AI Hallucination ResearchFindings by audiencePractitionersInternational / MultilateralPublic AuditorsDetail › Finding
Practitioners — Public Auditors · Last updated 11 Jun 2026 · Hallucination Register
Share / Print X LinkedIn Email

Finding#3 . 'Secure the periphery, protect the core' misattributed to 2018 wholesale-payments work

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014
AI's failure:Misattributed Risk for Public Auditors:Wrong deliverable on cybersecurity framework alignment
What the RLB Specialist Panel found

Finding#3 . 'Secure the periphery, protect the core' misattributed to 2018 wholesale-payments work

  • Citation ID: RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Opus47
  • AI's failure: AI attributed a slogan to the wrong CPMI publication
  • Risk for the Public Auditors: Audit report exposure on cyber programme framework alignment and operative-standard status For public auditors examining cyber-strategy narrative in management commentary, attributing 'secure the periphery, protect the core' to the 2016 guidance or the 2018 fraud paper introduces a source-attribution error into the audit-evidence package. The phrase is from a 2018 speech, not a standards document. Audit testing that uses the wrong attribution to validate management commentary leaves an open audit-report finding waiting to be raised.
  • see this finding ->
Impact for Public Auditors in international jurisdictions advising on the Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)

For public auditors examining cyber-strategy narrative in management commentary, attributing 'secure the periphery, protect the core' to the 2016 guidance or the 2018 fraud paper introduces a source-attribution error into the audit-evidence package. The phrase is from a 2018 speech, not a standards document. Audit testing that uses the wrong attribution to validate management commentary leaves an open audit-report finding waiting to be raised.

References — raw findings (per AI model)
This finding also affects
← Previous finding Finding#2 . NIST Cybersecurity Framework citation asserted as explicit Next finding → Finding#4 . 'Secure the periphery, protect the core' misattributed to May 2019 BIS-CPMI speech
Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014
Plain text Download 
RegLeg Specialist Panel (2026). "Finding#3 . 'Secure the periphery, protect the core' misattributed to 2018 wholesale-payments work — Practitioners — Public Auditors." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014. RegLegBrief AI Hallucination Research, published 2026-06-11. https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014/
APA 7th edition Download 
RegLeg Specialist Panel. (2026). Finding#3 . 'Secure the periphery, protect the core' misattributed to 2018 wholesale-payments work [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014/
Bluebook / OSCOLA (US + UK legal) Download 
RegLeg Specialist Panel, Finding#3 . 'Secure the periphery, protect the core' misattributed to 2018 wholesale-payments work [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014], RegLegBrief AI Hallucination Research (June 11, 2026), https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014/.
BibTeX Download 
@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q014,
  author    = {RegLeg Specialist Panel},
  title     = {Finding#3 . 'Secure the periphery, protect the core' misattributed to 2018 wholesale-payments work},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014},
  url       = {https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014/}
}
← Back to case study summary Case study detail →
About Citation IDs →

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.