As many businesses evaluate the risks and benefits of AI, so are lawmakers and regulatory agencies.  Among those are New York state, which Reuters reports recently issued its own guidance to financial institutions concerning the use of AI in the form of an “Industry Letter” issued by the Department of Financial Services.

While the guidance does not include any new requirements for financial institutions, it outlines how existing frameworks can be adapted to address AI risk in various areas. One such area is social engineering, where AI could be used to generate more sophisticated email and text phishing campaigns or even impersonate the voice or video image of a targeted person.  Other areas of note outlined by the letter include malware that could use AI to evade detection from endpoint security software, supply chain attacks and the general lower barrier to entry AI offers criminals when attempting to execute an attack.

The threats posed by AI may be significant, but New York’s decision to not include new requirements with its guidance can be seen as a good sign: For organizations that already have a robust security posture, adapting to AI risk probably won’t require major changes to policies or procedures.

All is not negative when it comes to AI however, as the guidance points out potentially beneficial uses of AI such as its ability to sift through large amounts of data quickly.  This could prove useful when it comes to analyzing user behavior, identifying suspicious entries in log files and detecting anomalies.

Regardless of whether AI is a friend or a foe one thing is certain: while New York may be among the first to issue such guidance, they won’t be the last.