In brief
Organizations that develop or deploy AI agents – autonomous systems that can pursue goals and take actions with limited human intervention – are navigating a rapidly evolving US legal landscape that pulls agentic AI under laws that govern action. Emerging legal developments support the view that accountability generally runs to the humans and entities behind the agent. A California statute now forecloses defendants from arguing that AI autonomously caused alleged harms, a June 2026 presidential executive order has directed the Department of Justice to prioritize enforcement against bad actors who employ AI agents for nefarious purposes, and federal cybersecurity and national security agencies have issued guidance signaling that companies will be expected to govern, monitor, and explain what their agents do. Companies should act now to build governance into agentic systems rather than retrofitting controls after a dispute arises.
Key Takeaways
- Agents pull AI from content into conduct. Because AI agents can access systems and bind humans to transactions, they drop AI into bodies of law built to govern action – such as agency, tort, contract, and computer access – in addition to the content-focused rules that govern chatbots.
- Accountability generally runs to the company and its people. Who is accountable for an AI agent’s actions or omissions is one of the key questions that courts and regulators will continue to grapple with. But principles of agency, tort, and contract law, a recently enacted California law barring defendants from asserting that AI caused the harm, and emerging regulatory guidance suggest that courts and regulators will generally look to the humans and entities behind an AI agent as being responsible for what it does.
- Build governance in now. The law is unsettled but the compliance trajectory is not. Early regulatory developments suggest that companies will be expected to govern, monitor, and explain what their AI agents do. Authority limits, human oversight, logs, security controls, and other safeguards should be designed into agentic systems from the start, not bolted on after litigation or regulatory scrutiny begins.
What are AI agents?
AI agents, in the OECD’s framing, are “systems that perceive and act upon their environment with a degree of autonomy, using tools as needed to achieve specific goals and adapt to changing inputs and contexts.” In practice, AI agents include a diverse class of large language model-powered systems. An example could be an AI agent that responds to customer complaints and autonomously issues refunds. Another might be one that schedules recruiting interviews and evaluates candidates.
Why do AI agents introduce additional legal issues?
An AI agent’s capacity to act – to take initiative, to transact, to access systems, to bind a user to a deal – is what distinguishes today’s AI agents from generative AI (even if certain complex generative AI systems technically also involve the use of agents to plan and decide on how to address a user’s prompt). AI chatbots and assistants are and have been subject to content-related disputes focused on digital inputs and outputs. Meanwhile, as humans and organizations adopt AI agents more widely, laws and courts will need to grapple with who is responsible in situations where AI agents act, or fail to act, in ways that cause harm or amount to unlawful conduct.
What do US laws currently say about AI agents?
There are currently few US laws and judicial decisions that explicitly refer to AI agents, but existing laws and principles suggest that companies will be expected to govern, monitor, and explain what their AI agents do.
Agent-signed contracts can be binding
An electronic signature law from the year 2000 already established that legal accountability does not necessarily stop with “electronic agents.” The federal E-SIGN Act defines an “electronic agent” as “a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part without review or action by an individual at the time of the action or response.” This definition seems broad enough to encompass modern AI agents. The statute provides that a contract or record “may not be denied legal effect, validity, or enforceability solely because its formation, creation, or delivery involved the action of one or more electronic agents so long as the action of any such electronic agent is legally attributable to the person to be bound.” This clause makes clear that electronic agents can bind a principal, but leaves courts room to decide when attribution is legally appropriate.
Agents can create accountability and liability risks
A California law enacted last year provides that, in an action against a defendant that developed, modified, or used AI alleged to have caused harm to the plaintiff, the defendant may not assert as a defense that the AI autonomously caused the harm. The statute preserves other defenses, including evidence relevant to causation, foreseeability, and comparative fault. This means that it is still relevant for companies up and down the AI supply chain to allocate and document their own and others’ responsibilities in the development and deployment of agentic systems. This also means that tort law doctrines such as in relation to defects, component parts, and failures to warn may play a significant role in California lawsuits involving agent-facilitated harm. But California’s statute seems to squarely reject the idea that AI autonomy itself breaks the chain of accountability.
General principles of agency law point in the same direction. Vicarious liability rules can make a principal or employer responsible for acts taken by agents or employees within the scope of their authority or employment. Agency law also distinguishes between actual authority, where the principal expressly or impliedly authorizes the agent to act, and apparent authority, where the principal’s words or conduct cause a third party reasonably to believe the agent is authorized. In the context of agentic AI, these concepts point to practical questions such as what permissions, credentials, instructions, workflows, and system access a company or employee gave an AI agent, and how the agent’s authority was presented to users or counterparties.
Agentic conduct can constitute unauthorized computer access
Computer-access laws may also constrain how AI agents interact with third-party platforms. In an early test case, a major online marketplace sued the developer of an AI browser agent, alleging that the agent accessed password-protected areas of the marketplace’s site, used customer accounts, and disguised automated activity as ordinary human browsing. The district court preliminarily enjoined the agent, finding the marketplace likely to succeed on claims under the federal Computer Fraud and Abuse Act and California’s computer fraud statute. The court rejected, at least at that stage, the argument that an AI agent necessarily inherits the user’s authorization to access a platform. The injunction has since been stayed pending appeal, so the issue remains unsettled. But the case illustrates that user permission may not be enough: agentic conduct may be treated as unfair or unauthorized where the agent exceeds platform restrictions, masks its identity, or creates security, data-protection, or system-integrity risks.
Agents raise cybersecurity issues
Federal cybersecurity policy is also beginning to address agentic AI directly. A June 2026 presidential executive order directs the Department of Justice to prioritize enforcement of federal criminal laws against AI-enabled hacking, including the use of “AI agents to unlawfully access data or information” for a criminal or unlawful purpose. CISA and partner agencies have likewise issued guidance on the careful adoption of agentic AI services, warning that agents can introduce risks through autonomous actions, expanded system access, inter-agent interactions, and difficulty tracing responsibility for decisions. The guidance urges organizations to manage those risks through governance, human oversight, least-privilege access, logging, monitoring, auditability, and clear accountability for agentic systems.
Agents can complicate IP ownership
AI agents that generate software also raise ownership questions. Copyright can protect software, but US copyright protection generally depends on human authorship; where an AI agent independently writes code from high-level prompts, there may be no protectable human-authored expression in the resulting code. Patent law raises a similar issue: AI-assisted inventions are not categorically excluded from patent protection, but US Patent and Trademark Office guidance continues to require a human inventor, meaning protection depends on whether a natural person made a sufficient inventive contribution rather than merely prompting or accepting the AI agent’s output. These issues are particularly important in vibe coding workflows, where a human may describe the desired software while the agent selects tools, makes implementation choices, and writes the code. Companies using coding agents should therefore document human contributions, review and modify AI-generated code where appropriate, and check for open-source or third-party code incorporated by the agent.
What should companies do?
Companies should not wait for laws specific to AI agents to harden before governing agentic systems. Existing legal regimes already provide regulators, plaintiffs, platforms, and counterparties with legal bases to challenge what AI agents do, and emerging guidance points toward the same practical expectation: companies should know what authority their agents have, what systems they can access, what actions they can take, how those actions are supervised, and how they will be explained after the fact. Agentic AI governance should therefore be built into the design and deployment process from the beginning, through documented authority limits, human approval points, monitoring and logging, security controls, vendor responsibility allocations, and periodic reviews as agentic capabilities and use cases evolve.
The author gratefully acknowledges the contribution of Emilyne Kim, law student and Baker McKenzie summer associate, in assisting in the preparation of this client alert.
