NY| ELANY Bulletin No. 2024-22 summarizes the Department of Financial Services (DFS) guidance on addressing cybersecurity risks related to artificial intelligence (AI) for all DFS-regulated entities, including brokers. The bulletin urges covered entities to review risk assessments, update policies for AI threats, and enhance their cybersecurity controls and personnel training in response to emerging AI risks.
- Entities should regularly reassess cybersecurity procedures, particularly in response to new AI-driven threats, updating incident response and disaster recovery plans accordingly and ensuring third-party service providers (TPSPs) meet notification and security standards for AI risks.
- Authentication methods and cyber training must adapt, with a focus on resisting AI-driven deepfakes, enhancing biometric verification, and educating both general and specialized staff on AI-powered attacks and secure AI application usage.
- Organizations deploying AI or allowing its use must continuously monitor and inventory AI-enabled systems, control data access, block risky NPI queries, and leverage AI to strengthen cybersecurity defenses while training personnel on secure system design and use.