In January 2026, an autonomous AI trading agent operating on behalf of a mid-size hedge fund executed a series of options trades that generated $2.3 million in losses in under four minutes. The agent had been configured with broad discretion to execute momentum-based strategies, and it interpreted a flash of unusual volume as a buying signal. The volume was, in fact, the early signature of a market-moving enforcement action by the SEC. By the time the fund's human risk manager noticed the position, the damage was done.
The fund sued the AI vendor. The vendor pointed to the fund's configuration choices. The broker questioned whether the trades should have been executed at all without human confirmation. Three parties, three plausible arguments, and no clear legal framework for resolving which entity bears the loss when an autonomous system spends money it was authorized to spend but spends it badly.
This is the emerging reality of AI agents with financial authority. I have been retained as a technical expert in several matters involving autonomous AI systems that execute transactions, and the pattern is consistent: the technology has outpaced the legal frameworks designed to govern financial responsibility.
What AI Agents Actually Do With Money
The term "AI agent" covers a broad spectrum of autonomy. At one end are simple automation scripts that execute pre-defined rules. At the other end are large language model-based agents with the ability to reason about goals, plan multi-step actions, and interact with external APIs to execute real-world transactions. The litigation risk lives primarily at the higher end of this spectrum.
Autonomous purchasing agents are now deployed by enterprise procurement departments. These systems monitor inventory levels, evaluate supplier pricing, negotiate terms through automated messaging, and execute purchase orders, all without human approval for transactions below configurable thresholds. When these agents make poor purchasing decisions, overpay for goods, or commit to unfavorable contract terms, the question of who bears the cost is genuinely novel.
Algorithmic trading systems have existed for decades, but the new generation of LLM-powered trading agents represents a qualitative shift. Unlike traditional algorithmic trading, which executes pre-programmed strategies, these agents can interpret news, assess market sentiment, and make discretionary trading decisions that their developers did not explicitly anticipate. The agent is not following a script. It is making judgments.
AI contract negotiation tools are perhaps the most legally fraught category. Several enterprise platforms now offer AI agents that can negotiate contract terms, propose modifications, and in some configurations, accept terms on behalf of their principal. The question of whether a contract "signed" by an AI agent is binding, and on whom, has not been definitively resolved in any jurisdiction.
The fundamental problem is simple: agency law requires an agent to be a legal person. An AI system is not a legal person. Yet it is performing the functions of an agent with real financial consequences.
The Agency Law Problem
Traditional agency law, rooted in the Restatement (Third) of Agency, contemplates a relationship between a principal and an agent, both of whom are legal persons capable of forming intent and bearing legal obligations. The principal authorizes the agent to act on their behalf, and the agent's actions bind the principal within the scope of that authority.
AI agents break this framework at multiple points. The AI cannot form intent in the legal sense. It cannot be sued independently. It cannot be held personally liable for its actions. Yet it exercises what looks, from the outside, exactly like agency: it makes decisions, enters transactions, and creates binding obligations for its principal.
Courts are likely to resolve this tension by treating AI agents as sophisticated tools, analogous to automated systems that have existed in commercial law for decades. Under this framework, the principal bears responsibility for the agent's actions because the principal chose to deploy the tool and configured its parameters. This is essentially a strict liability approach, and it has the virtue of clarity. But it creates significant challenges for organizations deploying AI agents with broad discretion, because it means they bear the full downside of decisions they did not make and may not have anticipated.
The Vendor Liability Question
When an AI agent causes financial harm, the deploying organization will almost certainly seek to shift liability to the AI vendor under theories of products liability, breach of warranty, or negligence. These claims raise technically complex questions that require expert analysis.
Was the agent's behavior a defect or a feature? If the agent was designed with broad discretion, and that discretion led to a poor outcome, the vendor will argue that the system performed as designed. The deployer chose to grant that level of autonomy. The deployer configured the risk parameters. This is a classic risk-allocation dispute, and technical expert testimony about the system's design, the adequacy of its guardrails, and industry standards for autonomous financial systems will be central to its resolution.
Was the agent's behavior foreseeable? This is where my analysis as an AI expert becomes critical. I can examine the model's architecture, its training data, its testing history, and its documented failure modes to assess whether the specific behavior that caused harm was something the vendor knew about, should have known about, or could not reasonably have anticipated. The answer depends on detailed technical analysis, not legal abstractions.
Practical Considerations for Litigation
For attorneys handling disputes involving AI agents and financial transactions, several practical points are essential.
Capture the configuration. AI agents are highly configurable, and the configuration at the time of the disputed transaction is critical evidence. This includes the agent's authorized transaction limits, its risk parameters, its approval workflows, and any constraints on its decision-making authority. These configurations may be changed after an incident, so early preservation requests are essential.
Reconstruct the decision chain. Unlike a human decision-maker who can be deposed, an AI agent's "reasoning" exists in logs, model outputs, and intermediate computations. Reconstructing why the agent made a specific decision requires access to the model's inputs, its internal state at the time of the decision, and any context window or memory that informed its action. This is technical work that requires expert involvement.
Examine the testing regime. A well-designed AI agent should be subjected to extensive testing before being deployed with financial authority. Did the vendor test for the specific type of failure that occurred? Did the deployer conduct its own testing? Were there documented failure modes that matched the incident? The testing record is often the most revealing evidence in these cases.
The deployment of AI agents with financial authority will only accelerate. The legal frameworks for allocating risk and liability are still forming. For litigators encountering these disputes, the technical details of how the agent was built, configured, and deployed will determine the outcome. The law will follow the engineering.
The Criterion AI provides expert witness services and litigation support for matters involving artificial intelligence, machine learning, and algorithmic decision-making. For a confidential consultation on an active or anticipated matter, contact us at criterion@thecriterionai.com or call (617) 798-9715.