The NYDFS Industry Letter on AI cybersecurity is the practitioner document most often misread as a new rule. It is not. It is interpretive guidance — a clarification of how existing 23 NYCRR Part 500 obligations apply to AI-cyber risks. The distinction matters for what compliance and vendor-risk teams have to do this quarter — with tools that amplify your in-house expertise.
What the NYDFS Industry Letter is (and is not)
On 16 October 2024, Superintendent of Financial Services Adrienne A. Harris issued the Industry Letter on Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks. The letter is not a new regulation, and it is not an amendment to NYDFS Covered Entities' obligations under 23 NYCRR Part 500. It clarifies how the existing Cybersecurity Regulation applies in light of AI-specific threats and defensive opportunities.
Practitioner read: the letter does not add an item to your compliance backlog by itself. It does, however, push specific existing controls up the priority list — and it explicitly names defensive practices that NYDFS expects Covered Entities to consider. The letter is interpretive guidance with operational consequence, not a new rule with a compliance deadline.
Three AI-cyber threats NYDFS calls out
The letter names three AI-enabled threats Covered Entities should integrate into their risk assessment.
AI-enabled social engineering. Generative AI lowers the cost of producing convincing phishing emails, voice-cloned vishing calls, and personalised pretexting against named employees. The letter treats this as an evolution of an existing threat class — not a new category — and the expected defence is updated phishing-resistant training plus tighter authentication on sensitive workflows.
AI-enhanced cyberattacks. AI-assisted vulnerability discovery, code generation for malware, and automated reconnaissance shorten the attack timeline. The letter's framing is that AI compresses the time available to detect and respond, not that it changes the underlying defensive architecture.
Deepfakes against multi-factor authentication. This is the most operationally specific section. The letter directs NYDFS Covered Entities to avoid SMS, voice, and video factors as the sole second factor for high-risk transactions, because each of those channels is now demonstrably defeatable by widely available deepfake tooling. The practitioner read: revisit any MFA flow that uses one of those three factors as the only secondary check.
Five controls to evidence
The letter highlights five 23 NYCRR Part 500 control areas where AI integration has operational consequence. Each is already in your Part 500 programme; what changes is what you must evidence.
Risk assessments (Section 500.9). The annual risk assessment has to consider AI-enabled threats explicitly. A 2023-vintage risk assessment that does not mention AI is now out of date.
Third-party service provider security policy (Section 500.11). AI vendors are third parties. The diligence has to cover training-data provenance, inference-data handling, model-versioning notice, and incident-notification triggers. The standard ICT vendor questionnaire from 2022 covers none of these.
Access controls and identity management (Section 500.7). This is where the deepfake-MFA point lands. Avoid SMS, voice, and video factors as the sole second factor for high-risk transactions. Phishing-resistant factors — FIDO2 hardware keys, on-device biometric with secure enclave attestation — are the directional answer.
Cybersecurity awareness training (Section 500.14). Training has to include AI-specific social engineering. The annual phishing simulation needs to include voice-clone and deepfake video scenarios, not only email phishing.
Data governance and classification (Section 500.13). AI training data, fine-tuning data, and inference inputs are data the Covered Entity is responsible for classifying and protecting. The classification scheme has to accommodate model artefacts and prompt-input logs as data assets.
How this interacts with SR 26-2 and DORA
The same AI-cyber risk reads three ways depending on the regulator's lens. Under SR 26-2, if the AI is a statistical, financial, or economic model it sits in MRM scope — and if it is generative or agentic, it is carved out and routes to AI governance, technology and cyber risk, or third-party risk. Under DORA, if the AI vendor is an ICT third party to an EU-supervised entity, Article 28 third-party arrangements and ICT incident-reporting timelines apply. Under the NYDFS Industry Letter, the AI risk is read as a 23 NYCRR Part 500 cybersecurity matter — risk assessment, third-party diligence, access controls, training, data governance. One inventory, three lenses, no duplicated artefacts. Responsible AI Studio (RAIS) builds the AI Vendor Assessment that maps to all three.
Where to read the source material
- NYDFS Industry Letter on cybersecurity risks arising from AI (16 October 2024) — interpretive guidance under 23 NYCRR Part 500.
- Regulation (EU) 2022/2554 (DORA) — ICT third-party regime.
- SR 26-2 — Revised Guidance on Model Risk Management (17 April 2026) — US bank MRM modernisation.
Assess your AI vendor → /tools/vendor-assessment/for/financial-services
Qualified review still required. Outputs are AI-generated starting-point documents — not a substitute for qualified legal or compliance advice.