May 282026

New York Department of Financial Services Issues Coordinated Guidance on Frontier AI Cybersecurity Risks

David Lashway, Jennifer B. Seale and Sasha Hondagneu-Messner
, , , ,

On May 21, 2026, the New York State Department of Financial Services (“DFS”) issued two coordinated Industry Letters: a letter on Heightened Cybersecurity Risks Associated with Frontier AI Models (the “AI Advisory”) and accompanying Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment (the “Guidance,” and together, the “May 2026 Publications”). The AI Advisory builds on DFS’s October 2024 guidance on cybersecurity risks arising from AI, but is narrower in focus. Specifically, it addresses frontier models that may materially increase the speed and effectiveness of vulnerability discovery and exploitation.

The May 2026 Publications are not new rulemaking — both Industry Letters explicitly state so — but they are meaningful supervisory guidance: DFS identifies frontier AI Models as a technological development that may materially change the threat environment and instructs covered entities to evaluate whether their existing Part 500 programs remain adequate in light of that changed risk. The publications merit attention from DFS-regulated entities because they identify a specific class of emerging technology that DFS views as material to cybersecurity risk management under Part 500. That attention is warranted not only because the May 2026 Publications identify risks DFS views as material under Part 500, but also because DFS has cited prior Industry Letters in Part 500 consent orders, underscoring that such guidance can have practical supervisory and enforcement significance.

The Risk DFS Has Identified

The AI Advisory concerns “certain frontier artificial intelligence models that amplify the potency, scale, and speed of identifying vulnerabilities and exploits in information systems” (“Frontier AI Models”). The Guidance states that “technological developments that materially change cybersecurity risks, such as the release of frontier AI models, may result in a heightened threat environment and warrant stronger defensive measures and increased vigilance.” A heightened threat environment is defined as one in which “cybersecurity risks are significantly elevated and therefore have a high likelihood of impacting Information Systems, Nonpublic Information or operations.”

DFS notes that while “certain Frontier AI Models are not yet broadly available, such capabilities may become more available soon.” The AI Advisory urges regulated entities to “improve their security posture in preparation for the release of these Frontier AI Models” and identifies specific measures organizations should consider.

DFS Identified Measures

The AI Advisory recommends regulated entities “review and update risk assessments to reflect the evolving risks posed by this new technology” and “consider the measures outlined in Sections 1, 2, and 3.2 of the Guidance.” The Guidance states that its measures are “a non-exhaustive list of best practices Regulated Entities should consider incorporating into their existing cybersecurity program, to the extent not already required and implemented.” The AI Advisory then identifies four specific areas of focus:

  • Expedited vulnerability management. Guidance Section 1.1 recommends regulated entities “[e]xpeditiously identify and remediate known exploited vulnerabilities in firmware, hardware, and software, especially for Information Systems exposed to the Internet.” The AI Advisory adds that regulated entities “should reassess their procedures for evaluating the criticality and threat of known vulnerabilities and should review vulnerability management timelines to determine whether accelerated detection and remediation processes are necessary.”
  • Programming practices, including for AI-generated code. Guidance Sections 1.8 and 1.9 recommend confirmation that secure programming practices are used and that inputs are validated. The AI Advisory adds that this “may include additional testing and validation procedures, including human oversight, for AI-generated code prior to deployment in production environments.”
  • Third-party service provider coordination. Guidance Sections 2.5 and 2.6 recommend monitoring and validation of third-party code and engagement with critical third-party service providers, and Section 2.3 recommends reviewing relevant threat intelligence. The AI Advisory adds that regulated entities “should develop and maintain dependency maps, and coordinate with critical third-party service providers and material downstream providers to address significant vulnerabilities and operational risks.” This aligns with DFS’ October 21, 2025 industry letter on how covered entities should manage cybersecurity risks arising from Third-Party Service Providers (see here for Sidley’s blog post).
  • Heightened monitoring and operational resilience. Guidance Section 2.2 recommends suspicious activity be promptly flagged and addressed, and the AI Advisory recommends that covered entities evaluate whether their existing logging and alert capabilities are “sufficient to address heightened threats.” Guidance Section 3.2 recommends review and testing of threat-relevant operational resilience procedures, which the AI Advisory notes “may require more frequent use as AI-enabled cyber capabilities evolve.”

Alignment With Existing Part 500 Requirements

Each of the suggested areas maps to an existing Part 500 obligation. The May 2026 Publications do not create new requirements; they identify how DFS views existing Part 500 obligations as applied in the frontier AI threat environment. Specifically:

  • Vulnerability management connects to Section 500.5, which already requires covered entities to develop and implement written policies and procedures for vulnerability management designed to assess and maintain the effectiveness of the cybersecurity program, and to “timely remediate vulnerabilities, giving priority to vulnerabilities based on the risk they pose to the covered entity.”
  • Programming practices connect to Section 500.8, which already requires “written procedures, guidelines and standards designed to ensure the use of secure development practices for in-house developed applications utilized by the covered entity, and procedures for evaluating, assessing or testing the security of externally developed applications.”
  • Third-party oversight connects to Section 500.11, which already requires “written policies and procedures designed to ensure the security of information systems and nonpublic information that are accessible to, or held by, third-party service providers,” based on the covered entity’s risk assessment.
  • Monitoring and operational resilience connect to Section 500.14(a), which already requires risk-based monitoring controls to detect unauthorized access, and to Section 500.16(d), which already requires annual testing of incident response and business continuity plans “with all staff and management critical to the response,” and revision as necessary.

Concluding Point: Risk Assessment Drives the Program

The linkages above all flow from Part 500’s requirement under Sections 500.2(b) and 500.3 for a cybersecurity program, including its policies and procedures, to be based on the covered entity’s risk assessment. Section 500.9(a) requires a covered entity’s risk assessment to “be reviewed and updated as reasonably necessary, but at a minimum annually, and whenever a change in the business or technology causes a material change to the covered entity’s cyber risk,” and to “allow for revision of controls to respond to technological developments and evolving threats.”

Critically, in assessing public comments to the Part 500 amendments in 2023, DFS declined to add a separate AI section to Part 500, but stated that covered entities are expected to account for AI-related cybersecurity risks in their risk assessments and cybersecurity programs. The AI Advisory states that covered entities should update risk assessments to address Frontier AI Models and “determine whether accelerated detection and remediation processes are necessary based on updated Risk Assessments,” and the Guidance reiterates that “Regulated Entities should assess the specific cybersecurity threat, their Information Systems, supply chain dependencies and usage, as well as sector-specific risks” in determining when and which additional security controls to employ.

The May 2026 Publications trace a familiar Part 500 regulatory chain: DFS identifies a class of technological development that may materially change cybersecurity risk; under Section 500.9(a), regulated entities’ risk assessments should account for that development, and under Section 500.2(b), the program should be updated to reflect the risks the revised assessment identifies. The specific Guidance recommendations are inputs to that analysis, not separate requirements. Although the May 2026 Publications do not constitute new rulemaking, they warrant close attention from DFS covered entities because they signal that DFS views frontier AI models as a material cybersecurity risk under Part 500 and, as prior consent orders show, DFS may give Industry Letters practical supervisory and enforcement significance.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

David Lashway

Washington D.C.

dlashway@sidley.com

Jennifer B. Seale

Washington, D.C.

jseale@sidley.com

Sasha Hondagneu-Messner

New York

shondagneumessner@sidley.com

You might also like
Chambers 2026 Global Practice Guide for Artificial Intelligence

The Chambers 2026 Global Practice Guide for Artificial Intelligence provides the latest legal information on the rapidly evolving AI landscape, covering the commercial use of AI across key industries, AI-specific legislation and regulation, government and regulatory oversight, generative AI, agentic AI systems and autonomous decision-making, liability, procurement and supply chain accountability, employment, IP, data protection, antitrust, cybersecurity, ESG, and AI governance and compliance.

U.S. SEC Regulation S-P: Compliance Deadline Approaching for Smaller Entities

The U.S. Securities and Exchange Commission has issued amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, which became effective on August 2, 2024 (the Final Amendments). For smaller entities, including registered investment advisers with less than $1.5 billion in assets under management, as well as certain broker-dealers and other SEC-regulated entities, the compliance deadline is June 3, 2026. The compliance deadline for larger entities was December 3, 2025. For a full list of entities required to comply, please see June 4, 2024 Sidley Update.

European Biotech Act I: Navigating the EDPB/EDPS Vision for the Future of Clinical Trials

On 12 March 2026, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a Joint Opinion (the “Joint Opinion”) on the proposed European Biotech Act I (the “Biotech Act”). The Joint Opinion broadly supports the EU’s ambition to strengthen its biotechnology sector. However, it emphasises that data protection safeguards must be tightened, particularly where health data is involved. The recommendations signal forthcoming scrutiny during the legislative process and highlight key compliance considerations for organisations involved in clinical trials.