Recently, NYDFS issued guidance on cybersecurity risks with AI and strategies to combat these risks. The guidance helps entities understand and mitigate AI-related cybersecurity threats but does not impose new requirements beyond those in the existing cybersecurity regulations (23 NYCRR Part 500). NYDFS’s guidance highlighted several key risks, including AI-enabled social engineering, AI-enhanced cyberattacks, and vulnerabilities due to third-party dependencies.
Among other suggested cyber defense strategies, the guidance emphasized the importance of implementing multifactor authentication (MFA) to enhance security. By November 2025, MFA will be required for all authorized users accessing information systems. NYDFS recommended using authentication factors resistant to AI-manipulated deepfakes, such as digital-based certificates and physical security keys and moving away from less secure methods like SMS text.
