Frontier Model Guidance & AI Implementation Resources
As the AI landscape continues to quickly evolve, CRI has developed additional resources to assist firms in sound AI risk management practices. CRI will continue to add resources over time.
Overview
Artificial intelligence is rapidly transforming the financial services sector. At the same time, the emergence of increasingly capable frontier AI models is introducing new cybersecurity, operational resilience, governance, and third-party risk challenges.
To help financial institutions navigate this evolving landscape, the Cyber Risk Institute has developed a collection of implementation resources that translate AI risks, emerging threat scenarios, and governance expectations into practical actions aligned with existing cyber and technology risk management programs.
These resources are designed to complement the Financial Services AI Risk Management Framework (FS AI RMF) and CRI Profile and help organizations operationalize these frameworks in a scalable, risk-based manner.
Frontier Model Guidance
CRI Profile Mapping to FS-ISAC Sector Risk Advisory
As frontier AI models continue to advance, financial institutions face new challenges related to AI-enabled vulnerability discovery, exploitation, automation, and cyber-attacks. Organizations need practical approaches for evaluating how these emerging risks impact existing cybersecurity programs and defensive controls.
To support this effort, CRI has developed a mapping between the FS-ISAC Sector Risk Advisory on AI-Enabled Vulnerability Detection & Remediation and the CRI Profile.
What This Resource Provides:
- Maps FS-ISAC's AI-Enabled Vulnerability Detection & Remediation Sector Risk Advisory to CRI Profile Diagnostic Statements.
- Supports integrating frontier-model risks into existing cyber risk assessments, monitoring activities, and reporting processes.
AI Implementation Resources
FS AI RMF: A CISO & CTO Guide to Relevant Control Objectives—A User Guide & Mapping
As financial institutions advance the adoption of artificial intelligence, cybersecurity and IT leaders are increasingly evaluating how the Financial Services AI Risk Management Framework (FS AI RMF) aligns with their existing responsibilities and CRI Profile-based activities.
The FS AI RMF spans a broad range of enterprise AI governance and risk management domains, including areas beyond the traditional scope of cybersecurity and IT. To support practical adoption, CRI has developed a focused set of resources designed to help CISOs and CTOs identify where and how to engage.
What These Resources Provide
- Identifies 88 FS AI RMF Control Objectives where Cyber and IT teams have a primary or significant supporting role.
- Maps relevant FS AI RMF Control Objectives directly to CRI Profile Diagnostic Statements.
- Helps organizations extend existing CRI Profile-based activities rather than creating separate AI control structures.
- Reduces implementation friction by connecting AI risk management to existing cybersecurity and technology processes.
User Guide
The FS AI RMF: A CISO and CTO Guide to Relevant Control Objectives provides a structured overview of the Control Objectives most relevant to cybersecurity and IT organizations.
Mapping Document
The accompanying mapping document provides a detailed linkage between FS AI RMF Control Objectives and CRI Profile Diagnostic Statements.
){kind=icon}
Trusted Standards for Evolving Risks
Trusted Standards for Evolving Risks. The Cyber Risk Institute mission is to advance the development and harmonization of cybersecurity, technology, and AI risk management standards for the financial services industry.
As a not-for-profit standards development organization, CRI connects threats to mitigating controls and associated compliance to provide institutions with a comprehensive view of risk—from the server room to the boardroom.
We do this through our products – CRI Profile, Cloud Profile, and FS AI RMF – member engagement, and an ecosystem of globally known tool providers and consulting firms.