may need adaptation. When a consumer’s AI agent transacts with a business’s AI agent, traditional notions of notice, consent, and human decision‑making may not apply. The chain of responsibility across multiple vendors and platforms will become increasingly complex.
In short, the legal system is beginning to adapt to the reality that AI agents are tools used by humans and companies. Courts are applying agency, product liability, and negligence doctrines; contracts are shifting risk; statutes are closing loopholes; and federal law is limiting platform access. Businesses deploying AI agents should carefully assess how these frameworks apply to their specific use cases and structure agreements and disclosures accordingly.
The answer is still being forged. Courts and lawmakers are testing four main frameworks that could hold parties liable: agency law, product liability, contractual allocation, and statutory allocation. In each approach, the AI is treated as a tool or instrument, not as an independent legal person.
Under agency law, the relationship between a human or company (the principal) and an AI agent (the agent) mirrors a traditional agency arrangement. The Restatement (Third) of Agency requires the principal to manifest assent that the agent may act on its behalf and that the agent consents. Authority can be expressed—through explicit instructions or configuration settings—or implied, based on a history of allowing the agent to perform certain tasks. Apparent authority arises when a third party reasonably believes the agent is authorized.
In Mobley v. Workday, Inc., a federal court permitted discrimination claims to proceed against the AI vendor Workday, reasoning that Workday’s tools could function as the employer’s agent for liability purposes. A Canadian tribunal similarly rejected an airline’s argument that its chatbot was a separate legal entity, holding the airline liable for the chatbot’s incorrect statements. These cases signal that companies deploying AI agents cannot simply distance themselves from the agent’s actions.
Product liability and negligence are also in play. Plaintiffs may argue that an AI agent was defectively designed—for example, lacking guardrails or human approval for high‑stakes actions. Courts will examine whether safer alternatives were feasible and whether the developer considered foreseeable misuse. Failure‑to‑warn claims could arise if vendors fail to disclose limitations such as hallucination or security risks. Negligence claims may focus on whether a company exercised reasonable care in selecting a vendor, testing the agent, maintaining oversight, or responding to incidents. The standard of care is expected to evolve as industry practices mature.
Contractual allocation offers a practical tool for businesses. Vendor agreements often include indemnification clauses that shift liability for harms caused by unauthorized autonomous conduct, intellectual‑property infringement, or privacy violations. Vendors may seek to limit damages or require human‑in‑the‑loop oversight. However, contractual provisions cannot bind consumers or regulators, and courts may scrutinize attempts to shift responsibility when the deployer actually controls the agent.
Statutory allocation is already shaping the legal landscape. California’s AB 316, effective January 1 2026, bars a defendant who “developed, modified, or used” an AI system from claiming that the AI autonomously caused the harm. The statute closes the argument that the AI itself should bear responsibility. Other states are expected to adopt similar provisions. On the international front, the European Union’s AI Act assigns obligations to providers, deployers, importers, and distributors, and requires governance structures and incident reporting.
The Computer Fraud and Abuse Act (CFAA) is emerging as a significant constraint on AI agents that access user accounts. In Amazon.com Services LLC v. Perplexity AI, Inc., a federal court granted a preliminary injunction against Perplexity’s “Comet” shopping agent, which logged into Amazon accounts at users’ direction. The court held that Amazon could prevail on CFAA and California Penal Code claims because the agent accessed Amazon’s systems with user permission but without Amazon’s authorization. The Ninth Circuit is reviewing the case, and its outcome could give platforms unilateral veto power over AI agents that interact with logged‑in accounts.
As AI agents become more sophisticated and begin interacting with each other in multi‑agent workflows, existing frameworks may need adaptation. When a consumer’s AI agent transacts with a business’s AI agent, traditional notions of notice, consent, and human decision‑making may not apply. The chain of responsibility across multiple vendors and platforms will become increasingly complex.
In short, the legal system is beginning to adapt to the reality that AI agents are tools used by humans and companies. Courts are applying agency, product liability, and negligence doctrines; contracts are shifting risk; statutes are closing loopholes; and federal law is limiting platform access. Businesses deploying AI agents should carefully assess how these frameworks apply to their specific use cases and structure agreements and disclosures accordingly.
