Here is a habit I run into at agencies all the time. A producer needs to draft a tricky client email, so she pastes the client’s details and the policy notes into ChatGPT and lets it write the first draft. It saves her ten minutes. It also quietly sends information she is legally responsible for protecting onto a server she does not control.
That little scene is the whole AI question for an agency in one moment. Not “should we use AI,” that part is settled. The real question is what kind, and what you let it touch.
You have three options: build your own AI, use a general tool like ChatGPT, or buy something built for insurance. Here is the short version before the detail. Use general AI for general work, never point it at client data or regulated workflows, and buy purpose-built for anything that touches policies, calls, certificates, or your AMS. Building your own almost never pays for an agency. The rest of this explains why.
The three options, said plainly
Build your own. This means hiring developers, wiring up models, and maintaining the thing. It sounds appealing because you control everything. In practice it is a money pit for anyone who is not a large carrier. The hard part of AI was never the demo, it is getting something reliable into daily production and keeping it there. Across the economy, the share of companies that abandoned most of their AI builds jumped from 17% to 42% in a single year. Those are firms with engineering teams. An agency building its own is signing up for the same fight with none of the staff.
Use a general tool. ChatGPT, Claude, Gemini, Copilot. These are genuinely useful and you should use them. More on exactly where in a second. The catch is that they were built to be good at everything, which means they are not built for the specific, regulated, data-sensitive work an agency runs on.
Buy purpose-built. An AI made for insurance: it knows what a COI is, plugs into your AMS, answers your phone, and carries insurance-grade security and a clear audit trail. You are buying a tool that already did the hard part.
What ChatGPT is genuinely great at (use it)
I am not here to talk you out of ChatGPT. We use general AI ourselves. It is excellent for work that does not involve a real client’s data:
- Drafting and rewriting marketing copy, social posts, and newsletters.
- Brainstorming, outlining, turning rough notes into something readable.
- Summarizing a long, non-sensitive document you paste in.
- Explaining a concept or a piece of jargon to a new hire.
For that kind of work it is fast, cheap, and good. If a tool saves your team time on generic writing and thinking, let it. The trouble starts the moment you point it at the actual insurance.
Where general AI breaks for an agency
Three walls, and you hit all of them fast.
It does not know insurance. A general model has no real grasp of ACORD forms, carrier appetite, state-by-state rules, or what belongs on a certificate. It will produce something that looks right and is wrong in ways your client will not catch until it matters. Confident and wrong is the worst combination in this business.
It does not touch your systems. ChatGPT lives in a browser tab. It cannot look a caller up in your AMS, log a call, issue a certificate, or answer the phone at 9pm. Everything it does, someone has to copy in and copy out by hand, which is exactly the friction that kills tools before they stick.
It is a compliance problem with client data. This is the one that should stop you. When a producer pastes a client’s information into a consumer version of ChatGPT, that data lands on servers you do not control, and on the consumer tiers it can be used to improve their models unless you have turned that off. You are a financial institution under the Gramm-Leach-Bliley Act, with a legal duty to protect customer financial information. Add state privacy laws, and HIPAA for any health or benefits lines, where the consumer versions of ChatGPT do not even offer the Business Associate Agreement the law requires. None of this is theoretical. It is exactly the kind of intended-versus-executed gap that turns into an E&O claim, and regulators are already paying attention to how agencies use these tools. We built our whole platform around not doing this, which is why security is not an afterthought for us.
And pasting one client’s details into a chatbot is the small version of this. The big version is what happens when an agency wires a general AI straight into its systems. It is tempting: give the AI broad read access to the AMS, the CRM, and the email inbox so it can pull up any customer record on demand. It works, which is the trap. Now a general model is reading every client record in the agency, financial details, health information on the benefits accounts, all of it. That is not one risky message, it is your entire book of business moving through a tool that was never scoped, audited, or contracted to hold it. Depending on who your clients are, that single decision can put you crossways with the SOC 2 assurances your carriers expect, GDPR where you have any European exposure, HIPAA on health lines, GLBA, and your state privacy law, all at once. The problem is never that you used AI. It is that you gave it the keys to everything. Purpose-built tools take the opposite approach: they reach only the data a task needs, keep it in an environment built and audited for it, and carry the agreements that make that defensible.
The part you cannot build or prompt your way to
Here is the argument that settles it for most agencies, and it comes from the carriers of all places.
The 2026 Evident AI Index benchmarked the 30 largest insurers and found something telling. The thing separating the leaders was not the model they bought, because everyone can buy the same models. It was organizational learning. Allianz topped the list with more than 900 registered AI use cases and an AI specialist team that grew 32% in a year while its overall workforce shrank. Its real lead is the accumulated knowledge of what works, what fails, and how the work has to change.
You cannot download that, and you certainly cannot build it at agency scale. But you can buy it. A purpose-built insurance AI has already run the agency workflow hundreds of thousands of times, across real calls, real certificates, and real AMS records. When you buy it, you are buying the climb up that learning curve, already done. That is the opposite of starting your own pile of pilots and hoping one of them sticks.
So, build, buy, or ChatGPT?
A simple way to decide:
| The work | Best fit |
|---|---|
| Marketing copy, brainstorming, summarizing non-sensitive text | General AI like ChatGPT |
| Anything touching client data, policies, COIs, calls, or your AMS | Purpose-built insurance AI |
| Differentiating at the model level with an in-house AI team | Building, and only if you are a large carrier |
Most agencies live in the first two rows. The third is not your fight, and anyone telling a normal agency to build its own AI is selling you a project, not a result.
Where InsuraMate AI fits
We are the second row. InsuraMate AI is built for insurance, not adapted to it. It answers every call, finds the caller in your AMS, handles the routine request, issues the certificate, logs the interaction, and escalates anything that needs a licensed human. The data stays in an environment built for it, with the audit trail your E&O carrier expects. It is the opposite of pasting client details into a public chatbot, and it already did the learning so you do not have to.
If you want to see how a purpose-built system stacks up against a generic chatbot, here is the head to head.
The bottom line
Use general AI for general work. It is a fine assistant for writing and thinking, and it costs almost nothing. For anything that touches your clients or your book of business, buy purpose-built, because that is where the compliance risk, the integration, and the accumulated learning all live. Building your own is a carrier’s project, not an agency’s.
If you would like to see what purpose-built looks like for your shop, book a 15-minute call and we will walk you through a real one.
Quick answers
Can insurance agents use ChatGPT?
Yes, for general work that does not involve a real client’s information: marketing copy, brainstorming, summarizing non-sensitive text. Avoid it for anything touching client data, policies, or regulated workflows unless you have the right enterprise agreements and controls in place.
Is it safe to put client information into ChatGPT?
On the consumer versions, no. Your client data lands on servers you do not control and can be used to train models unless you opt out, which sits badly against your obligations under the Gramm-Leach-Bliley Act, state privacy laws, and HIPAA for health and benefits lines. Use a tool with insurance-grade security and a proper data agreement instead.
Should my agency build its own AI?
Almost certainly not. Getting AI from a demo to reliable daily production is hard enough for companies with engineering teams, and most give up. For an agency, buying a purpose-built tool gets you there faster, cheaper, and safer.
Sources
- 2026 Evident AI Index for Insurance, benchmarking the 30 largest insurers on Talent, Innovation, Leadership, and Transparency: Evident Insights. evidentinsights.com
- Allianz ranked first, with more than 900 AI use cases and AI roles up 32% as the workforce shrank: Allianz and The Insurer. allianz.com, theinsurer.com
- Companies abandoning most AI initiatives, 17% to 42% year over year: S&P Global Market Intelligence, 2025. spglobal.com
- Compliance risks of putting client data into general AI tools, covering GLBA, HIPAA, and state privacy: Kitces and Xilo. kitces.com, xilo.io
Georgijus Korobkovas
Founder & CEO