AI Agents Are Signing Contracts and Booking Transactions. Nobody Knows Who's Liable When They're Wrong.

By Hector Herrera | June 6, 2026 | Legal · Vertical

Courts and regulators are beginning to confront a practical problem that legal frameworks have not kept up with: autonomous AI agents that can sign contracts, execute transactions, and deploy code are being used in production enterprise environments right now, and no definitive ruling has yet established who bears legal responsibility when they make costly errors. The governance vacuum is not theoretical — it's active in high-stakes deployments across finance, legal services, and logistics.

A 2026 AI legal forecast from Baker Donelson, one of the most comprehensive practitioner-level analyses of the current landscape, documents where courts are beginning to push into this territory and what the absence of clear standards means for organizations deploying autonomous systems today.

Why This Is Different From Previous AI Liability Questions

For the past decade, most AI legal discussions focused on predictive systems — algorithms that recommend a credit decision, flag a fraudulent transaction, or score a job application. In those scenarios, a human reviews the AI's output and takes the action. The legal question is whether the human exercised adequate oversight of the tool.

Agentic AI systems change the structure of the problem. An agent that is authorized to book a hotel room, sign an NDA, or place a trade executes the action itself. The human authorizes the agent to operate within defined parameters — but the specific decisions and their timing are made by the system, not the person. When the agent books the wrong hotel, signs a contract with unfavorable terms it failed to flag, or executes a trade at the wrong price, the legal framework that applies is agency law — the body of law governing when one party acts on behalf of another.

The problem is that agency law was designed for human agents. The principal-agent relationship assumes the agent can understand and be held accountable for their obligations. AI agents cannot be sued, cannot be held in contempt, and cannot have professional licenses revoked. The liability must be assigned to a human or organization — but to which one, and on what basis, is what courts are now beginning to sort out.

What the Courts Are Actually Doing

No definitive appellate ruling has yet resolved the core liability question for autonomous AI agent actions. What exists is a pattern of lower-court cases and regulatory guidance that signals where the law is heading.

The hallucination-in-court pattern is the clearest signal so far. Courts have already sanctioned multiple attorneys for submitting AI-generated briefs containing fabricated case citations — a well-documented failure mode of LLMs called hallucination, where the model generates plausible-sounding but false information. Critically, courts have assigned sanctions to the attorney regardless of which department or paralegal selected the AI tool. The professional — not the AI vendor — bears the malpractice exposure for AI errors in legal work.

This principle, if applied consistently, creates a clear liability rule for professional services: the licensed professional who uses an AI tool owns the output. But it doesn't resolve the question for enterprise contexts where there is no licensed professional in the loop — where an AI agent is simply authorized to act by a business's operational systems.

Contract execution by AI agents is an emerging litigation zone. When an AI agent negotiates and signs a contract, questions arise about whether the resulting agreement is legally binding, whether the agent had actual or apparent authority, and whether the counterparty reasonably relied on the agent's actions as binding commitments. Courts handling early cases in this area are reaching for existing agency law doctrines — apparent authority, ratification, respondeat superior — but those doctrines produce inconsistent results when applied to AI systems because they assume facts (intentionality, understanding, good faith) that AI agents don't possess in the same way humans do.

The Developer-Deployer Question

Baker Donelson's analysis identifies the developer-deployer split as the central unresolved issue in AI agent liability. Two parties are involved in most enterprise agentic deployments:

The developer built the foundational model and agentic framework. They set the system's capabilities and limitations, made decisions about what actions the agent can and cannot take, and publish terms of service that describe acceptable use.

The deployer integrated the agent into their business operations, defined the scope of the agent's authorization, and is responsible for the workflows the agent operates within. The deployer is the one who said "this agent can sign contracts up to $50,000 without human review."

When an agent makes an error, both parties contributed to the conditions that produced it. Current products liability law provides some framework — developers can face liability for products that are defective by design — but software has traditionally received more liability protection than physical products under U.S. law, and AI models are even further removed from the product liability paradigm because their outputs are not deterministic.

Several major AI developers have drafted terms of service that attempt to assign liability entirely to deployers for any harm caused by agent actions. Whether those terms hold up in court — particularly in consumer contexts, or in contexts where the deployer had no reasonable way to anticipate the failure mode — is an open question.

What Organizations Deploying Agents Need to Do Now

The legal clarity that would make AI agent deployment straightforwardly safe doesn't exist yet. What practitioners at Baker Donelson and comparable firms are advising clients looks like this:

Document the authorization scope explicitly. Every AI agent deployment should have written documentation of exactly what actions the agent is and is not authorized to take. This serves both as an internal governance document and as evidence in potential litigation that the organization made a good-faith effort to constrain agent behavior to defined parameters.

Implement logging and auditability. If an agent takes an action that produces a loss, the organization needs a complete log of the decision chain — what information the agent processed, what options it evaluated, what action it selected, and what authorization it was operating under. Systems without this logging create discovery nightmares in litigation.

Review insurance coverage. Standard commercial general liability and errors & omissions policies were not designed for autonomous AI agent scenarios. Organizations running agents with authority over consequential transactions need to audit their coverage and specifically discuss AI agent scenarios with insurers.

Keep humans in the authorization loop for high-stakes decisions. The efficiency argument for full autonomy is real — agents that require human approval for every action eliminate much of the speed advantage. But organizations need to define the risk threshold above which human approval is required, and enforce it technically, not just as policy.

What to Watch

Federal legislation on AI liability is under active discussion in Congress, with several bills that would create an explicit federal standard for AI developer and deployer liability. Industry groups are pushing for liability caps and safe harbors analogous to Section 230. Consumer advocacy groups want strict liability for physical harm caused by AI agents. Neither extreme is likely to pass as written; watch for what compromise framework emerges.

State attorney general enforcement actions against companies deploying AI agents in consumer contexts are expected to accelerate. Colorado, California, and New York attorneys general have signaled interest in the space. The first major enforcement action involving AI agent liability will set a practical precedent faster than legislation.

Sector-specific guidance from financial regulators (SEC, CFTC, OCC) and healthcare regulators (FDA, CMS) is expected to define how AI agents must be supervised in regulated industries. These will likely be the most actionable standards in the near term because regulated industries have established compliance frameworks that can accommodate new guidance quickly.

The liability gap isn't going to be resolved by a single ruling or a single statute. It's going to be resolved incrementally through litigation, regulation, and industry practice — in that messy, slow order. The organizations that get ahead of it by building robust governance frameworks now will be better positioned when the legal standards finally crystallize.