XFactorAi Chief Executive Officer John Margerison has warned that enterprises could face a surge in AI lawsuits by 2027, driven by the legal exposure that comes with deploying AI tools.
He said many businesses misunderstand where liability sits when they buy AI systems from third-party vendors. Companies can still be held responsible for the actions of those tools, he argued, even when the software is supplied and maintained by another provider.
His comments highlight the implications of the Mobley v. Workday case in the United States, an age discrimination lawsuit centred on AI hiring software. Alongside Workday, dozens of companies that used the tool were also named as co-defendants.
The case is significant because the court was prepared to treat Workday as an agent of the employers using its software. In practice, that meant the hiring technology could be seen as part of the same legal chain of responsibility as the companies deploying it.
Margerison said the case should prompt boards and senior executives to revisit assumptions about vendor contracts. Businesses often sign AI agreements without fully testing how liability, oversight and accountability are allocated if the technology causes harm, he said.
Regulation is also moving faster. AI mentions in legislative proceedings worldwide have increased ninefold since 2016, according to figures Margerison cited. In the US, 145 AI laws were enacted last year, while AI mentions in legislative proceedings rose 21.3% in 2024.
Incident reports are also climbing. The 2026 Stanford AI Index recorded 362 documented AI incidents in 2025, up from 233 a year earlier. Margerison said that rise shows companies are struggling to keep pace with the systems they are adopting and the rules being built around them.
Preparedness appears limited. Only 3% of compliance professionals say their organisation is ready for AI regulation in its current form, according to the figures he referenced.
Governance gaps
The warning feeds into a broader debate over who is accountable when AI systems make or support decisions in areas such as recruitment, communications and customer service. As companies embed AI into routine business processes, questions around explainability, oversight and contractual risk are moving from technical teams to boards, legal departments and compliance officers.
Margerison argued that governance structures inside many large organisations remain too vague to manage that risk. In his view, committees and working groups can diffuse responsibility rather than clarify it, leaving no single executive clearly answerable when a system fails or a legal claim emerges.
"There's a common misconception that, should AI agents cross legal lines, the enterprises that deploy them are off the hook. Boards often assume that vendors take the fall, but that's a misunderstanding that I think will land them in legal hot water as early as next year.
The reality is that AI deployers are just as culpable for the actions of AI agents as the vendors they buy them from. Mobley v. Workday should serve as a stark wake-up call in that regard. Without proper scrutiny of vendor tools and terms, AI contracts can now turn into co-defendant agreements.
None of the fixes are difficult. They just aren't particularly popular. Businesses should name one accountable owner for AI governance, not a committee or working group, who can be asked to their face what went wrong. That's, in my view, the most important step enterprises can take to protect themselves. One human to oversee and take responsibility for ensuring these agents work responsibly, with the organisational authority and power to do so.
Second, whoever is designated as responsible for AI governance must take a hard, honest look at the tools they already run, asking the questions that never came up at signing. Scrutiny of contracts, as well as of the technology itself, must be far more thorough and vigilant as we hurtle toward a heavily regulated environment.
AI oversight is accelerating, so boards must be aware of the risks and make these changes now. Frankly, it's a race against the clock. Otherwise, legal fees, regulatory fines and reputational damage could be only a misstep away," said John Margerison, Chief Executive Officer, XFactorAi.
Board scrutiny
XFactorAi describes itself as an AI communications platform serving large companies and government environments. Margerison's argument is that legal exposure now extends well beyond developers of foundation models or specialist AI software vendors, reaching the businesses that deploy those systems in operational settings.
That position reflects a shift in how AI risk is being discussed inside corporate legal teams. Early debate often focused on intellectual property, data privacy and model accuracy. Increasingly, the concern is whether the use of automated systems in hiring, communications or decision-making could create employment, consumer protection or discrimination claims against the end user as well as the vendor.
Margerison said companies have a limited window to respond. He urged businesses to audit all existing AI tools, examine contracts more closely and assign one accountable owner for AI governance rather than leaving oversight spread across multiple functions.
His central claim is that enterprises are entering a more heavily regulated environment without the internal structures needed to manage it. "Otherwise, legal fees, regulatory fines and reputational damage could be only a misstep away," Margerison said.