On October 16, the New York State Department of Financial Services (NY DFS) issued an industry letter to entities regulated by NY DFS (covered entities) providing guidance addressing the cybersecurity risks associated with the use of artificial intelligence (AI). The guidance purportedly aims to assist covered entities in understanding and assessing cybersecurity risks associated with threats arising from the use of AI by cybercriminals and the controls that may be used to mitigate those risks. The NY DFS emphasizes that this new guidance does not impose any new requirements on covered entities, but rather it provides an outline for meeting existing compliance obligations under the NY DFS Cybersecurity Regulation, 23 NYCRR Part 500, in light of the advancements in AI technology.
