
AI agents do not just answer questions anymore. They take action, and they chain those actions across systems without a person reviewing each step. That single shift quietly breaks a lot of what we assumed when we drafted our SaaS contracts, because those agreements were built for software that advises while a human decides. When the software starts acting on its own, the old caps, carve-outs, and indemnities stop covering the risk that actually shows up.
This How to Contract mini course was hosted by Laura Frederick, who brought in Yelena Ambartsumian, Founder of Ambart Law, and Anastasia Vener, Senior Associate at Ambart Law. Both counsel AI companies that build and deploy agent platforms, and both came up through litigation, so they kept pulling the conversation back to the exact words that decide who pays when an agent causes harm. That litigation lens is what made the session so useful, because they had seen how these provisions hold up or fall apart once a dispute is real.
They worked through three areas where AI agent contracts need to look different from a standard SaaS deal. Limitation of liability, where the usual fees-based cap can leave you badly exposed. Indemnification, where the trigger language matters more than most of us treat it. And audit rights and documentation, where logging becomes the fallback when audit rights get negotiated away. Along the way they shared model language, real incidents, and a few hard-won opinions about where the law has not caught up.
Here are our top ten takeaways from the speakers' comments during the webinar:
Treat AI agents as actors, not advisors. The standard contract assumes software that advises while a human acts. An agent acts on its own and chains those actions across systems, so the terms you reach for out of habit are managing the wrong risk. Before you redline anything, get clear on what the agent actually does without a human in the loop. That single distinction drives every other choice in the contract.
Build liability caps that match where the damage really lives. A cap tied to the last 12 months of fees, with consequential damages excluded, can leave you exposed when an agent's wrong action snowballs. We can start with that familiar cap and add a multiplier, then set separate caps for AI-specific harms like discrimination claims, regulatory fines, and erroneous transactions. The Cursor and Air Canada incidents both showed consequential harm dwarfing the direct dollars at stake. Size the cap to the harm the agent can actually cause, not the harm a SaaS tool used to cause.
Carve out the risks a cap should never swallow, and make the carve-outs mutual. Data exposure, IP infringement, and regulatory penalties can all run far past any reasonable cap, and the EU AI Act makes the regulatory exposure real. Gross negligence and willful misconduct belong outside the cap every time. Watch for agreements that quietly leave them in, because that is where a vendor hides. Symmetry matters too, since a cap that only protects the vendor is not a negotiated term, it is a giveaway.
Tie your indemnity to who controls the agent. Vendors push a broad "use of the services" trigger, which for an agent can sweep in an enormous range of third-party claims. As the customer, limit your obligation to your misuse or misconfiguration, not your plain use. On the other side, the provider should answer for outputs and actions that flow from the model behavior it controls. Control is the cleanest line to draw, and drawing it early saves the fault fight later.
Pin down what the agent is authorized to do. Vendors will argue the hallucination defense, that your prompt or your configuration caused the harm, and ambiguity about the agent's authorized behavior is their best friend in that argument. Define the authorized actions in the contract, and put them in an exhibit when the deal is big enough to warrant it. That document is what lets you say the agent went outside its scope and the responsibility sits with the vendor. Clarity here is cheaper than a dispute later.
Read the indemnity next to your data agreements. An agent that scrapes or reproduces protected content in its outputs creates IP exposure the old training-data analysis never contemplated. The same agent processing personal data raises privacy exposure that belongs in your data processing agreement or HIPAA business associate agreement. We should be reading these documents together, not in separate silos, and spelling out who answers for unauthorized processing by the agent. A gap between them is where liability slips through.
Keep a written-consent right over settlements. AI disputes increasingly settle on non-monetary terms, things like forced model retraining, deployment restrictions, or public statements. An indemnifying party that controls the defense without limits can trade away your operational flexibility to close out a case. Reserve written consent for any settlement that imposes obligations or admissions on you. The money is rarely the part that hurts most.
Insist on logging even when audit rights are off the table. Audit rights get negotiated out fast when you lack leverage, but logging and documentation are the fallback that still protects you. Ask for full-lifecycle logs of agent decisions, made customer-accessible, with a retention period of at least 12 to 24 months. A SOC 2 report does not cover any of this. Lock it in on day one, because you will have no leverage to ask for it after an incident.
Build your own governance record before you need it. The EU AI Act and state laws put record-keeping obligations on deployers, so your authorized use cases, oversight protocols, training logs, and agent scope authority are not busywork. They are your evidentiary foundation if a claim arises. Pull engineering, HR, and the business owners into a cross-functional review, since no single team sees all the use cases. The record you keep is the story you get to tell when something goes wrong.
Remember the law has not caught up. Agency law assumes a human intent behind every action, and agents, especially agentic ones, break that assumption. Regulators wrote the current rules around generative AI, not agents, so the contract is the main framework we have for now. That is why specificity in the agreement and its exhibits matters more than usual. We are writing the precedent in these documents, so it is worth getting them right.
Subscribe to Stay in the Loop
Our weekly newsletter is where these webinars get planned and recapped, so you can follow the practical contract thinking even on the weeks you cannot attend live. Subscribe now and the next set of insights lands in your inbox.








