The New York Department of Financial Services (DFS) issued new cybersecurity guidance for all entities regulated by the DFS, focusing on risks from artificial intelligence (AI).

As AI use grows, it also presents new opportunities for cybercriminals at greater scale and speed. This Guidance highlights some of the more concerning threats identified by cybersecurity experts, but the guidelines are not exhaustive. Rather, the guidelines can help entities understand and assess AI-related cybersecurity risks and outlines controls to mitigate those risks.

Matters addressed in the guidance include:

• AI-enabled social engineering
• AI-enhanced cybersecurity attacks
• Exposure or theft of vast amounts of nonpublic information
• Increased vulnerabilities due to third-party, vendor, and other supply chain dependencies
• Controls and measures that mitigate AI-related threats
• Risk assessments and risk-based programs, policies, procedures and plans
• Third-party service provider and vendor management
• Access controls
• Cybersecurity training
• Monitoring
• Data management