Operational resilience group publishes frontier AI guidance

The Cross Market Operational Resilience Group (CMORG) has published its Firm Guidance for Frontier AI, consolidating a range of industry and public authority commentary on frontier AI models.

These models – defined by the National Cyber Security Centre as the most advanced AI systems in developments – sit at the forefront of what technology can currently due, performing complex tasks which might generate benefits as well as risks to cyber security. The report warns that certain models are compressing the time between vulnerability discovery and exploitation, allowing threat actors to operate at a greater speed and scale that previously possible.

The report acknowledges potential long-term defensive benefits, but cautions financial institutions to adapt in order to maintain resilience in an environment where the pace, volume and sophistication of cyber developments are increasing faster than existing defensive models were designed to protect against.

CMORG sets out the following best practice controls for financial institutions:

Governance and leadership

• Establish clear executive ownership, ensuring governance and oversight are evidence-led, with AI-linked security risks in the risk register;
• Update risk appetite frameworks to reflect AI-drive disruption, including explicit support for rapid remediation decisions and associated trade-offs between resilience and service availability;
• Strengthen critical risk metrics; and
• Strengthen leadership capability through targeted executive education.

Operating model shift

• Operate cyber and technology functions at increased speed and scale, reducing timelines to match AI-driven attack dynamics;
• Embed Development, Security and Operations to ensure vulnerabilities are identified and remediated as soon as possible;
• Align vulnerability remediation, incident response and change management; and
• Evolve assurance from periodic assessments to continuous evaluation.

Protecting the organisation

• Maintain comprehensive visibility of internet-facing assets, identities, AI systems, third-party integrations and business service dependencies, with clear ownership and accountability;
• Reduce exposure by eliminating unnecessary services, restricting privilege and remediating misconfigurations;
• Govern AI on the basis that it operates with privileged access;
• Design for containment and least privilege;
• Strengthen real-time detection and response; and
• Continuously evolve architecture and reduce fragility by iterating controls in line with accelerating threat conditions and elimination or isolating legacy and unsupported technologies.

Preparing to respond quickly

• Ensuring core monitoring coverage across key systems and that front-line analysts are appropriately trained to assess significance and severity of detections;
• Use AI to support analysts, with appropriate access controls and human oversight
• Explore how to automatic initial incident response and containment;
• Set risk-based remediation targets;
• Agree emergency remediation pathways in advance and apply compensating controls where immediate patching is not possible;
• Report exposure and remediation outcomes;
• Maintain visibility and control over third party and open-source dependencies;
• Use automatic and AI to reduce organisational latency; and
• Design automatic and AI agents to ‘fail safely’, and monitor for unsafe or unexpected behaviour.

Working collectively

• Maintain visibility of critical suppliers and dependencies and strengthen contractual and operational expectations;
• Engage early with vendors or sector partners;
• Plan for large-scale coordinated patching and contingency activities across interconnected systems; and
• Participate in trusted sector collaboration and intelligence sharing.