NYDFS issues dual advisories on ‘frontier AI’ cybersecurity risks and heightened threat preparedness | Orrick, Herrington & Sutcliffe LLP

Staff Editor 2026-06-01
NYDFS issues dual advisories on ‘frontier AI’ cybersecurity risks and heightened threat preparedness | Orrick, Herrington & Sutcliffe LLP

NYDFS issues dual advisories on ‘frontier AI’ cybersecurity risks and heightened threat preparedness | Orrick, Herrington & Sutcliffe LLP

https://www.jdsupra.com/legalnews/nydfs-issues-dual-advisories-on-5567241/

Publish Date: 2026-06-01 12:13:00

Source Domain: www.jdsupra.com

On May 21, NYDFS issued two industry letters addressing cybersecurity risks in a “heightened threat environment.” The first advisory warns regulated entities about heightened cybersecurity risks associated with advanced “frontier AI” models, which the department said “amplify the potency, scale, and speed of identifying vulnerabilities and exploits in information systems.” NYDFS urged regulated entities to improve their security posture in preparation for the potential broader availability of these models. The advisory recommends that regulated entities review and update risk assessments, consider replacing outdated or legacy information systems, and ensure full compliance with NYDFS’ Cybersecurity Regulation: 23 NYCRR Part 500 (Part 500). The advisory builds on AI-related cybersecurity guidance the department issued in October 2024 (previously covered by InfoBytes here). NYDFS specifically recommended that regulated entities consider: (i) expedited vulnerability management; (ii) coordinating with third-party service providers to secure “material” downstream dependencies; (iii) strengthening the security of programming practices, including human oversight for AI-generated code prior to deployment; and (iv) heightening monitoring to promptly identify and report suspicious activity.

In conjunction, NYDFS issued separate guidance on various measures beyond the minimum controls required under Part 500 that regulated entities should consider in a heightened cybersecurity threat environment, which the department defined as existing when “cybersecurity risks are significantly elevated and therefore have a high likelihood of impacting” information systems, nonpublic information, or operations. The guidance identifies best practices across three areas: (i) reducing the attack surface, including promptly remediating known exploited vulnerabilities, employing phishing-resistant multifactor authentication, and confirming secure programming…

Source

More Stories

Ashley Devoto Named Air Force CIO

Ashley Devoto Named Air Force CIO

Staff Editor 2026-06-05
A First Step to Unpacking Cyber, Deception, and Intelligence Contests

A First Step to Unpacking Cyber, Deception, and Intelligence Contests

Staff Editor 2026-06-05
Mythos rejuvenated cybersecurity. Earnings put the rally to the test

Mythos rejuvenated cybersecurity. Earnings put the rally to the test

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy