438: AI Liability: The Landmines Under Your SaaS

What It Covers

Arvid Kahl examines AI liability risks for SaaS founders after Anthropic and Google ban third-party agentic systems like OpenClaw, arguing that founders bear full legal responsibility for AI-caused damage, and outlining five concrete protective measures covering rate limiting, labeling, backups, kill switches, and provider abstraction.

Key Questions Answered

• •AI Liability Transfer: Standard business insurance likely does not cover AI-caused damage, leaving founders exposed. When a customer-facing chatbot or agentic feature causes harm — deleting data, misinterpreting commands, or leaking information — legal recourse targets the founder's business, not the AI provider. Treat every AI feature as an uninsured employee action until coverage is confirmed.
• •Rate Limiting as Default Defense: Set a baseline of 20 requests per minute on every API endpoint, including MCP, REST, and web routes. Customer-deployed agents can iterate across hundreds of endpoints in minutes, exploiting unauthenticated paths no human would find manually. Rate limiting prevents both malicious actors and confused autonomous agents from hammering infrastructure.
• •Consent-Based Audit Trails: Every AI-executed action requires a logged consent moment tied to a specific user ID, timestamp, and AI executor — not just the change itself. Standard SaaS audit logs track what changed and which user credential authorized it, but fail to record whether an AI agent performed the action, creating a critical accountability gap in incident response.
• •Provider Abstraction Layer: Build every AI feature behind a configuration-toggle abstraction layer that enables swapping between providers — Anthropic, OpenAI, or self-hosted models — without rewriting product logic. Google and Anthropic are already revoking API access for unsanctioned agentic use, meaning a single provider dependency can kill a feature or entire product overnight with zero recourse.
• •Kill Switch Architecture: Implement a single system-wide toggle that disables all LLM connections simultaneously across every product feature. This serves dual purposes: containing damage during incidents and blocking token-draining attacks where users attempt to exploit AI features beyond their plan limits. Combine with soft deletes instead of hard deletion to enable data recovery after agent errors.