Executive Summary
Operations teams at Cybersecurity firms working across international jurisdictions regularly consult the CPMI-IOSCO 2016 Guidance on Cyber Resilience for Financial Market Infrastructures when mapping internal security frameworks, scoping incident response obligations, and advising clients on regulatory expectations. Across the three questions we tested on this regulation, AI assistants produced a wrong answer every time. The failures share a consistent shape: AI tools converted genuine regulatory uncertainty into confident affirmative claims, asserting explicit cross-references and levels of operational detail that the document does not actually contain.
For an Operations function whose work product routinely feeds compliance documentation, supplier assessments, and internal policy, that pattern of confident overreach carries direct liability.
How AI gets this regulation wrong
Every failure on this regulation followed the same pattern: AI assistants answered confidently, then — when pressed — acknowledged they could not actually verify the claim from the document's text. In each case the AI converted an open question or a structural resemblance into an affirmative factual assertion, inventing explicit framework citations and overstating the document's operational specificity rather than flagging what the guidance does and does not say.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Exposed Fabrication | 3 | Finding#1 · Finding#2 · Finding#3 |
What that means for your team
For an Operations team at a Cybersecurity firm, the dominant consequence of these failures is the same in every finding: a wrong deliverable reaches a downstream process before the error is caught. Compliance mapping built on a fabricated framework citation, incident response plans that assume the 2016 guidance is more prescriptive than it is, and regulatory gap analyses that miss a materially relevant successor document all represent work-product that must be rebuilt — at cost — once the error surfaces.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 3 | Finding#1 · Finding#2 · Finding#3 |
When this affects your department
Operations teams at Cybersecurity firms in international jurisdictions engage with the CPMI-IOSCO 2016 Cyber Resilience Guidance in two recurring contexts. The first is framework mapping: when a firm or its clients operate infrastructure that interfaces with financial market infrastructure — clearinghouses, payment systems, trade repositories — the Operations team is often asked to confirm which industry frameworks the regulatory expectation maps to, whether NIST CSF controls satisfy the guidance's requirements, and whether ISO 27001 or COBIT provides adequate coverage.
The second is incident response scoping: firms drafting or reviewing cyber incident response and recovery procedures reference this guidance to set the bar for what regulators expect, and Operations is routinely involved in translating those expectations into internal runbooks and third-party service requirements.
In both contexts, an AI tool that produces a confident but wrong answer creates downstream harm before the error is detected. If an Operations analyst is told that the 2016 guidance explicitly cross-references NIST CSF, a compliance mapping exercise may proceed on the assumption that NIST CSF alignment satisfies the regulatory expectation without further checking — and the gap may not surface until an examination or an incident.
If the analyst is told that the 2016 document already provides the detailed operational expectations for incident response and recovery, the firm may not identify that a materially relevant later document — the FSB 2020 guidance — closes gaps the 2016 text leaves open. Both errors result in a deliverable that misrepresents the regulatory landscape.
For Cybersecurity firms operating across multiple international jurisdictions, the regulatory-mapping risk is compounded: a single flawed framework-alignment document can propagate through multiple client-facing deliverables, supplier due-diligence questionnaires, and internal policy annexes before the underlying error is discovered. Correction at that stage requires a sweep across all documents that relied on the original output — a remediation cost that is typically invisible until it arrives.
The findings at a glance
The table below summarises each finding on this regulation — the question area, the type of AI failure, and the risk category it creates for an Operations team at a Cybersecurity firm.
Aggregate impact
All three findings on this regulation cluster around two specific operational questions: whether the 2016 guidance formally cross-references NIST CSF (Findings 1 and 2), and whether the document provides detailed operational expectations for incident response and recovery (Finding 3). In each case the AI's failure mode was the same — it treated uncertainty or structural resemblance as confirmed fact and delivered a confident answer that overstated what the text actually establishes. Two AI tools independently produced fabricated NIST citations on the same question, suggesting this is not an isolated error but a systematic tendency when the question touches framework provenance.
The practical consequence for Operations teams is concentrated in framework-mapping and gap-analysis work. If the 2016 guidance's relationship to NIST CSF is treated as explicit rather than structurally analogous, a compliance mapping exercise may close gaps prematurely and leave the firm exposed to a different regulatory interpretation during an examination. If the document's level of operational detail for incident response is overstated, the firm may not identify and adopt the FSB 2020 guidance — a materially relevant document — until after a gap has already propagated into an incident response plan, a client deliverable, or a regulatory submission.
For Cybersecurity firms operating across international jurisdictions, the systemic risk is amplification. Regulatory-mapping deliverables tend to be shared across offices, embedded in policy templates, and referenced repeatedly over time. A single wrong answer on framework alignment or document scope — particularly one that carries the apparent authority of an AI tool — can seed errors across multiple downstream processes before any individual error is caught. The correction cost at that point is not a single fix; it is a sweep.
What your team should do
The default position for Operations teams using AI tools on this regulation should be: treat any AI claim about what the 2016 guidance explicitly cites, formally endorses, or prescribes in operational detail as unverified until confirmed against the document text. This applies specifically to framework cross-references — AI tools have a demonstrated tendency to assert explicit NIST CSF citations that are not present in the text — and to claims about the document's operational prescriptiveness in areas like incident response, where a later document exists that extends the 2016 guidance materially.
The practical safeguard is a two-step check on any AI-generated regulatory-mapping output. First, verify the specific claim type: if AI asserts that the guidance "explicitly references" or "was developed in awareness of" a named framework, find the verbatim passage in the guidance text before it enters a deliverable. If no passage exists, the correct representation is structural similarity — not a formal endorsement.
Second, run a document-version check on scope claims: for any area where AI characterises the 2016 guidance as providing "detailed" or "specific" expectations, confirm whether a later document from a related body — in this case the FSB 2020 Cyber Incident Response and Recovery guidance — addresses the same area at a different level of depth, and ensure both documents are represented in the firm's analysis.
AI tools are useful on this regulation for summarising the five guidance categories and their broad intent, for generating initial checklists of topic areas to cover, and for drafting background sections that do not depend on precise framework attribution. They are not safe to use without verification for cross-framework mapping, document-scope characterisation, or any output that will be cited in a regulatory submission, client deliverable, or compliance attestation.
How RLB Can Help
RegLeg's published Hallucination Research is available free of charge as a pre-flight reference for Operations teams at cybersecurity firms. Before relying on AI tool output to answer a regulatory question — whether on incident reporting timelines, cross-border notification obligations, or third-party risk requirements — the research lets your team check whether that regulatory area has already produced documented AI failures. A known failure pattern in a specific domain is a signal to apply additional human review before acting on AI-generated guidance, not after.
For firms that want to go further, RegLeg offers bespoke regulator deep-dives scoped to the cybersecurity sector's Operations function. These engagements map AI-supported workflows — threat intelligence interpretation, regulatory horizon scanning, breach-reporting drafting, vendor due-diligence review — against the hallucination failure modes most prevalent in the relevant regulatory corpus. The output is a prioritised exposure register your Operations leadership can use to decide where AI assistance is low-risk, where it requires a verification step, and where human-only review remains the appropriate standard.
RegLeg also provides confidential review of your firm's existing AI-use policy, benchmarked against our failure-mode catalogue. Where gaps or misalignments are identified, we produce a prioritised remediation note your team can act on directly. Alongside this, we can supply training materials and CPD-aligned content — tailored to Operations staff rather than legal or compliance specialists — so that the practical lessons from RegLeg's research become part of how your team works day to day, not a one-off briefing.