Skip to content
RiskTemplates · The Daily Brief Thursday, July 9, 2026
Wire CFPB's New Enforcement Principles: What the Bilt Case Tells You About How the Bureau Intends to Police Consumer Finance JUN 22

Feature AI Risk

NYDFS Put Every Regulated Entity on Notice About Frontier AI Cyber Risk — Here's What the May 21 Guidance Requires

On May 21, 2026, NYDFS issued two companion industry letters warning that frontier AI models will fundamentally change the speed and scale of cyberattacks against financial institutions. The guidance doesn't create new legal requirements, but it will be cited in exams. Here's what NYDFS expects and what to document.

By Rebecca Leung · June 29, 2026 ·
Table of Contents

TL;DR

  • On May 21, 2026, NYDFS issued two industry letters warning that frontier AI models will fundamentally change the speed and scale of cyberattacks — and directing regulated entities to strengthen their 23 NYCRR Part 500 programs now
  • The letters don’t create new legal requirements but will function as examination benchmarks — NYDFS will ask whether you considered and documented your response to each measure
  • The CISO advisory adds four AI-specific actions: faster vulnerability remediation cycles, third-party dependency mapping, human oversight of AI-generated code, and AI-speed logging/detection capabilities
  • The guidance applies to all NYDFS-regulated entities: banks, insurance companies, money transmitters, licensed lenders, mortgage servicers, and others subject to Part 500

Cybersecurity regulations have always had a gap: they describe what to build, not what’s attacking you. The May 21 NYDFS guidance is unusual because it does both. It identifies a specific class of threat — frontier AI models that can identify vulnerabilities and generate exploits at machine speed — and asks regulated entities to stress-test their Part 500 programs against that threat, now.

NYDFS isn’t the first regulator to issue AI cybersecurity guidance. But it may be the first to issue guidance specific enough that an examiner can use it as a checklist. That’s what makes the two May 21 letters worth reading carefully — not as regulatory noise, but as an advance copy of exam questions.


The Two Letters, Explained

NYDFS published both letters on the same date, and they function as companions. Reading one without the other misses context.

Letter 1: Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment

This letter applies broadly to all NYDFS-regulated entities. It defines a “heightened cybersecurity threat environment” as conditions where cybersecurity risks are significantly elevated above baseline — and it lists a structured menu of defensive measures entities should consider when those conditions exist.

The measures include:

  • Accelerated vulnerability scanning and shorter patching cycles
  • Enhanced monitoring and alerting for anomalous network activity
  • Increased verification thresholds for high-privilege access
  • Air-gapped backups and tested recovery procedures
  • Coordination with sector-specific information sharing organizations (FS-ISAC)
  • Supply chain and third-party dependency review focused on critical providers

The letter stops short of mandating any specific timeline or implementation — “consider” is the operative word. But the document is structured as a review framework, not a suggestion list. NYDFS is signaling that these aren’t aspirational best practices: they’re the defensive posture a regulated entity should be able to demonstrate when the threat environment is elevated.

Letter 2: Heightened Cybersecurity Risks Associated with Frontier AI Models

This one is addressed directly to CISOs and is narrower in scope but sharper in focus. NYDFS describes frontier AI models as capable of “amplify[ing] the potency, scale, and speed of identifying vulnerabilities and exploits in information systems.” The letter acknowledges these models aren’t yet broadly available — but says regulated entities should prepare now, before they are.

Four specific AI-related actions are expected:

1. Reassess vulnerability management timelines. Current patch cycles — typically 30/60/90 days for critical/high/medium findings — were designed around human-speed attack development. Frontier AI can compress the discovery-to-exploit timeline dramatically. If your patching SLAs haven’t been reviewed against an AI-speed threat model, they’re out of date.

2. Map and secure critical dependencies. This means identifying your critical third-party providers and downstream dependencies, and coordinating with them to understand whether their vulnerability management practices account for AI-enhanced threat actors. A vendor managing a critical system with a 90-day patch cycle is a gap in your exposure, not just theirs.

3. Apply human oversight to AI-generated code. If your development teams use AI code generation tools, the code they produce needs human review before production deployment. NYDFS is treating AI-generated code as an input that carries inherent verification risk — and the Part 500 secure development framework is the regulatory provision it maps to.

4. Evaluate logging and detection capacity at AI speed. If a frontier AI model can generate and deploy exploits faster than your SIEM can parse and alert, your detection controls have an effective blind spot. NYDFS expects entities to evaluate whether their detection architecture can scale to the attack cadence frontier AI enables.


Why Non-Binding Guidance Becomes Binding in Practice

The legal status of the May 21 letters is clear: they don’t amend 23 NYCRR Part 500. No new sections. No new definitions. No new filing requirements. An entity that didn’t read the letters is not in technical violation of any regulation.

But NYDFS examinations don’t work on technical violations alone. Part 500 requires covered entities to maintain a cybersecurity program that meets the regulation’s standards. Whether a program is “adequate” depends on context — including whether the entity reasonably considered the threat environment it operates in.

When NYDFS examiners ask “what did you do in response to our May 21 guidance?” and the answer is “nothing, because it wasn’t legally required,” that answer becomes part of the examination record. If the examiner then finds a gap in your vulnerability management process or AI code review practices, the failure to consider the guidance is evidence that the gap wasn’t the result of considered judgment — it was simply not on the radar.

NYDFS has followed this pattern before. The agency’s 2023 enforcement action against First American Financial — a $1 million penalty for Part 500 violations — cited the company’s failure to remediate a known vulnerability despite having the information available. Non-binding guidance doesn’t need to be violated for it to become relevant in enforcement: the question is whether the entity’s overall risk management posture reflects reasonable awareness of the threat landscape.


What Exams Will Test

Based on the structure of the two letters and NYDFS’s documented examination approach under Part 500, here’s what examiners are likely to probe:

AreaWhat the Guidance SaysWhat Examiners Will Ask
Vulnerability managementAccelerate timelines for critical findings; reassess against AI-speed threat modelWhen did you last review your patch SLAs? Were AI threat models part of that review?
Third-party dependenciesMap critical dependencies; coordinate on vulnerability managementDo you have an inventory of critical providers? Have you assessed their patch cadence?
AI-generated codeApply human review before production deploymentDo your developers use AI code generation? What’s your review process for that output?
Detection and loggingEvaluate whether capabilities can handle AI-speed attack cadenceHas your logging architecture been assessed against AI-enhanced threat scenarios?
DocumentationEvaluate measures and document reasoningWhere is your assessment of which measures you adopted or declined, and why?

The last row is the most important. What NYDFS guidance consistently requires, in examination practice, is that you show your work. Not just that you did something — but that you considered the specific measures the agency identified and made a reasoned decision about each.


Connecting to Your AI Risk Governance Program

The May 21 letters land in a specific moment. NYDFS-regulated entities spent much of 2025 and early 2026 building AI governance frameworks — model risk policies, vendor approval processes, internal AI use standards. Many of those frameworks focused on AI used by the regulated entity: the models in your products, the vendors you’re evaluating, the algorithms driving decisions.

The frontier AI advisory flips that frame: it’s about AI used against you. The threat actor has the model; your job is to harden your environment before the model makes their work faster than your defenses can absorb.

Your existing AI governance framework covers internal AI adoption risk, which is the lens most governance teams have been working with. The May 21 guidance adds an external threat dimension that belongs in your periodic risk assessment — specifically, the threat model that underlies your vulnerability management SLAs and detection architecture.

The AI vendor contract provisions guidance covers what to require from vendors who deliver AI-powered tools to your organization. Now extend that to your critical infrastructure vendors generally: if a vendor is operating systems you depend on, do they have vulnerability management SLAs that account for AI-speed exploitation? That’s the third-party dependency question the guidance is asking. Whether those contracts require incident notification and patch SLAs should be on the review list.

For the logging and detection piece, the AI audit trail requirements guidance is relevant — the question of whether your logging architecture can handle AI-speed events is the same question your AI audit trail needs to answer. If your event logging was designed around human-readable review, it may not be structured for the volume or speed that AI-generated attack traffic produces.


Practical Steps Before Your Next NYDFS Exam

Read both letters in full. Many regulated entities have reviewed summaries from counsel — not the original documents. The actual letters are at dfs.ny.gov and are several pages each. Treat them as exam prep material.

Document your review. Create a file — a memo, a risk committee submission, a board briefing — that notes the date your organization reviewed the guidance, which measures were assessed, and what decision was made for each. This is your paper trail if an examiner asks.

Run a gap assessment against your current Part 500 program. Map the specific measures in each letter to your current program. Where you’ve already got a practice that addresses the measure, document the mapping. Where you haven’t, assess whether adoption is appropriate and document the reasoning even if your answer is “not applicable.”

Update your risk assessment. Part 500 requires a risk assessment that supports your cybersecurity program design. If the threat model underlying that assessment predates AI-speed exploitation concerns, it needs an update. The guidance gives you the factual basis for that update — NYDFS is telling you what the threat looks like. Use it.

Engage your CISO now. The AI advisory is addressed specifically to CISOs. If your CISO hasn’t seen the letter, that’s a risk committee action item, not just an IT one. The four AI-specific recommendations require CISO-level evaluation of your vulnerability management architecture, logging capacity, and AI code development practices.

The AI Risk Assessment Template is designed for exactly this kind of structured assessment — evaluating your AI risk posture against a defined threat model. It covers both internal AI use and external AI-enabled threats, which maps directly to the two frames the NYDFS guidance introduces.


So What?

Frontier AI isn’t a compliance problem yet. It will be one, and NYDFS is telling regulated entities to prepare before it is. The two May 21 letters are the agency’s version of a warning shot: we see the threat, we’ve told you to prepare, and when exams happen, we’ll ask what you did with that warning.

The path forward isn’t complicated: read the guidance, document your review, close the gaps you can close now, and build the paper trail that shows your organization treated this as a risk management question rather than a box to check later. The entities that skip that step will be explaining themselves to examiners. The ones that do it will be handing over documentation.


Sources: NYDFS Industry Letter — Heightened Cybersecurity Risks Associated with Frontier AI Models (May 21, 2026) · NYDFS Industry Letter — Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment (May 21, 2026) · Greenberg Traurig — NYDFS Dual Guidance Analysis · Mayer Brown — NYDFS Frontier AI Letters · Davis Wright Tremaine — NYDFS Frontier AI Cyber Risk Guidance

◆ Need the working template?

Start with the source guide.

These answer-first guides summarize the required fields, evidence, and implementation steps behind the templates practitioners search for.

◆ Immaterial Findings · Weekly

Sharp risk & compliance insights. No fluff.

◆ FAQ

Frequently asked questions.

What are the two NYDFS industry letters issued May 21, 2026?
NYDFS published two companion letters: (1) 'Heightened Cybersecurity Risks Associated with Frontier AI Models' — an advisory directed at CISOs of regulated entities, warning that frontier AI models will significantly accelerate attack cadence and urging specific AI-related defensive measures; and (2) 'Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment' — broader guidance listing defensive actions applicable to all regulated entities when operating in a significantly elevated threat context.
Do the NYDFS frontier AI letters create new legal requirements?
No. The letters do not amend 23 NYCRR Part 500 or create new legal obligations. They are intended to inform regulated entities' existing risk management and compliance efforts under Part 500. However, NYDFS has a well-established pattern of publishing non-binding guidance that becomes the benchmark in examinations and enforcement — failure to consider and document the guidance's recommendations creates examination risk even absent formal requirements.
What is a 'frontier AI model' as NYDFS defines it?
NYDFS defines frontier AI models as AI models capable of 'amplify[ing] the potency, scale, and speed of identifying vulnerabilities and exploits in information systems.' The term describes highly capable AI systems that threat actors could use to discover and exploit vulnerabilities faster than conventional vulnerability management cycles can remediate them.
What four specific actions does the frontier AI advisory expect from CISOs?
The AI advisory directs CISOs to: (1) reassess vulnerability management timelines on the assumption that AI-discovered vulnerabilities will be exploited faster than current patching cycles address; (2) develop dependency maps identifying critical third-party and downstream dependencies, and coordinate with service providers on downstream risk; (3) apply additional testing and human oversight to AI-generated code before production deployment; and (4) evaluate whether existing logging, alerting, and detection capabilities can keep pace with AI-enabled attack speed and scale.
Which entities does the NYDFS guidance apply to?
The letters apply to all NYDFS-regulated entities — including licensed lenders, insurance companies, insurance producers, money transmitters, mortgage servicers, and certain banks — that are subject to 23 NYCRR Part 500. The CISO advisory is addressed specifically to CISOs of those entities.
What should a NYDFS-regulated entity do in response to the May 21 guidance?
At minimum: read both letters and document that your organization reviewed them; evaluate each recommended measure against your current 23 NYCRR Part 500 program; document your assessment of which measures you've adopted, which you've declined, and the rationale; and update your risk assessment to reflect the heightened threat environment NYDFS describes. Examiners will ask whether your organization considered these measures — you need a paper trail showing it did.
Rebecca Leung

Author

Rebecca Leung

Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.

◆ Related framework

AI Risk Assessment Template & Guide

Comprehensive AI model governance and risk assessment templates for financial services teams.

Immaterial Findings · Newsletter

The brief, in your inbox.

Enforcement of the week, a framework breakdown, and the prompts that are actually worth running. Delivered to your inbox. Free.