NYDFS Issues Guidance on Frontier AI Cyber Risks, Heightened Cyber Threat Environments

The New York Department of Financial Services (NYDFS) has issued new guidance to entities subject to its cybersecurity regulation (regulated entities), including on cybersecurity threats associated with frontier AI models. On May 21, 2026, NYDFS issued two industry letters: an advisory to chief information security officers (CISOs) of regulated entities on heightened cybersecurity risks posed by "frontier AI models" capable of accelerating vulnerability discovery and exploit development (the AI Advisory), and broader guidance on measures regulated entities should consider when operating in a "heightened cybersecurity threat environment" (the Guidance). The two documents are meant to be read together, with the AI Advisory referencing specific sections of the Guidance that entities should review to respond to AI-driven threats.

Regulated entities should review both letters carefully and assess their practices against NYDFS's guidance. NYDFS is known to follow such industry guidance with targeted enforcement, and regulated entities should expect NYDFS to probe how they have weighed the recommendations in the letters in both enforcement actions and examinations. Regulated entities include New York-chartered banks and trust companies, New York-licensed branches of foreign banks, and other New York-licensed financial institutions. These other types of financial institutions include insurance providers, brokers, and NY BitLicense holders. Providers to regulated entities, though not subject to the cybersecurity regulation directly, may have obligations passed down to them through their agreements with regulated entities.

Frontier AI Models Advisory

The AI Advisory, titled "Heightened Cybersecurity Risks Associated with Frontier AI Models," is addressed specifically to CISOs of regulated entities. The advisory warns that certain frontier AI models "amplify the potency, scale, and speed of identifying vulnerabilities and exploits in information systems." NYDFS notes that while these capabilities are not yet broadly available, they "may become more available soon," and urges regulated entities to improve their security posture now.

The AI Advisory recommends that regulated entities review and update their risk assessments (which regulated entities are required to conduct under the cybersecurity regulation) to reflect evolving risks posed by AI and to identify places where existing controls should be strengthened. The advisory highlights four categories of recommendations that regulated entities should consider for improving their defenses in response to AI-driven risks:

• Expedited vulnerability management. Regulated entities should reassess how they evaluate the criticality of and risks posed by known software vulnerabilities and find ways to shorten their timelines for remediating those vulnerabilities. These steps are crucial as AI helps attackers develop ways to exploit vulnerabilities more quickly.
• Coordination with third-party service providers. Regulated entities should coordinate with and oversee critical third-party service providers and supply-chain providers to address significant vulnerabilities and operational risks. Among other things, regulated entities are advised to review relevant threat intelligence, identify critical third-party dependencies, validate third-party software code, and communicate specific cybersecurity and vulnerability remediation obligations to providers.
• Secure programming practices. Regulated entities are advised to perform additional software testing and validation procedures, including human oversight, for AI-generated code prior to deployment in production environments. More broadly, the AI Advisory recommends that regulated entities use secure coding practices to prevent unauthorized or insecure changes to software code.
• Heightened monitoring and prompt reporting. Regulated entities should ensure that they are able to promptly flag and respond to suspicious activity, including by evaluating the sufficiency of existing logging and security event alerting. The AI Advisory also encourages regulated entities to review operational resilience procedures (e.g., maintaining and securing backups of sensitive data, developing plans to restore critical operations, etc.), which may become more critical as AI-enabled cyber capabilities evolve.

The AI Advisory serves as a compendium to the Guidance, and each of these categories includes cross-references to more detailed recommendations in the Guidance. The AI Advisory also encourages CISOs to revisit NYDFS's 2024 industry letter on AI-related cyber risks.

NYDFS has established itself as a major player in cybersecurity and AI regulation. As we discussed in a recent blog post, amendments to New York's Responsible AI Safety and Education Act (RAISE Act) give NYDFS rulemaking, oversight, and enforcement authority over large frontier AI developers' risk governance program—even where those developers are not covered by the cybersecurity regulation.

Heightened Cybersecurity Threat Environment Guidance

The Guidance is broader than the AI Advisory, providing recommended actions regulated entities should consider when they "become aware of a heightened cybersecurity threat environment." The Guidance expressly is not limited to AI-related cyber threats, noting that a heightened cybersecurity threat environment may arise from "geopolitical events that have the potential to increase the risk of cyber-attacks" (presumably including the ongoing conflict in Iran), "technological developments that materially change cybersecurity risks, such as the release of frontier AI models," and other causes.

The Guidance "is intended to inform risk management and compliance efforts and does not establish new legal requirements." The Guidance provides recommendations across three categories and includes:

• Reducing the attack surface. Regulated entities are advised to expeditiously remediate known exploited vulnerabilities, disable unnecessary ports and protocols, restrict multifactor authentication (MFA) enrollment to authorized processes with strong identity verification, employ phishing-resistant MFA, segment networks to limit attackers' ability to move across a compromised network, validate cloud configurations, conduct reviews of privileged access accounts, and employ secure coding practices.
• Improving threat detection and readiness. The Guidance advises regulated entities to use and maintain intrusion prevention, detection, and response controls (including endpoint detection and response (EDR)), and capture logs and security event-alerting data and promptly action anomalous activity. In addition, entities should review and act on threat intelligence, train personnel on how to detect and prevent social engineering and other common cyber threat campaigns, enhance monitoring of third-party code, and engage with critical third-party service providers on responding to heightened cyber risks.
• Improving resilience and response. Regulated entities are advised to test their backups of critical systems and data, including recovery time objectives (RTOs), and to review and test business continuity and incident response plans. Regulated entities should also develop communications strategies to address extended downtimes, confirm whether operational technologies (OTs) are able to maintain operation even if other information systems are compromised, and monitor financial transactions (including virtual currency activity) for compliance with sanctions and anti-money laundering obligations.

Growing Concerns About AI-Driven Security Risks

NYDFS issued these industry letters amid intense concern about how rapid developments in AI enable hackers to automate and accelerate their activities. Researchers have documented multiple cybersecurity attacks where threat actors used AI to automate large components of the attack with little human oversight. CrowdStrike's 2026 Global Threat Report documents an 89% year-over-year increase in attacks by AI-enabled adversaries and finds that attackers have "integrated AI into multiple operational stages to accelerate, optimize, and troubleshoot existing techniques." Earlier this month, Google's Threat Intelligence Group (GTIG) announced that it had for the first time identified a threat actor exploiting an unpublished vulnerability using an exploitation technique developed by AI. The Semiannual Risk Perspective for Spring 2026 issued by the Office of the Comptroller of the Currency (OCC) explains that "AI lowers the barrier to entry for threat actors and increases the speed, scale, and sophistication of cyberattacks against financial institutions and their customers," including through "automated reconnaissance, rapid vulnerability discovery and exploitation, targeted social engineering, and adaptive malware …”" Similar to NYDFS's industry letters, OCC recommends that financial institutions implement more stringent security measures, such as multifactor authentication and timely patch management.

Concerns about AI's ability to facilitate hacking at a yet-unrealized scale have been compounded by the introduction of powerful models over the last several months, including cybersecurity-focused models like Anthropic's Claude Mythos. These models have demonstrated AI's ability to identify decades-old software vulnerabilities and generate working exploits at speeds well beyond human capabilities, compressing the window between discovery and exploitation of software vulnerabilities toward real time. Foreign authorities, including Singapore's Cyber Security Agency and the Australian Signals Directorate, have issued advisories similar to NYDFS's on responding to cyber threats posed by these new AI capabilities.

These concerns nearly triggered federal intervention from the Trump Administration. President Trump considered signing an executive order that, according to a draft obtained by various media outlets, would have established an "AI cybersecurity clearinghouse" for voluntary cooperation between the federal government and AI industry to identify and remediate software vulnerabilities. The executive order also would have created a voluntary framework under which AI developers could give the federal government access to "covered frontier models" up to 90 days before release, and under which the federal government and AI developers could have identified "trusted partners" to receive early access to frontier models (potentially similar to how Anthropic has released Claude Mythos to a select group of partners through its Project Glasswing initiative). On May 21, 2026—the same day NYDFS issued its letters—President Trump postponed signing the order, citing concerns about how the order might hinder AI development.

Looking Ahead

Entities subject to NYDFS's cybersecurity regulation should review the two industry letters carefully. NYDFS is known to follow up on its published guidance with targeted enforcement efforts. Although the Guidance states that some of its recommendations go beyond the "explicit minimum controls" mandated by the cybersecurity regulation, NYDFS may inquire into how regulated entities considered and addressed the AI Advisory and Guidance in light of increased cyber risks.

Based on the two industry letters, regulated entities should expect NYDFS to focus enforcement and examinations on questions including:

• Risk assessments. Has the entity's most recent risk assessment been updated to reflect AI-driven exploit generation and supply-chain risk, and does the assessment drive concrete remediation actions?
• Vulnerability management timelines. Are vulnerability management timelines documented and risk-based, and have they been tightened to respond to AI's ability to exploit vulnerabilities rapidly? How are publicly available resources about exploited vulnerabilities incorporated into prioritization?
• System and network hardening. What measures have been taken to reduce the entity's attack surface in light of AI-related threats? Has the entity disabled unused ports and implemented network segmentation?
• AI-generated code. If the entity is using AI to develop or remediate code, what testing, validation, and human-oversight procedures apply before deployment to production?
• MFA hardening. Is MFA enrollment restricted to authorized processes with strong identity verification, and is phishing-resistant MFA in place for sensitive systems and privileged users?
• Third-party and downstream dependencies. How does the entity oversee service providers and other parts of its supply chain? Has the entity identified and documented critical third-party dependencies and risks?
• Logging and detection. Are logging and security alerting capabilities sufficient to identify the speed and scale of AI-accelerated attacks, and are alerts being timely reviewed and actioned?
• Resilience testing. Have backups been tested for integrity, immutability, and restorability, and have incident response and business continuity plans been exercised against the new and developing threat scenarios these letters describe?

+++

Michael Borgia and Max Bonici are both partners in DWT's Washington, D.C. office. For questions or more insights, please reach out to Mike, Max, or another member of our technology + privacy & security team and sign up for our alerts.