NYDFS Cybersecurity Regulation (AI)

The NYDFS Cybersecurity Regulation (Part 500) requires New York financial services companies to implement risk-based cybersecurity programs. AI agents that access systems covered by the regulation must be governed under the firm's cybersecurity program — with access controls, audit logging, and incident response plans that cover AI-specific threats.