United States of America: Adopted DFS guide on cybersecurity risks arising from artificial intelligence and strategies to combat related risks

On 16 October 2024, the New York State Department of Financial Services (DFS) published a guideline on the cybersecurity risks associated with artificial intelligence (AI). The guideline clarifies how existing frameworks under the Cybersecurity Regulation (23 NYCRR Part 500) should be applied to manage AI-related risks. It addresses the dual nature of AI in cybersecurity, highlighting both the threats and opportunities AI presents, from AI-enabled social engineering and enhanced cyberattacks to the theft of vast amounts of non-public information and vulnerabilities in third-party and supply chain dependencies. The guidance also outlines controls and measures to mitigate these risks, highlighting the importance of risk assessments, third-party service provider management, access controls, cybersecurity training, monitoring, and data management.