The article outlines the NYDFS’s October 16, 2024 Industry Letter, which leverages existing 23 NYCRR Part 500 frameworks to guide financial institutions on managing cybersecurity risks tied to AI—including deepfake-enabled social engineering, third-party vendor risk, and AI-as-threat vector. It emphasizes how firms should integrate AI-specific controls—like deepfake-resistant MFA, annual AI‑risk assessments, vendor due‑diligence, and AI‑awareness training—without introducing new regulations . Legal professionals and compliance teams will find this essential for updating governance frameworks, tightening vendor contracts, and ensuring regulatory adherence. Click through for a practical roadmap on aligning your cybersecurity programs with evolving AI‑driven threats.