When AI Hurts: Stress Testing the Heart of the Law

By Shadi Nasseri

In cardiac medicine, the condition of the heart cannot be assessed in a state of rest, nor is it wise to wait for moments of acute failure. Clinicians instead employ stress testing to measure cardiac performance under conditions of controlled exertion, typically by monitoring patients as they walk or run on a treadmill. This diagnostic technique often reveals vulnerabilities undetectable at rest.  Under strain, hidden weaknesses surface—irregular rhythms, constricted pathways, structural fragilities that calm conditions conceal.

At the recent panel, “When AI Hurts: Corporate Responsibility for Algorithmic Harm,” hosted at Osgoode by Professor Martin Petrin, one theme pulsed beneath every doctrinal discussion: artificial intelligence is placing the law under sustained pressure. And if law is the heart of a democratic society - circulating norms, distributing responsibility, sustaining trust - then AI functions as the stressor that tests its endurance in the face of emerging and increasingly complex legal challenges. 

AI systems now influence hiring, lending, securities trading, education, communications, and health care. They make or shape decisions once exclusively human; and when harm occurs (economic loss, discrimination, psychological injury, market manipulation), the causal chains are longer, more opaque, and more distributed across multiple actors and systems. In this context, the question becomes whether the law can preserve its steady cadence as the pace of technological change pushes it to run faster and faster.

For centuries, the common law has evolved incrementally, adapting to industrialization, mass production, financialization, and digitization. Negligence, fraud, public nuisance, product liability - these doctrines were built to regulate human actors making human decisions. At the same time, the legal system has embedded adaptive principles that enable it to evolve—doctrines such as technological neutrality, incrementalism through analogy, the “living tree” doctrine, and the open-textured character of standards such as reasonableness and foreseeability. Duties of care are established through proximity. Fault turns on knowledge and intent. Causation links conduct to harm. Liability is allocated. These principles have allowed the law to endure and respond to social and technological change. Artificial intelligence, however, introduced pressures of a different magnitude and speed. It was precisely this tension between doctrinal continuity and technological acceleration that animated the panel’s discussion, which examined how negligence, fraud, and the allocation of responsibility are each being placed under strain in distinct but interconnected ways.

Negligence Under Strain

One of the most vivid examples discussed by the panel was the litigation brought by Ontario school boards (including the Toronto District School Board), against Meta Platforms, TikTok, and Snap Inc. Their claim alleges negligent design and public nuisance, that these companies knowingly engineered platforms in ways that caused widespread disruption of the education system – diverting resources, exacerbating behavioural issues, and contributing to mental health crises.

The legal framework invoked in the litigation is not novel. The plaintiffs ground their claim in established negligence principles traceable to Donoghue v. Stevenson: duty of care, breach of the applicable standard, causation, and damages. But here is where the incline steepens, the doctrinal structure is familiar, the difficulty only arises in its application. The harm alleged is primarily relational and economic in nature. Canadian law has historically been cautious about pure economic loss. Establishing a duty therefore requires demonstrating sufficient proximity, and any extension of liability must be justified as an incremental development grounded in considerations of justice and fairness. The central issue is whether the relationship between social media platform designers and educational institutions is sufficiently close to ground such a duty. The negligence doctrine is thus being tested in a new context.

The negligence claims against social media companies illustrate how familiar doctrinal elements encounter novel factual configurations. The plaintiffs do not allege that defendants erected physical barriers to education. Rather, they contend that the platforms were deliberately and knowingly engineered - through geolocation, engagement optimization, and targeted notifications – in ways that foreseeably disrupted the educational system. The defence contests both proximity and foreseeability, arguing that the relationship between platform designers and educational institutions is too attenuated to ground a duty of care. Under these pressures, the courts must decide whether established negligence principles can coherently accommodate systemic harms arising from algorithmic design.

Fraud, Intent, and the Autonomy Problem

Where the social media litigation is testing the elasticity of proximity and foreseeability with negligence doctrine, the emergence of autonomous and learning AI systems places even more profound pressure on the mental-state architecture that underpins fraud.  Traditional fraud requires scienter: knowledge, recklessness, and intent to deceive. A plaintiff must establish a material misstatement, reasonable reliance, and causation. These elements presuppose a human decision-maker capable of forming a culpable state of mind. The difficulty arises when the operative “actor” is an algorithm that develops strategies through machine learning rather than explicit human instruction.

Panelists Christopher Bruner and Peter Wills considered scenarios involving high-frequency trading systems that might manipulate markets while pursuing a generic instruction such as “maximizing profit.” If no individual human formed a fraudulent intent in the classical sense, can we still allocate liability? Here, the stress test becomes acute. Fraud doctrine was built around human mental states. AI systems destabilize that foundation by generating outcomes that may be strategically sophisticated yet not traceable to a single, conscious mental state. In response, the panel considered several adaptive pathways: imputing an AI system’s “knowledge” to its developers or deployers; analogizing AI to an employee under agency principles; adopting burden-shifting or quasi-strict liability approaches; or relaxing reliance on scienter requirements, as has occurred in certain areas of U.S. securities regulation.  

These proposals do not abandon the doctrinal core. Rather, they attempt to recalibrate its rhythm. The deeper inquiry is whether intent and knowledge must be reconceptualized in functional terms—perhaps by asking whether the AI system would have behaved differently had a consequence been removed (a counterfactual test for “intent”), or whether it used specific information for a defined objective (a scope notion of “knowledge”). The law has historically adjusted its doctrines under technological pressure. The open question is whether the adaptation required here will remain incremental, or whether the strain risks distorting foundational concepts beyond recognition.  

Control, Foreseeability, and the Circulation of Responsibility

Building on the panel’s examination of negligent design claims and the challenges of proving scienter in algorithmic fraud, a further axis of strain emerged in the discussion: how to allocate legal responsibility in AI systems characterized by distributed and fragmented control. The allocation of legal responsibility has long been structured around the concept of control; agentic AI disrupts this conventional alignment. Large language model-based agents can iteratively plan, access external tools, access databases, refine strategies, and execute tasks with minimal ongoing human oversight. A user provides a broad instruction, and the system determines the operational pathway. When harms result, the attribution of control becomes contestable. Is responsibility property assigned to the user who articulated the goal, the developer who designed the model architecture, the corporation that deployed the system, or some distributed network of actors who collectively shaped its training data, parameters, and deployment context? The difficulty is not merely practical but conceptual.

As the incline increases with complexity, foreseeability becomes more and more blurred. Developers may possess systemic knowledge of general risks while lacking foresight into specific outputs. Users control initiation, but not the path taken. Corporations manage deployment but may not anticipate emergent behaviours. This diffusion of control does not mean responsibility disappears. Rather, it strains the arteries through which liability traditionally flows.

Litigation as Emergency Response

As panelist Amy Salyzyn observed, litigation is inherently reactive. By the time a case reaches court, the harm has already materialized. A stress test, by contrast, is diagnostic: it identifies vulnerabilities before catastrophic failure.  When the heart falters under exertion, clinicians intervene (perhaps with medication, with surgery, or with lifestyle change). Similarly, the legal responses to AI cannot be singular. The panelists outlined a list of options. Ex post liability regimes (negligence, nuisance, fraud) will continue to evolve incrementally through judicial interpretation. Ex ante regulatory frameworks may articulate risk tiers or sector-specific obligations. Insurers may function as soft regulators, pricing AI-related risk and influencing corporate behaviour through coverage conditions. Gatekeepers (i.e. auditors, platforms, financial institutions) may assume greater responsibility in monitoring systemic risk.

Evidence of strain does not necessitate doctrinal abandonment. The discussions of the panel suggest that the legal system has not reached doctrinal failure. Negligence law remains operational, even as it confronts novel factual matrices. Fraud doctrine exhibits strain but retains conceptual elasticity. Public nuisance and product liability continue being extended incrementally, grounded in established principles of proximity, knowledge, and control. Nevertheless, the pressures on these doctrines are intensifying, and their continued adaptive resilience cannot be taken for granted.

AI systems scale rapidly. The harms they generate may be diffuse, cumulative, and distributed across institutional and geographic boundaries. Their evidentiary opacity complicates discovery and proof. At the same time, powerful economic incentives drive their deployment and expansion. The heart of the law continues to beat—but at a much faster pace. The real risk is not that AI requires immediate, sweeping abandonment of existing doctrine. Rather, it is that we fail to attend to the diagnostic signals now emerging.  Where the law shows early signs of strain (evidentiary bottlenecks, liability gaps, doctrinal contortions), we must respond with thoughtful regulatory design—not complacency.

AI does not introduce entirely new moral dilemmas. Rather, it accelerates, amplifies, and exacerbates existing ones. The discomfort of the present moment reveals where our legal assumptions about agency, causation, and responsibility may require attention and refinement. If law functions as the heart of a democratic society, its vitality depends upon its capacity to respond under pressure. For now, the heart continues to pump—but the stress test is just getting started.  

---