CBR issues AI security recommendations for finance
The Bank of Russia has published methodological recommendations to help financial institutions ensure information security when using artificial intelligence (AI) technologies. This is the regulator's first document systematising risks and describing cyberattack tactics against AI systems.
Human oversight for AI payments
The Bank of Russia's recommendations are the first from the regulator to systematise risks associated with AI adoption in finance.
They describe potential cyberattack tactics against AI systems and offer protection measures.
A key recommendation for critical business processes, especially payment transactions, is that a human employee must confirm the relevant operation.
This ensures an additional layer of security for high-risk AI-driven financial activities, mitigating potential vulnerabilities in automated systems.
Internal policies and vendor trust
Market participants are advised to develop their own threat models and information security policies specifically for AI.
The deputy head for information security is responsible for preparing these internal documents.
The recommendations also cover security for AI services from external vendors, noting that participation in a bug bounty programme by a vendor's AI model is highlighted as a factor that increases trust in that model, promoting secure third-party AI integration.