The New York State Department of Financial Services (DFS) sent a letter on Thursday urging regulated entities and people to take additional steps in light of what it calls a heightened threat environment, referencing the geopolitical landscape and the development of frontier AI models. 

DFS called on regulated entities, including banks and other financial services firms that do business in New York, to consider taking additional steps to protect their environments. 

The letter comes weeks after a preview of Anthropic’s Mythos AI tool raised significant concerns in the banking industry about the model’s unprecedented ability to uncover security vulnerabilities.

DFS regulates more than 3,000 financial institutions, including banks, credit unions, insurance companies and other entities. 

Researchers from Google Threat Intelligence Group earlier this month warned that threat groups used AI to develop a working zero-day exploit. 

Palo Alto Networks, one of the early participants in testing Mythos, warned that it might be only a few months before bad actors have their hands on such technology and be able to accelerate exploitation activity. 

New York Gov. Kathy Hochul signed legislation in December requiring AI developers to post information about their safety protocols and report security incidents within 72 hours. The state can bring civil penalties for failure to comply or for making false statements. The bill also created an oversight office within DFS.

DFS Acting Superintendent Kaitlin Asrow urged organizations to assess their environment before making decisions about which steps to take. 

Among the suggested measures, DFS called on entities to immediately identify and remediate known exploited vulnerabilities, disable unnecessary ports, test resilience measures and test the integrity of data backup systems.