AISS · FINANCIAL SERVICES BUNDLE
AI Security for FinServ AI
AISS applied to financial-services AI: NYDFS Part 500, DORA, SR 11-7, FINRA, and SEC Marketing Rule — translated into 10 ATLAS threat scenarios and the AISS sub-controls that mitigate each. The open standard, made concrete for regulated FinServ AI.
FinServ AI is a Distinct Discipline
Financial-services AI sits at the intersection of three accelerating pressures: high-value targets (every model touches money, MNPI, or customer-PII), commoditized attacker tooling (adversarial-input crafting and model-extraction services are openly sold), and a regulatory regime that punishes both breach and failure-to-anticipate (FINRA, SEC, OCC, state banking regulators, NYDFS Part 500, EU DORA).
A generic AI security framework treats the LLM in a trading chatbot the same as the LLM in an HR system. FinServ AI is not the same. AC-2 model inventory aligns to SR 11-7 tiering. AC-3 data handling aligns to NYDFS §500.13 and DORA Article 5. AC-10 robustness aligns to OCC model-risk-management ongoing-monitoring expectations. The AISS FinServ bundle is what the standard looks like when those alignments are made explicit.
WHAT'S IN THE BUNDLE
Three Artifacts, One Auditable Story
FinServ AI Threat Profile
10 MITRE ATLAS techniques curated against the FinServ-AI threat surface — fraud-detection evasion, trading-model extraction, supply-chain compromise of underwriting models, agentic back-office credential harvesting — each mapped to AISS sub-controls.
Cyber-Insurance Underwriting Crosswalk
AISS controls mapped to the typical cyber-insurance underwriting questions carriers ask of FinServ orgs adopting AI in 2025-2026. Submitable evidence package for the AI section of FinServ cyber applications.
AISS Spec & 10 Control Domains
The open standard underlying every assessment. 10 domains, 56 sub-controls, 9 framework crosswalks (NIST AI RMF, NIST CSF, ISO 27001, OWASP LLM Top 10, MITRE ATLAS, EU AI Act, Colorado AI Act). CC-BY-4.0.
PRIORITY CONTROLS
AISS Sub-Controls That Matter Most for FinServ AI
The full AISS standard has 56 sub-controls. These eight are the ones FinServ deployments fail most often — and the ones cyber-insurance carriers, supervisors, and auditors ask about most directly.
Material-model inventory with validation cadence
SR 11-7 tiers material models for enhanced governance. AISS AC-2.5 mandates inventory + validation cadence for high-tier AI used in trading, underwriting, fraud, or AML workflows.
Data-minimization at the model layer (MNPI / customer PII)
Insider-trading surveillance and customer-PII protection apply at the AI prompt/output layer, not just the surrounding application. AC-3.4 forces the boundary into the model layer.
API + inference-endpoint protection
Proprietary FinServ models are competitive IP. Inference-API access without rate-limiting + anomaly detection enables model-extraction attacks. AC-4.2 governs the controls that prevent it.
AI-specific vendor contract terms (DORA critical-ICT scope)
AI vendor contracts need AI-specific training-data, output-indemnity, and model-change-notification terms. DORA-scoped institutions must additionally classify some AI providers as critical ICT third-party providers.
Output validation before customer or regulatory communication
AI-generated customer communications fall under FINRA Rule 2210 + SEC Marketing Rule. Hallucinated pricing, regulatory citations, or product claims create immediate compliance liability.
AI usage logging at 6-year retention (FINRA 4511 / SEC 17a-4)
AI tool usage logs are records under FINRA 4511 and SEC 17a-4. AC-8.2 mandates retention + tamper-protection at the same level as production data.
Adversarial robustness for fraud / AML / trading models
Adversarial-evasion services are openly sold against fraud-detection and AML-monitoring models. AC-10.1 mandates documented robustness testing on a recurring cadence.
Agentic AI action authorization + circuit-breakers
Agentic FinServ workflows chain high-privilege tools (trade execution, wire transfer, account changes). AC-10.5 mandates step-up authentication, rate-limiting, and documented kill-switches.
View all 56 sub-controls in the AISS spec on GitHub.
OPEN GOVERNANCE
A standard your supervisor can verify, your insurer can recognize, and your team can propose changes to
Every AISS sub-control, scoring rule, and crosswalk in this bundle is published under CC-BY-4.0 at github.com/Ayliea/aiss. Banks, broker-dealers, asset managers, and fintech teams are invited to propose improvements via the public RFC process — particularly around edge cases the controls do not yet cover.
Run an AISS Financial Services assessment
Score your FinServ AI surface against the AISS FinServ priority sub-controls. Receive an auditable derivation, ATLAS-mapped threat coverage, and a carrier-ready summary you can submit with your next cyber-insurance renewal — or with your next supervisory examination request.