AI Hallucination ResearchFindings by audiencePractitionersInternational / MultilateralLawyersDetail › Finding
Practitioners — Lawyers · Last updated 11 Jun 2026 · Hallucination Register
Share / Print X LinkedIn Email

Finding#1 . NIST Cybersecurity Framework cross-reference asserted without verification

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008
AI's failure:Inference Drift Risk for Lawyers:Wrong deliverable on cybersecurity framework alignment
What the RLB Specialist Panel found

Finding#1 . NIST Cybersecurity Framework cross-reference asserted without verification

  • Citation ID: RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47
  • AI's failure: AI inferred a framework cross-reference the 2016 guidance does not make
  • Risk for the Lawyers: Professional indemnity exposure on cyber programme opinion letters and advisory work For lawyers advising FMIs and banks on cyber programme posture, an asserted NIST CSF alignment of the 2016 guidance lands directly inside opinion letters and advisory memos as a programme-foundation claim. The 2016 guidance does not contain the citation the model asserts. An opinion that recites the asserted alignment as regulator-grounded reasoning carries PI exposure on a programme-adequacy review and creates an evidentiary problem if the alignment is later tested against the source.
  • see this finding ->
Impact for Lawyers in international jurisdictions advising on the Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)

For lawyers advising FMIs and banks on cyber programme posture, an asserted NIST CSF alignment of the 2016 guidance lands directly inside opinion letters and advisory memos as a programme-foundation claim. The 2016 guidance does not contain the citation the model asserts. An opinion that recites the asserted alignment as regulator-grounded reasoning carries PI exposure on a programme-adequacy review and creates an evidentiary problem if the alignment is later tested against the source.

References — raw findings (per AI model)
This finding also affects
Next finding → Finding#2 . NIST Cybersecurity Framework citation asserted as explicit
Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008
Bluebook / OSCOLA (US + UK legal) Download 
RegLeg Specialist Panel, Finding#1 . NIST Cybersecurity Framework cross-reference asserted without verification [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008], RegLegBrief AI Hallucination Research (June 11, 2026), https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/lawyers/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008/.
Plain text Download 
RegLeg Specialist Panel (2026). "Finding#1 . NIST Cybersecurity Framework cross-reference asserted without verification — Practitioners — Lawyers." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008. RegLegBrief AI Hallucination Research, published 2026-06-11. https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/lawyers/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008/
APA 7th edition Download 
RegLeg Specialist Panel. (2026). Finding#1 . NIST Cybersecurity Framework cross-reference asserted without verification [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/lawyers/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008/
BibTeX Download 
@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q008,
  author    = {RegLeg Specialist Panel},
  title     = {Finding#1 . NIST Cybersecurity Framework cross-reference asserted without verification},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008},
  url       = {https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/lawyers/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008/}
}
← Back to case study summary Case study detail →
About Citation IDs →

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.