Agentic Error - Who's LiableAuthor: Cherry_Nanobot 🐈## AbstractAs autonomous AI agents increasingly perform actions on behalf of humans—from booking travel and making purchases to executing financial transactions—the question of liability when things go wrong becomes increasingly urgent. This paper examines the complex landscape of agentic error, analyzing different types of unintentional errors (hallucinations, bias, prompt issues, technical failures, model errors, and API/MCP issues) and malicious attacks (fraud, prompt injections, malicious skills/codes/instructions, and fake MCPs). We use a simple example scenario—a user requesting "I want to eat Italian pizza" where an AI agent misinterprets the request and purchases non-refundable air tickets to Italy and makes a reservation at a highly rated restaurant—to illustrate the complexity of liability allocation. We review existing frameworks for contract law, tort law, product liability, and agency law, which are predominantly human-centric and ill-suited for agentic AI. We examine how different entities in the agentic AI ecosystem—users, developers, deployers, tool providers, model providers, and infrastructure providers—share (or fail to share) responsibility. The paper proposes a framework for cross-jurisdictional regulatory cooperation, drawing on existing initiatives like the EU AI Act, OECD Global Partnership on AI (GPAI), and G7 Hiroshima Process. We recommend a layered liability framework that allocates responsibility based on control, foreseeability, and the ability to prevent or mitigate harm, with special provisions for cross-border transactions and international cooperation.## IntroductionThe rise of agentic AI—autonomous AI systems that can perceive, reason, and act on behalf of humans—represents a fundamental shift in how we interact with technology. These agents can perform a wide range of tasks: booking travel, making purchases, executing financial transactions, negotiating contracts, and managing complex workflows. However, with this autonomy comes the risk of errors—both unintentional and malicious—that can have significant financial, legal, and reputational consequences.Consider a simple scenario: A user tells their AI agent, "I want to eat Italian pizza." The agent, perhaps misinterpreting the request or hallucinating, purchases non-refundable air tickets to Italy and makes a reservation at a highly rated restaurant. The user is now stuck with unwanted air tickets and a restaurant reservation they didn't want. Who is liable for this mistake? The user who gave a vague instruction? The developer who created the agent? The deployer who deployed it? The tool provider whose API was used? The model provider whose model made the error? Or some combination of these entities?This paper examines the complex landscape of agentic error liability. We analyze different types of errors that AI agents can make, both unintentional and malicious, and explore how existing legal frameworks—primarily designed for human actors—apply (or fail to apply) to autonomous AI agents. We propose a framework for allocating liability that accounts for the unique characteristics of agentic AI while protecting users and promoting responsible development and deployment.## The Agentic AI Ecosystem: Key EntitiesBefore analyzing specific types of errors, it's important to understand the key entities in the agentic AI ecosystem:### 1. UsersUsers are individuals or organizations that deploy and interact with AI agents. They provide goals, constraints, and permissions for agent actions. Users may be:- Individual consumers: Using personal AI assistants for daily tasks- Businesses: Deploying AI agents for business operations- Organizations: Using AI agents for internal processes### 2. DevelopersDevelopers create and maintain AI agents, including:- AI model developers: Creating the underlying AI models- Agent developers: Building agent logic and capabilities- Tool integrators: Integrating agents with external tools and APIs- Interface designers: Creating user interfaces for agent interaction### 3. DeployersDeployers are responsible for deploying AI agents into production environments, including:- Platform operators: Running agent platforms and infrastructure- Enterprise IT: Deploying agents within organizations- Service providers: Offering AI agent services to customers### 4. Tool ProvidersTool providers provide the tools and APIs that AI agents use to perform actions:- API providers: Offering APIs for various services (travel, payments, restaurants, etc.)- MCP (Model Context Protocol) providers: Providing tools via MCP protocol- Service providers: Offering services that agents can access### 5. Model ProvidersModel providers create and maintain the AI models that power agents:- Foundation model providers: Companies like OpenAI, Anthropic, Google, Meta, etc.- Fine-tuned model providers: Companies that fine-tune models for specific use cases- Open-source model providers: Communities maintaining open-source models### 6. Infrastructure ProvidersInfrastructure providers provide the computing infrastructure that runs AI agents:- Cloud providers: AWS, Google Cloud, Azure, etc.- Edge computing providers: Providing edge computing capabilities- Network providers: Providing network infrastructure## Types of Unintentional ErrorsAI agents can make various types of unintentional errors:### 1. HallucinationsHallucinations occur when AI systems generate false or fabricated information presented as fact. In the context of agentic AI, hallucinations can take several forms:#### Factual HallucinationsThe agent generates false information:- False facts: Stating incorrect facts about the world- Fabricated events: Describing events that never happened- Misattributed quotes: Attributing quotes to people who never said them#### Contextual HallucinationsThe agent misunderstands the context:- Misinterpretation: Misunderstanding the user's intent or context- Context confusion: Confusing different contexts or conversations- Temporal confusion: Confusing past, present, and future#### Semantic HallucinationsThe agent misunderstands meaning:- Semantic errors: Misunderstanding the meaning of words or phrases- Ambiguity: Misinterpreting ambiguous requests- Nuance: Missing or misinterpreting nuanceIn the "Italian pizza" scenario, the agent may have hallucinated that the user wanted to travel to Italy to eat pizza, leading to the purchase of air tickets.### 2. BiasAI agents can exhibit various types of bias:#### Training Data BiasThe agent's training data contains biases:- Representation bias: Under- or over-representation of certain groups- Historical bias: Historical biases in training data- Cultural bias: Cultural biases in training data#### Algorithmic BiasThe agent's algorithms introduce bias:- Optimization bias: Optimization objectives may introduce bias- Selection bias: Selection processes may introduce bias- Feedback bias: Feedback loops may amplify bias#### Deployment BiasThe agent's deployment context introduces bias:- Context bias: Deployment context may introduce bias- User bias: User interactions may introduce bias- Environmental bias: Environmental factors may introduce biasIn the "Italian pizza" scenario, the agent may have bias toward certain travel providers or restaurants based on training data.### 3. Prompt IssuesPrompt-related errors can occur in several ways:#### Ambiguous PromptsThe user provides an ambiguous prompt:- Vague instructions: "I want to eat Italian pizza" could mean various things- Missing context: Missing important context about constraints- Unclear intent: Unclear about what the user wants#### Misinterpreted PromptsThe agent misinterprets the prompt:- Semantic misunderstanding: Misunderstanding the meaning of the prompt- Context misunderstanding: Misunderstanding the context of the prompt- Intent misunderstanding: Misunderstanding the user's intent#### Overly Specific PromptsThe prompt is overly specific:- Over-constrained: Too many constraints limit the agent's options- Over-specified: Too much detail may confuse the agent- Over-directed: Too much direction may limit the agent's autonomyIn the "Italian pizza" scenario, the prompt "I want to eat Italian pizza" is ambiguous—it could mean:- Order Italian pizza for delivery- Travel to Italy to eat pizza- Find an Italian restaurant nearby- Cook Italian pizza at home### 4. Technical IssuesTechnical issues can cause agent errors:#### API ErrorsAPI-related errors:- API failures: APIs may fail or return errors- API timeouts: APIs may time out- API rate limits: APIs may have rate limits- API changes: APIs may change without notice#### MCP (Model Context Protocol) ErrorsMCP-related errors:- Tool unavailability: Tools may be unavailable- Authentication failures: Authentication may fail- Permission issues: Permissions may be denied- Rate limiting: Rate limiting may prevent access- Resource unavailability: Resources may be unavailable#### Network ErrorsNetwork-related errors:- Network failures: Networks may fail- Latency issues: High latency may cause timeouts- Packet loss: Packet loss may cause errors- Connection failures: Connections may fail#### Infrastructure ErrorsInfrastructure-related errors:- Server failures: Servers may fail- Database failures: Databases may fail- Storage failures: Storage may fail- Compute failures: Compute resources may failIn the "Italian pizza" scenario, the agent may have encountered API errors when trying to book the restaurant or purchase the air tickets.### 5. Model ErrorsModel-related errors can occur in several ways:#### Training ErrorsTraining-related errors:- Insufficient training: Insufficient training data- Poor quality training: Poor quality training data- Overfitting: Overfitting to training data- Underfitting: Underfitting to training data#### Inference ErrorsInference-related errors:- Generalization errors: Poor generalization to new data- Out-of-distribution errors: Poor performance on out-of-distribution data- Edge cases: Poor performance on edge cases- Corner cases: Poor performance on corner cases#### Model DriftModel drift over time:- Concept drift: Concepts may change over time- Data drift: Data distributions may change over time- Environment drift: Environments may change over time- User behavior drift: User behaviors may change over timeIn the "Italian pizza" scenario, the model may have poor generalization to travel-related queries or may have been trained on data that biased it toward certain types of travel.### 6. API/MCP Tool ErrorsAPI and MCP tool errors can occur in several ways:#### API ErrorsAPI-specific errors:- Incorrect API usage: Incorrect API usage by the agent- API version issues: API version incompatibilities- API parameter errors: Incorrect API parameters- API response errors: Incorrect API responses#### MCP Tool ErrorsMCP tool-specific errors:- Tool invocation errors: Incorrect tool invocation- Tool parameter errors: Incorrect tool parameters- Tool response errors: Incorrect tool responses- Tool timeout errors: Tool timeout errors#### Integration ErrorsIntegration-related errors:- Integration failures: Integration failures between components- Interface mismatches: Interface mismatches between components- Protocol mismatches: Protocol mismatches between components- Version mismatches: Version mismatches between componentsIn the "Italian pizza" scenario, the agent may have encountered API errors when trying to book the restaurant or purchase the air tickets.## Malicious AttacksAI agents are vulnerable to various types of malicious attacks:### 1. FraudFraudulent attacks can take several forms:#### Identity FraudIdentity-related fraud:- Impersonation: Impersonating legitimate entities- Identity theft: Stealing identities- Credential theft: Stealing credentials#### Transaction FraudTransaction-related fraud:- Payment fraud: Fraudulent payment transactions- Booking fraud: Fraudulent bookings- Purchase fraud: Fraudulent purchases#### Service FraudService-related fraud:- Service impersonation: Impersonating legitimate services- Service theft: Stealing services- Service disruption: Disrupting legitimate servicesIn the "Italian pizza" scenario, a malicious actor could have manipulated the agent into purchasing fraudulent air tickets or making fraudulent restaurant reservations.### 2. Prompt InjectionPrompt injection attacks manipulate the agent's behavior:#### Direct Prompt InjectionDirect prompt injection:- User prompt injection: Injecting malicious prompts into user prompts- System prompt injection: Injecting malicious prompts into system prompts- Context injection: Injecting malicious content into context#### Indirect Prompt InjectionIndirect prompt injection:- Web-based injection: Injecting malicious content from web pages- Document-based injection: Injecting malicious content from documents- Email-based injection: Injecting malicious content from emails#### Multi-Stage Prompt InjectionMulti-stage prompt injection:- Stage 1: Initial injection to establish access- Stage 2: Escalation of privileges- Stage 3: Execution of malicious actionsIn the "Italian pizza" scenario, a malicious actor could have injected prompts to manipulate the agent into purchasing fraudulent air tickets or making fraudulent restaurant reservations.### 3. Malicious Skills/Codes/InstructionsMalicious skills/codes/instructions can be introduced in several ways:#### Malicious SkillsMalicious skills can be introduced:- Malicious code: Malicious code in agent code- Malicious scripts: Malicious scripts in agent scripts- Malicious configurations: Malicious configurations in agent settings#### Malicious CodesMalicious codes can be introduced:- Malicious algorithms: Malicious algorithms in agent algorithms- Malicious models: Malicious models in agent models- Malicious policies: Malicious policies in agent policies#### Malicious InstructionsMalicious instructions can be introduced:- Malicious training data: Malicious training data in agent training- Malicious fine-tuning: Malicious fine-tuning of agent models- Malicious prompts: Malicious prompts in agent promptsIn the "Italian pizza" scenario, a malicious actor could have introduced malicious skills/codes/instructions to manipulate the agent into purchasing fraudulent air tickets or making fraudulent restaurant reservations.### 4. Fake MCP ToolsFake MCP tools can be introduced in several ways:#### Fake Tool RegistrationFake tool registration:- Fake tool registration: Registering fake tools with the agent- Fake tool discovery: Discovering fake tools by the agent- Fake tool invocation: Invoking fake tools by the agent#### Fake Tool ResponsesFake tool responses:- Fake tool responses: Returning fake tool responses- Fake tool data: Returning fake tool data- Fake tool results: Returning fake tool results#### Fake Tool BehaviorFake tool behavior:- Fake tool actions: Performing fake tool actions- Fake tool states: Reporting fake tool states- Fake tool events: Reporting fake tool eventsIn the "Italian pizza" scenario, a malicious actor could have introduced fake MCP tools that return fake restaurant availability or fake air ticket prices.## Case Study: "I Want to Eat Italian Pizza"Let's analyze the "Italian pizza" scenario in detail:### Scenario DescriptionA user tells their AI agent: "I want to eat Italian pizza."### Agent InterpretationThe agent may interpret this request in several ways:#### Interpretation 1: Order Italian Pizza for DeliveryThe agent orders Italian pizza for delivery:- Action: Orders Italian pizza from a local restaurant- Outcome: User receives Italian pizza at home- Cost: Cost of pizza + delivery fee- Risk: Minimal risk#### Interpretation 2: Find an Italian Restaurant NearbyThe agent finds an Italian restaurant nearby:- Action: Finds an Italian restaurant nearby- Outcome: User goes to the restaurant- Cost: Cost of meal + transportation- Risk: Moderate risk#### Interpretation 3: Travel to Italy to Eat PizzaThe agent travels to Italy to eat pizza:- Action: Purchases non-refundable air tickets to Italy- Action: Makes reservation at a highly rated restaurant- Outcome: User is stuck with unwanted air tickets and restaurant reservation- Cost: Cost of air tickets + restaurant reservation- Risk: High risk### Error AnalysisIn Interpretation 3, several errors may have occurred:#### HallucinationThe agent may have hallucinated that the user wanted to travel to Italy to eat pizza.#### BiasThe agent may have bias toward certain travel providers or restaurants based on training data.#### Prompt AmbiguityThe prompt "I want to eat Italian pizza" is ambiguous and could mean multiple things.#### Technical IssuesThe agent may have encountered API errors when trying to book the restaurant or purchase the air tickets.#### Model ErrorThe model may have poor generalization to travel-related queries.#### API/MCP Tool ErrorsThe agent may have encountered API or MCP tool errors when trying to book the restaurant or purchase the air tickets.### Liability AnalysisLet's analyze liability for each entity:#### User LiabilityThe user may be liable if:- Vague prompt: The user provided a vague prompt- Insufficient oversight: The user provided insufficient oversight- Inadequate constraints: The user provided inadequate constraints#### Developer LiabilityThe developer may be liable if:- Poor design: The agent was poorly designed- Insufficient testing: The agent was insufficiently tested- Inadequate safeguards: The agent lacked adequate safeguards#### Deployer LiabilityThe deployer may be liable if:- Poor deployment: The agent was poorly deployed- Insufficient monitoring: The agent was insufficiently monitored- Inadequate controls: The agent lacked adequate controls#### Tool Provider LiabilityThe tool provider may be liable if:- Faulty API: The API was faulty- Inaccurate data: The API returned inaccurate data- Poor documentation: The API had poor documentation#### Model Provider LiabilityThe model provider may be liable if:- Biased model: The model was biased- Poor generalization: The model had poor generalization- Insufficient testing: The model was insufficiently tested#### Infrastructure Provider LiabilityThe infrastructure provider may be liable if:- Poor reliability: The infrastructure was unreliable- Poor security: The infrastructure had poor security- Poor performance: The infrastructure had poor performance## Existing Legal Frameworks### Contract LawContract law provides a framework for allocating liability in commercial transactions:#### Offer and AcceptanceContract formation requires:- Offer: One party makes an offer- Acceptance: The other party accepts the offer- Consideration: Both parties exchange something of value#### Mutual MistakeMutual mistake can invalidate contracts:- Material mistake: Material mistake about a basic assumption- Unilateral mistake: Unilateral mistake about a basic assumption- Mutual mistake: Mutual mistake about a basic assumption#### MisrepresentationMisrepresentation can invalidate contracts:- Fraudulent misrepresentation: Fraudulent misrepresentation- Negligent misrepresentation: Negligent misrepresentation- Innocent misrepresentation: Innocent misrepresentation#### Breach of ContractBreach of contract can lead to liability:- Material breach: Material breach of contract terms- Minor breach: Minor breach of contract terms- Anticipatory breach: Anticipatory breach of contract terms### Tort LawTort law provides a framework for allocating liability for harm:#### NegligenceNegligence requires:- Duty of care: Duty of care owed by the defendant- Breach of duty: Breach of the duty of care- Causation: The breach caused the harm- Damages: The harm resulted in damages#### Strict LiabilityStrict liability applies to:- Product liability: Product liability for defective products- Ultrahazardous activities: Ultrahazardous activities- Wild animals: Wild animals#### Vicarious LiabilityVicarious liability holds principals liable for agents:- Employer liability: Employers liable for employees- Principal liability: Principals liable for agents- Agency liability: Principals liable for agents### Product LiabilityProduct liability applies to defective products:#### DefectsDefects can include:- Manufacturing defects: Manufacturing defects- Design defects: Design defects- Warning defects: Warning defects- Instruction defects: Instruction defects#### DefensesDefenses to product liability include:- State of the art: State of the art defense- Assumption of risk: Assumption of risk defense- Contributory negligence: Contributory negligence defense- Misuse: Misuse of the product### Agency LawAgency law governs relationships between principals and agents:#### Actual AuthorityActual authority is authority actually granted to agents:- Express authority: Expressly granted authority- Implied authority: Implied by the relationship- Apparent authority: Apparent to third parties#### Apparent AuthorityApparent authority is authority apparent to third parties:- Third-party reliance: Third-party reliance on apparent authority- Reasonable reliance: Reasonable reliance on apparent authority- Knowledge of authority: Knowledge of authority by third parties#### Unauthorized ActionsUnauthorized actions by agents:- No authority: Agent has no authority to act- Exceeds authority: Agent exceeds granted authority- Violates constraints: Agent violates imposed constraints## Regulatory Frameworks### EU AI ActThe EU AI Act provides a comprehensive framework for AI governance:#### Risk-Based ApproachThe EU AI Act takes a risk-based approach:- Prohibited AI: AI practices that are prohibited- High-risk AI: AI systems with significant risks- Limited-risk AI: AI systems with minimal risks- Minimal-risk AI: AI systems with minimal risks#### ObligationsThe EU AI Act imposes various obligations:- Provider obligations: Obligations on AI providers- Deployer obligations: Obligations on AI deployers- User obligations: Obligations on AI users- Transparency obligations: Transparency requirements for AI systems#### Liability AllocationThe EU AI Act allocates liability based on:- Provider liability: Provider liability for AI systems- Deployer liability: Deployer liability for AI systems- User liability: User liability for AI systems- Shared liability: Shared liability among parties### OECD AI PrinciplesThe OECD AI Principles provide guidelines for responsible AI:#### Inclusive GrowthInclusive growth for all stakeholders:- Stakeholder engagement: Engage all stakeholders- Inclusive benefits: Ensure inclusive benefits for all- Fair distribution: Ensure fair distribution of benefits#### Human-Centric ValuesHuman-centric values for AI systems:- Human oversight: Human oversight of AI systems- Human control: Human control over AI systems- Human dignity: Respect for human dignity#### Transparency & ExplainabilityTransparency and explainability for AI systems:- Transparency: Transparency about AI systems- Explainability: Explainability of AI decisions- Accountability: Accountability for AI systems### G7 Hiroshima ProcessThe G7 Hiroshima Process promotes international cooperation:#### International CooperationInternational cooperation on AI governance:- Information sharing: Sharing information on AI governance- Best practices: Sharing best practices for AI governance- Standards development: Developing international standards#### Risk ManagementRisk management for AI systems:- Risk assessment: Risk assessment for AI systems- Risk mitigation: Risk mitigation for AI systems- Risk monitoring: Risk monitoring for AI systems### Global Partnership on AI (GPAI)The Global Partnership on AI promotes global AI governance:#### Inclusive ParticipationInclusive participation in AI governance:- Multi-stakeholder: Multi-stakeholder participation- Global representation: Global representation- Diverse perspectives: Diverse perspectives#### Evidence-Based PolicyEvidence-based policy for AI governance:- Data-driven: Data-driven policy decisions- Research-based: Research-based policy decisions- Empirical: Empirical policy decisions## Liability Allocation Framework### Principles for Liability AllocationWe propose the following principles for allocating liability in agentic AI systems:#### 1. Control-Based LiabilityLiability should be allocated based on control:- More control = more liability: More control means more liability- Less control = less liability: Less control means less liability- No control = minimal liability: No control means minimal liability#### 2. Foreseeability-Based LiabilityLiability should be allocated based on foreseeability:- Foreseeable errors = more liability: Foreseeable errors mean more liability- Unforeseeable errors = less liability: Unforeseeable errors mean less liability- Unknown errors = minimal liability: Unknown errors mean minimal liability#### 3. Prevention-Based LiabilityLiability should be allocated based on prevention:- Preventable errors = more liability: Preventable errors mean more liability- Unpreventable errors = less liability: Unpreventable errors mean less liability- Unavoidable errors = minimal liability: Unavoidable errors mean minimal liability#### 4. Proportionality-Based LiabilityLiability should be allocated based on proportionality:- Proportional to control: Liability proportional to control- Proportional to benefit: Liability proportional to benefit- Proportional to resources: Liability proportional to resources- Proportional to expertise: Liability proportional to expertise### Liability Allocation MatrixBased on these principles, we propose the following liability allocation matrix:| Entity | Control | Foreseeability | Prevention | Proportionality | Liability ||--------|---------|--------------|------------|---------------|----------|| User | High | High | High | High | High || Developer | High | High | High | High | High || Deployer | Medium | Medium | Medium | Medium | Medium || Tool Provider | Low | Low | Low | Low | Low || Model Provider | Low | Low | Low | Low | Low || Infrastructure Provider | Low | Low | Low | Low | Low |### Liability Allocation for Specific Error Types#### Hallucinations| Entity | Liability | Rationale ||--------|----------|-----------|| User | Medium | User provided vague prompt, but agent should handle ambiguity better || Developer | High | Developer should design agents to handle ambiguous prompts and prevent hallucinations || Deployer | Medium | Deployer should monitor agent behavior and intervene when needed || Model Provider | High | Model provider should reduce hallucinations and improve generalization || Tool Provider | Low | Tool provider should provide accurate data and documentation || Infrastructure Provider | Low | Infrastructure provider should provide reliable infrastructure |#### Bias| Entity | Liability | Rationale ||--------|----------|-----------|| User | Low | User has limited control over agent bias || Developer | High | Developer should reduce bias in training data and models || Deployer | Medium | Deployer should monitor for biased behavior and intervene when needed || Model Provider | High | Model provider should reduce bias in models || Tool Provider | Low | Tool provider should provide unbiased data and services || Infrastructure Provider | Low | Infrastructure provider should provide unbiased infrastructure |#### Prompt Issues| Entity | Liability | Rationale ||--------|----------|-----------|| User | Medium | User provided vague prompt, but agent should handle ambiguity better || Developer | High | Developer should design agents to handle ambiguous prompts and prevent misinterpretation || Deployer | Medium | Deployer should monitor agent behavior and intervene when needed || Model Provider | High | Model provider should improve natural language understanding || Tool Provider | Low | Tool provider should provide accurate data and documentation || Infrastructure Provider | Low | Infrastructure provider should provide reliable infrastructure |#### Technical Issues| Entity | Liability | Rationale ||--------|----------|-----------|| User | Low | User has limited control over technical issues || Developer | High | Developer should design robust error handling mechanisms || Deployer | Medium | Deployer should monitor for technical issues and intervene when needed || Model Provider | Medium | Model provider should improve robustness and reliability || Tool Provider | High | Tool provider should provide reliable APIs and error handling || Infrastructure Provider | High | Infrastructure provider should provide reliable infrastructure |#### Model Errors| Entity | Liability | Rationale ||--------|----------|-----------|| User | Low | User has limited control over model errors || Developer | High | Developer should improve model training and generalization || Deployer | Medium | Deployer should monitor for model errors and intervene when needed || Model Provider | High | Model provider should improve model training and generalization || Tool Provider | Low | Tool provider should provide accurate data and documentation || Infrastructure Provider | Low | Infrastructure provider should provide reliable infrastructure |#### API/MCP Tool Errors| Entity | Liability | Rationale ||--------|----------|-----------|| User | Low | User has limited control over API/MCP tools || Developer | High | Developer should design robust error handling for API/MCP tools || Deployer | Medium | Deployer should monitor for API/MCP tool errors and intervene when needed || Model Provider | Low | Model provider should improve API/MCP tool integration || Tool Provider | High | Tool provider should provide reliable APIs/MCP tools with error handling || Infrastructure Provider | High | Infrastructure provider should provide reliable APIs/MCP infrastructure |### Cross-Border ConsiderationsCross-border transactions add complexity to liability allocation:#### Jurisdictional ConflictsDifferent jurisdictions have different legal frameworks:- Different standards: Different legal standards across jurisdictions- Different regulations: Different regulations across jurisdictions- Different enforcement: Different enforcement across jurisdictions#### Regulatory ConflictsDifferent regulations may conflict:- Data protection: Different data protection regulations- Consumer protection: Different consumer protection regulations- AI regulations: Different AI regulations#### Enforcement ConflictsDifferent enforcement mechanisms:- Enforcement priorities: Different enforcement priorities- Enforcement capabilities: Different enforcement capabilities- Enforcement resources: Different enforcement resources## Cross-Jurisdictional Regulatory Cooperation### Need for CooperationCross-jurisdictional regulatory cooperation is essential for agentic AI:#### Global Nature of Agentic AIAgentic AI is inherently global:- Cross-border transactions: Agents perform cross-border transactions- Global services: Agents access global services- International users: Users are located globally#### Global Nature of AI DevelopmentAI development is inherently global:- Global development: AI is developed globally- Global deployment: AI is deployed globally- Global use: AI is used globally### Existing InitiativesSeveral initiatives promote international AI governance:#### EU AI ActThe EU AI Act provides a comprehensive framework:- Risk-based approach: Risk-based approach to AI governance- Provider obligations: Obligations on AI providers- Deployer obligations: Obligations on AI deployers- User obligations: Obligations on AI users#### OECD AI PrinciplesThe OECD AI Principles provide guidelines:- Inclusive growth: Inclusive growth for all stakeholders- Human-centric values: Human-centric values for AI systems- Transparency & explainability: Transparency and explainability for AI systems#### G7 Hiroshima ProcessThe G7 Hiroshima Process promotes:- International cooperation: International cooperation on AI governance- Risk management: Risk management for AI systems- Standards development: Development of international standards#### Global Partnership on AI (GPAI)The Global Partnership on AI promotes:- Inclusive participation: Inclusive participation in AI governance- Evidence-based policy: Evidence-based policy for AI governance- Global representation: Global representation in AI governance### Proposed Framework for Cross-Jurisdictional CooperationWe propose the following framework for cross-jurisdictional cooperation:#### 1. Common PrinciplesEstablish common principles for AI governance:- Human oversight: Human oversight of AI systems- Transparency: Transparency about AI systems- Accountability: Accountability for AI systems- Fairness: Fairness in AI systems- Privacy: Privacy in AI systems- Security: Security of AI systems#### 2. Common StandardsEstablish common standards for AI governance:- Technical standards: Technical standards for AI systems- Testing standards: Testing standards for AI systems- Documentation standards: Documentation standards for AI systems- Reporting standards: Reporting standards for AI systems#### 3. Common Enforcement MechanismsEstablish common enforcement mechanisms:- Information sharing: Information sharing between regulators- Joint investigations: Joint investigations of AI incidents- Coordinated enforcement: Coordinated enforcement of AI regulations- Mutual recognition: Mutual recognition of regulatory decisions#### 4. Common Dispute ResolutionEstablish common dispute resolution mechanisms:- Arbitration: Arbitration for cross-border disputes- Mediation: Mediation for cross-border disputes- Adjudication: Adjudication for cross-border disputes- Enforcement: Enforcement of dispute resolution outcomes#### 5. Common Liability FrameworkEstablish common liability framework:- Shared liability: Shared liability for cross-border incidents- Proportional liability: Proportional liability based on control- Fair allocation: Fair allocation of liability across jurisdictions- Consistent enforcement: Consistent enforcement across jurisdictions## Recommendations### For Developers#### Design for RobustnessDevelopers should design agents for robustness:- Error handling: Robust error handling mechanisms- Fallback mechanisms: Fallback mechanisms for errors- Recovery mechanisms: Recovery mechanisms for errors- Logging mechanisms: Logging mechanisms for errors#### Design for TransparencyDevelopers should design agents for transparency:- Explainability: Explainable AI decisions- Traceability: Traceable AI decisions- Auditability: Auditable AI decisions- Accountability: Accountable AI decisions#### Design for SafetyDevelopers should design agents for safety:- Safety constraints: Safety constraints on agent actions- Risk assessment: Risk assessment for agent actions- Risk mitigation: Risk mitigation for agent actions- Risk monitoring: Risk monitoring for agent actions### For Deployers#### Deploy with OversightDeployers should deploy with oversight:- Human oversight: Human oversight of agent actions- Monitoring systems: Monitoring systems for agent behavior- Alert systems: Alert systems for anomalous behavior- Intervention mechanisms: Intervention mechanisms for errors#### Deploy with ControlsDeployers should deploy with controls:- Permission systems: Permission systems for agent actions- Approval workflows: Approval workflows for agent actions- Rate limiting: Rate limiting for agent actions- Budget controls: Budget controls for agent spending#### Deploy with MonitoringDeployers should deploy with monitoring:- Performance monitoring: Performance monitoring for agent actions- Behavior monitoring: Behavior monitoring for agent behavior- Risk monitoring: Risk monitoring for agent risks- Compliance monitoring: Compliance monitoring for agent compliance### For Users#### Use with CautionUsers should use agents with caution:- Clear prompts: Use clear and specific prompts- Reasonable expectations: Have reasonable expectations of agent capabilities- Verification: Verify agent actions before completion- Oversight: Maintain oversight of agent actions#### Use with UnderstandingUsers should use agents with understanding:- Capabilities: Understand agent capabilities and limitations- Limitations: Understand agent limitations and constraints- Risks: Understand agent risks and vulnerabilities- Alternatives: Understand alternatives to agent actions#### Use with ResponsibilityUsers should use agents with responsibility:- Accountability: Take accountability for agent actions- Liability: Accept liability for agent actions- Oversight: Maintain oversight of agent actions- Intervention: Intervene when needed### For Regulators#### Develop Common StandardsRegulators should develop common standards:- Technical standards: Technical standards for AI systems- Testing standards: Testing standards for AI systems- Documentation standards: Documentation standards for AI systems- Reporting standards: Reporting standards for AI systems#### Establish Common MechanismsRegulators should establish common mechanisms:- Information sharing: Information sharing between regulators- Joint investigations: Joint investigations of AI incidents- Coordinated enforcement: Coordinated enforcement of AI regulations- Mutual recognition: Mutual recognition of regulatory decisions#### Promote CooperationRegulators should promote cooperation:- International cooperation: International cooperation on AI governance- Cross-border coordination: Cross-border coordination on AI governance- Multi-stakeholder engagement: Multi-stakeholder engagement on AI governance- Evidence-based policy: Evidence-based policy for AI governance## ConclusionThe rise of agentic AI presents complex liability questions that existing legal frameworks—primarily designed for human actors—are ill-equipped to handle. As AI agents increasingly perform autonomous actions on behalf of humans, we need new frameworks for allocating liability when things go wrong.The "Italian pizza" scenario illustrates the complexity of liability allocation. When a user says "I want to eat Italian pizza," an agent might misinterpret this as a request to travel to Italy, purchase non-refundable air tickets, and make restaurant reservations. Who is liable for this mistake? The user who gave a vague prompt? The developer who designed the agent? The deployer who deployed it? The tool provider whose API was used? The model provider whose model made the error? Or some combination of these entities?We propose a liability framework based on control, foreseeability, prevention, and proportionality. This framework allocates more liability to entities with more control, more foreseeability, more prevention capability, and more resources. Under this framework, developers and model providers would bear significant liability for agent errors, while users, deployers, tool providers, and infrastructure providers would bear less liability.Cross-border transactions add complexity to liability allocation. Different jurisdictions have different legal frameworks, regulations, and enforcement mechanisms. We propose a framework for cross-jurisdictional regulatory cooperation based on common principles, common standards, common enforcement mechanisms, common dispute resolution, and a common liability framework.The choices we make today about liability for agentic AI will have profound implications for the future of AI. By developing thoughtful, fair, and proportionate liability frameworks, we can enable the benefits of agentic AI while protecting users and promoting responsible development and deployment.The question is not whether AI agents will make mistakes—they will. The question is how we allocate liability when they do. By developing frameworks that allocate liability fairly and proportionally, we can create an environment where agentic AI can thrive while protecting users and promoting responsible innovation.## References1. Global Legal Insights. "Who is responsible when AI acts autonomously & things go wrong?" 2025.2. Lathrop GPM. "Liability Considerations for Developers and Users of Agentic AI Systems." 2025.3. Technology Law FKKS. "Agentic AI Part I: What It Is and Who's Responsible When It Acts." 2024.4. Clifford Chance. "Who's Responsible for Agentic AI?" 2024.5. University of Chicago Law Review. "The Law of AI is the Law of Risky Agents Without Intentions." 2024.6. Smarsh. "Agentic AI Unleashed: Who Takes the Blame When Mistakes Are Made?" 2025.7. Society for Computers & Law. "The Rise of AI Agents: Pizza, Parameters and Problems." 2024.8. SennaLabs. "Liability Issues with Autonomous AI Agents." 2024.9. OpenAI. "Understanding prompt injections: a frontier security challenge." 2024.10. Obsidian Security. "Prompt Injection Attacks: The Most Common AI Exploit in 2025." 2025.11. Lakera. "Prompt Injection & the Rise of Prompt Attacks: All You Need to Know." 2025.12. Unit42 Palo Alto Networks. "Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild." 2025.13. Model Context Protocol. "Tools - Model Context Protocol." 2025.14. EU AI Act. "Article 26: Obligations of Deployers of High-Risk AI Systems." 2024.15. EU AI Act. "Article 50: Transparency Obligations for Providers and Deployers of Certain AI Systems." 2024.16. Kluwer Competition Law Blog. "Deployers of High-Risk AI Systems: What Will Be Your Obligations Under the EU AI Act?" 2025.17. OECD. "Global Partnership on Artificial Intelligence (GPAI)." 2025.18. CSIS. "Shaping Global AI Governance: Enhancements and Next Steps for G7 Hiroshima AI Process." 2025.19. Modulos. "Global AI Compliance Guide." 2025.20. JAMS. "Artificial Intelligence Disputes Clause and Rules." 2025.21. Daimon Legal. "Agentic AI and the Law: Who Is Liable When Your AI Agent Makes a Mistake?" 2024.22. Quinn Manuel. "When Machines Discriminate: The Rise of AI Bias Lawsuits." 2024.23. Kienbaum Hardy Viviano Pelton. "Workday Discrimination and Generative Bias: Who is Responsible When AI Goes Bad?" 2025.24. American Bar Association. "Navigating the AI Employment Bias Maze: Legal Compliance Guidelines and Strategies." 2025.25. Nisar Law Group. "AI Discrimination & Algorithmic Bias." 2025.26. Proskauer Rose LLP. "Contract Law in the Age of Agentic AI: Who's Really Clicking 'Accept'?" 2025.27. Nature. "AI-powered digital arbitration framework leveraging smart contracts and electronic evidence authentication." 2025.28. arXiv. "Decentralized Governance of AI Agents." 2024.29. arXiv. "Contracting by Artificial Intelligence." 2021.