---
type: "AIHallucinationFinding"
title: "Does the CPMI-IOSCO 2016 Cyber Guidance use the phrase 'secure the periphery, protect the core',…"
citation_id: "RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Opus47"
finding_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014--opus-47-websearch"
question_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014"
regulation_id: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_slug: "CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_title: "Guidance on Cyber Resilience for Financial Market Infrastructures"
regulator_short_code: "BIS-CPMI"
regulatory_body_id: "BIS-CPMI-INT-001"
jurisdiction_code: "INT"
j_level: "J1"
ai_subject: "claude-opus-4-7"
ai_subject_display: "Claude Opus 4.7 (web search on)"
ai_subject_version: "opus-47-websearch"
response_failure_mode: "misattributed"
substrate_document_name: "p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html"
substrate_document_path: "https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html"
substrate_section_anchor: "sp190510/r181115a — 'secure the periphery, protect the core' attributed to d146"
citation_issue_types: ["Contradictory"]
audiences: ["ai_labs"]
published_at: "2026-05-30T00:06:03.464820+00:00"
substrate_version: 1
methodology_version: "2.3"
license: "CC-BY-4.0"
resource: "https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014--opus-47-websearch/"
tags: ["ai-hallucination", "misattributed", "bis-cpmi", "cpmi-iosco-cyber-resilience-fmi-2016", "int"]
timestamp: "2026-06-16T00:00:00+00:00"
---

# AI Hallucination Finding: Does the CPMI-IOSCO 2016 Cyber Guidance use the phrase 'secure the periphery, protect the core',…

- **Citation ID.** `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Opus47`
- **Finding UID.** `INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014--opus-47-websearch`
- **Regulation.** [`CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016`](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md) — Guidance on Cyber Resilience for Financial Market Infrastructures
- **Regulator.** [`BIS-CPMI-INT-001`](/okf/bodies/BIS-CPMI-INT-001.md) — Bank for International Settlements — Committee on Payments and Market Infrastructures (CPMI)
- **AI subject.** Claude Opus 4.7 (web search on)
- **Failure mode.** [`misattributed`](/okf/taxonomy/failure-modes.md)
- **Published.** 2026-05-30T00:06:03.464820+00:00

## Question put to the AI subject

Does the CPMI-IOSCO 2016 Cyber Guidance use the phrase 'secure the periphery, protect the core', and if not, where does the phrase originate?

## AI subject's verbatim answer

The exact slogan 'secure the periphery, protect the core' is associated with later CPMI work on reducing the risk of wholesale payments fraud relating to endpoint security (notably the CPMI's 2018 'Reducing the risk of wholesale payments fraud related to endpoint security' strategy)

## Verbatim regulator text contradicting the answer

> The phrase 'secure the periphery and protect the core' is from Cœuré's 2018 speech (BIS review r181115a) on 'cryptos, cyber and CCPs'. It describes the CPMI's strategic approach but does not appear in the 2016 Cyber Resilience Guidance.

_Source:_ [p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html](https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html)
_Section anchor:_ sp190510/r181115a — 'secure the periphery, protect the core' attributed to d146

## Failure mode

**`misattributed`** — Misattributed — the AI attributed a rule to the wrong source, wrong regulator, or wrong instrument.

## Citation-issue types

- **Contradictory** — <https://www.bis.org/cpmi/publ/d146.pdf>
- **Contradictory** — <https://www.bis.org/cpmi/publ/d178.htm>

## Related concepts

- Regulation: [CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md)
- Regulator: [BIS-CPMI-INT-001](/okf/bodies/BIS-CPMI-INT-001.md)
- Failure-mode taxonomy: [misattributed](/okf/taxonomy/failure-modes.md)
- Methodology: [v2.3](/okf/methodology.md)
- Editorial standards: [right of reply](/okf/editorial-standards.md)

## Reproduction

Citation ID: `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Opus47`

Resource URL (HTML view of this finding):

<https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014--opus-47-websearch/>

This finding is reproducible against the substrate document linked above, using the same AI subject, the same methodology version, and the verbatim question text.