AI Governance for Insurance.
Underwriters, claims adjusters, SIU investigators, and customer-service staff are sending applicant data, medical records, claim narratives, and policyholder identifiers into ChatGPT, Copilot, Azure OpenAI, and internal AI tools. The gateway between those users and the model is where the NAIC Model Bulletin, NYDFS Circular Letter No. 7, Colorado SB21-169, GLBA, and HIPAA need to be applied, because the content control plane the LLM provider offers stops at the model boundary and is blind to the customer policy.
DeepInspect runs inline in front of the AI provider. Applicant identifiers, PHI, claim attachments, and proprietary rating factors are detected and transformed before the payload leaves the customer environment. Every decision is written to a tamper-evident forensic record with the policy version, the actor identity, and the original and transformed payloads preserved. The same configuration applies to interactive chat, retrieval-augmented underwriting copilots, claims summarization, and autonomous agent workflows.
The risk surface in insurance AI
Applicant data and PHI inside underwriting prompts
Life, health, and disability underwriters paste APS records, lab results, prescription histories, MIB reports, and applicant identifiers into AI tools. The HIPAA Business Associate Agreement and the GLBA Safeguards Rule are the only remaining controls once the payload leaves the carrier boundary, and those agreements cover downstream handling, not the act of disclosure.
Adverse action explanations and testing for unfair discrimination
NAIC adopting states, New York, Colorado, and California ask carriers to explain adverse decisions and to test AIS and ECDIS for unfair discrimination. The reproduction step rests on a contemporaneous record of the prompt, the inputs the model saw, the response, and the policy version. Most carriers are unable to produce that record because the AI interaction log either does not exist or sits inside the LLM provider.
Claims fraud workflows that touch SIU evidence
Special investigation units use AI to summarize claim files, identify ring patterns, and triage referrals. The evidentiary chain matters: an AI-assisted SIU narrative that ends up in a SAR or in litigation has to carry the same attribution and integrity guarantees the source records carry. Without a signed record of the AI decision, the chain breaks.
Agents reaching into policy admin and claims systems
Autonomous agents now query policy admin platforms, claims systems, and rating engines. A misrouted tool call or a prompt-injected agent can change a status, issue a payment, or expose a book of business. The control needs to live at the agent gateway, because the downstream system trusts the agent identity.
How DeepInspect applies controls
PHI, NPI, and applicant identifier detection
Deterministic detectors match the eighteen HIPAA Safe Harbor identifiers, GLBA NPI classes, applicant identifiers, and policy and claim numbers. Each match is redacted, tokenized, or blocked according to the configured action for the user role in effect. Tokenization keeps a reversible mapping inside the carrier environment for downstream traceability.
Identity-aware policy across underwriting, claims, and SIU
Role identity is supplied by the customer IdP at request time. The gateway evaluates the per-role action map and applies the matching transformation. A senior underwriter can receive tokenized applicant identifiers for case-level traceability while a junior reviewer sees fully redacted payloads on the same policy. The action map is part of the policy version, so role changes are captured in the audit trail.
Reproducible decision records for testing and adverse actions
Every interaction writes a signed record containing the actor identity, the policy version, the rule evaluation path, the original payload, the transformed payload, and the upstream response. That record set is the substrate for the adverse-action explanation, the unfair-discrimination testing program, and the consumer complaint response.
Prompt injection and adversarial input handling
Adversarial inputs inside claim attachments, applicant narratives, and broker-submitted documents are scored against the configured detectors and blocked or routed to escalation according to policy. The score, the input, and the action are preserved in the forensic record.
Tool and agent allowlists for policy admin and claims systems
Autonomous agents reach policy admin platforms, claims systems, rating engines, and provider directories. The gateway enforces allowlists and blocklists on the tools an agent invokes and the data sources it reads. An agent that attempts to call a system outside its allowlist is stopped at the gateway with a record of the attempt.
Forensic deep analysis for fraud rings and slow exfiltration
Patterns across the forensic store surface coordinated prompt sequences, repeated near-miss policy hits, and the kind of slow exfiltration that single-event monitoring misses. The analysis runs against the carrier projection and produces queryable findings that map back to the source interactions.
Regulatory mapping
NAIC Model Bulletin on Use of AI Systems by Insurers
The AIS Program documentation, vendor oversight evidence, and decision-level records the bulletin asks for map directly to the gateway record. Adopting states (more than 25 as of 2026) use the same expectations during market-conduct examinations.
NYDFS Circular Letter No. 7 (2024)
Governance, risk management, third-party oversight, and consumer disclosure expectations on AIS and ECDIS used in underwriting and pricing. The gateway enforces data classifications on prompts, restricts which sources an underwriting agent can read, and preserves the contemporaneous record New York expects.
Colorado SB21-169 and Reg 10-1-1
Life insurers must test ECDIS for unfairly discriminatory outcomes and maintain governance documentation. The gateway preserves the inputs, the response, the policy version, and the role identity that the testing program and the documentation request expect.
GLBA Safeguards Rule
NPI detection and transformation apply 16 CFR Part 314 handling at the AI layer. The signed audit trail supports the 314.4(d) periodic risk-assessment evidence requirement and the 314.4(h) incident response program with the original payload preserved.
HIPAA and HITECH
Health insurers, dental, vision, and stop-loss carriers operate as covered entities. PHI detection applies Safe Harbor handling at the AI layer. The audit trail supports the Security Rule 45 CFR 164.312(b) audit controls and 164.312(c) integrity requirements.
EU AI Act
Risk assessment and pricing of natural persons in life and health insurance fall inside the high-risk category under Annex III. Policy versioning produces the change-control trail relevant to Article 17. The forensic record covers Article 12 record-keeping. Inline enforcement with fail-closed default behavior addresses Article 9 risk management.
The scale of the gap
of organizations reported confirmed or suspected AI agent security incidents in the past year. The number is higher in regulated sectors including insurance and health-adjacent carriers.
is the global average cost of a data breach in 2024. Insurance-adjacent breaches that involve PHI consistently land above the cross-industry average because of HIPAA exposure layered on top of GLBA exposure.
of builders cite the absence of auditability and logging as a top concern. Only 7.7% audit agent activity daily, which leaves most carriers without the contemporaneous record that the NAIC Model Bulletin and HIPAA require.
of global annual turnover is the upper bound on EU AI Act fines for non-compliance with prohibited-AI obligations under Article 99. High-risk insurance pricing systems sit in the regime that the fines apply to.
Deployment
The gateway runs self-hosted in the customer VPC or on-premises. SaaS and hybrid deployments are available for organizations with different sovereignty requirements. PHI, NPI, the forensic store, and the transaction object store stay inside the carrier boundary in every configuration.
DeepInspect sits inline between users, agents, and the AI provider. It works with OpenAI, Azure OpenAI, Anthropic, Bedrock, and internal models without requiring a model migration. Existing IdP, SIEM, DLP, policy admin, and claims-system integrations stay in place. Production cutover typically lands inside two weeks for a defined application scope.
Policy on every AI interaction, enforced before data leaves the boundary.