The Central Bank of Russia has issued methodological recommendations to help financial institutions manage information security when using artificial intelligence. The document is the regulator’s first to systematise the risks associated with AI adoption, outline potential cyberattack tactics against AI systems and set out protection measures. The recommendations include a control for high-risk uses of AI in critical business processes. Where AI is used in processes with elevated information security risks, specifically payment transactions, the relevant operation should be confirmed by a human employee. Financial institutions are also advised to develop their own threat models and information security policies for working with AI, with responsibility for preparing those internal documents assigned to the organisation’s deputy head for information security. A separate section covers information security issues linked to vendor-provided AI services, including the view that a vendor AI model’s participation in a bug bounty programme increases trust in that model.
Central Bank of Russia2026-06-16
Central Bank of Russia publishes first AI information security recommendations for financial institutions
The Central Bank of Russia has issued its first recommendations on information security for financial institutions using AI. The guidance maps AI-related risks and cyberattack tactics and recommends human confirmation where AI is used in high-risk critical processes such as payment transactions. It also calls for internal AI threat models and security policies and highlights vendor security practices, including bug bounty participation.