---
type: "AIHallucinationFinding"
title: "Does the 2016 CPMI-IOSCO Cyber Resilience Guidance use the phrase 'secure the periphery, protect…"
citation_id: "RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Sonnet46"
finding_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014--sonnet-46-websearch"
question_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014"
regulation_id: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_slug: "CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_title: "Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)"
regulator_short_code: "BIS-CPMI"
regulatory_body_id: "BIS-CPMI-INT-001"
jurisdiction_code: "INT"
j_level: "J1"
ai_subject: "claude-sonnet-4-6"
ai_subject_display: "Claude Sonnet 4.6 (web search on)"
ai_subject_version: "sonnet-46-websearch"
response_failure_mode: "misattributed"
substrate_document_name: "p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html"
substrate_document_path: "https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html"
substrate_section_anchor: "sp190510/r181115a — 'secure the periphery, protect the core' attributed to d146"
citation_issue_types: ["Contradictory"]
audiences: ["ai_labs"]
published_at: "2026-06-07T07:58:33.987904+00:00"
substrate_version: 1
methodology_version: "2.3"
license: "CC-BY-4.0"
resource: "https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014--sonnet-46-websearch/"
tags: ["ai-hallucination", "misattributed", "bis-cpmi", "cpmi-iosco-cyber-resilience-fmi-2016", "int"]
timestamp: "2026-06-16T00:00:00+00:00"
---

# AI Hallucination Finding: Does the 2016 CPMI-IOSCO Cyber Resilience Guidance use the phrase 'secure the periphery, protect…

- **Citation ID.** `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Sonnet46`
- **Finding UID.** `INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014--sonnet-46-websearch`
- **Regulation.** [`CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016`](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md) — Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
- **Regulator.** [`BIS-CPMI-INT-001`](/okf/bodies/BIS-CPMI-INT-001.md) — Bank for International Settlements — Committee on Payments and Market Infrastructures (CPMI)
- **AI subject.** Claude Sonnet 4.6 (web search on)
- **Failure mode.** [`misattributed`](/okf/taxonomy/failure-modes.md)
- **Published.** 2026-06-07T07:58:33.987904+00:00

## Question put to the AI subject

Does the 2016 CPMI-IOSCO Cyber Resilience Guidance use the phrase 'secure the periphery, protect the core,' and if not, what is the actual source of that characterisation?

## AI subject's verbatim answer

It is language used in a May 2019 BIS/CPMI speech titled 'Cyber resilience as a global public good,' where it describes CPMI's overarching strategy: 'secure the periphery' (endpoints and networks of institutions connecting to FMIs) and 'protect the core'

## Verbatim regulator text contradicting the answer

> The phrase 'secure the periphery and protect the core' is from Cœuré's 2018 speech (BIS review r181115a) on 'cryptos, cyber and CCPs'. It describes the CPMI's strategic approach but does not appear in [d146].

_Source:_ [p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html](https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html)
_Section anchor:_ sp190510/r181115a — 'secure the periphery, protect the core' attributed to d146

## Failure mode

**`misattributed`** — Misattributed — the AI attributed a rule to the wrong source, wrong regulator, or wrong instrument.

## Citation-issue types

- **Contradictory** — <https://www.bis.org/cpmi/speeches/sp190510.htm>
- **Contradictory** — <https://www.ecb.europa.eu/press/key/date/2019/html/ecb.sp190510_2~2e988cb439.en.html>

## Related concepts

- Regulation: [CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md)
- Regulator: [BIS-CPMI-INT-001](/okf/bodies/BIS-CPMI-INT-001.md)
- Failure-mode taxonomy: [misattributed](/okf/taxonomy/failure-modes.md)
- Methodology: [v2.3](/okf/methodology.md)
- Editorial standards: [right of reply](/okf/editorial-standards.md)

## Reproduction

Citation ID: `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Sonnet46`

Resource URL (HTML view of this finding):

<https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014--sonnet-46-websearch/>

This finding is reproducible against the substrate document linked above, using the same AI subject, the same methodology version, and the verbatim question text.