Home » Cybersecurity » NYDFS to Financial Sector: AI Is No Longer Just an Innovation Risk. It Is a Cyber, Vendor, Consumer Protection and Governance Risk

NYDFS to Financial Sector: AI Is No Longer Just an Innovation Risk. It Is a Cyber, Vendor, Consumer Protection and Governance Risk

by Mark Rasch on May 25, 2026

We all know that AI presents risks. The New York Department of Financial Services (DFS) issued an advisory warning on May 21, 2026, advising regulated entities about “heightened cybersecurity risks associated with certain frontier artificial intelligence models” that may “amplify the potency, scale, and speed of identifying vulnerabilities and exploits in information systems.” N.Y. Dept of Fin. Servs. Industry Letter: Heightened Cybersecurity Risks Associated with Frontier AI Models (May 21, 2026). DFS emphasized that the advisory does not impose new requirements, but urges regulated entities to improve their security posture before these frontier capabilities become broadly available.

That formulation matters. DFS is not saying, “AI may someday become relevant to cybersecurity.” It is saying that the capability curve itself changes the reasonableness analysis under existing law. The regulator is telling banks, insurers, virtual currency companies, money transmitters, mortgage companies, and other covered entities that the attacker’s clock is accelerating. When attackers can use frontier models to identify vulnerabilities, generate exploit paths, modify malware, assist reconnaissance, and automate social engineering, compliance programs built around human-speed risk assumptions become stale.

The May 2026 advisory expressly directs entities back to 23 N.Y.C.R.R. Part 500, DFS’s Cybersecurity Regulation. See Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. pt. 500, which is the DFS’s general regulation about cybersecurity risks, including the requirements for risk assessments, cybersecurity programs, vulnerability management, access controls, incident response, business continuity, third-party service-provider oversight, governance, and CISO reporting. DFS points out the need to reassess these programs in light of the unique new risks associated with AI.

The text is DFS guidance on cybersecurity risks created or amplified by artificial intelligence, notes that AI does not create an entirely new cyber-risk category so much as it increases the speed, scale, realism, and accessibility of existing threats. DFS identifies these risks as:

AI-enabled social engineering
AI-enhanced cyberattacks
Concentration of nonpublic information
Biometric-data exposure
Third-party or supply-chain dependencies

AI Social Engineering

DFS treats AI-enabled social engineering as one of the most significant threats to the financial sector. AI allows threat actors to generate highly personalized phishing, vishing, smishing, videoconference, text, audio, and video deepfakes. These attacks may induce employees to disclose credentials or other sensitive information, authorize fraudulent transfers, or allow attackers to bypass identity verification systems by mimicking a person’s voice, image, or biometric characteristics.

AI-Powered/Enhanced Cyberattacks

The guidance also emphasizes AI-enhanced cyberattacks. Because AI can rapidly scan large data sets, identify vulnerabilities, support reconnaissance, assist malware deployment, and generate or modify malware variants, it can increase the potency, scale, and speed of attacks. DFS is especially concerned that publicly available AI tools may lower the technical barrier to entry, enabling less sophisticated actors to launch attacks that previously required greater expertise.

AI Attacks on Datasets

DFS separately warns that AI systems often require large volumes of data, including nonpublic information, making entities that develop or deploy AI more attractive targets. Biometric data is treated as particularly sensitive because, once stolen, it may be used to impersonate users, bypass authentication, or generate convincing deepfakes. The guidance, therefore, links AI risk directly to data minimization, data inventories, biometric protection, and controls over systems that collect, store, process, or rely on AI-related data.

Supply Chain and Vendor Risks

A major theme is third-party and supply-chain risk. DFS warns that AI tools often depend on vendors, third-party service providers, and data suppliers, each of which may introduce vulnerabilities. A compromise at any point in the AI supply chain could expose a covered entity’s nonpublic information or become a gateway for broader attacks. DFS therefore urges entities to evaluate vendors’ own AI-related risks, require contractual protections, demand timely notice of cybersecurity events, and impose enhanced privacy, security, and confidentiality obligations where AI vendors handle sensitive data.

Apply the Framework

The recommended controls are framed as applications of the existing Cybersecurity Regulation. DFS expects risk assessments to account for AI-related threats, including the entity’s own AI use, vendors’ AI use, deepfakes, AI-enabled attack paths, and AI systems that could affect confidentiality, integrity, or availability. Those assessments must be updated at least annually and whenever business or technology changes materially alter cyber risk. Incident response, business continuity, and disaster recovery plans should also be designed and tested against AI-related events.

The guidance places particular weight on governance. Senior leadership and the senior governing body must understand AI-related cybersecurity risks, oversee risk management, and receive management reports that address those risks. DFS is effectively saying that AI cyber risk is not merely a technical matter for the security team; it is a board-level and senior-management oversight issue.

Authenticate, Authenticate, Authenticate

DFS also stresses access controls, especially MFA. It notes that some authentication methods are more vulnerable to AI-enabled attacks than others. Entities should consider avoiding SMS, voice, or video-based authentication where deepfakes could defeat the control, and should consider stronger methods such as digital certificates, physical security keys, liveness detection, texture analysis, or multimodal biometrics. Access privileges should be limited to what users need, reviewed at least annually, terminated promptly when no longer needed, and constrained for remote access.

Education

Training is another required control. DFS expects all personnel, including senior executives and governing-body members, to understand AI-related threats and the organization’s mitigation procedures. Cybersecurity personnel should receive more specialized training on how AI is used in social engineering, malware, reconnaissance, and defensive cybersecurity. Employees who use AI tools should be trained not to disclose nonpublic information in prompts or queries. DFS also recommends simulated phishing and deepfake impersonation exercises.

Data Management

Finally, DFS highlights monitoring and data management. Covered entities should monitor user activity, email, web traffic, vulnerabilities, and unusual AI-query behavior that could indicate attempts to extract or expose nonpublic information. They should also minimize retained data, dispose of nonpublic information that is no longer needed, maintain data inventories, identify systems that use or rely on AI, and prioritize protections for AI-related systems that are critical to business operations.

In practical terms, the guidance says regulated entities should treat AI as a force multiplier for cyber risk. The legal and compliance implications are that existing Part 500 obligations must now be interpreted through an AI-aware risk lens: Risk assessments, vendor oversight, access controls, training, monitoring, incident response, and data governance all must account for how AI changes both attacker capability and the entity’s own exposure.

So essentially, DFS’s message in the era of AI is “keep doing what you were doing (well, you WERE doing it, right?) but do it better. And hey…. Let’s be careful out there.