Practitioners — Public Auditors · Last updated 26 May 2026 · methodology v2.1 · Hallucination Register

Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020

AI's failure:Inference Drift Risk for Public Auditors:Wrong deliverable on cybersecurity framework alignment

What the RLB Specialist Panel found

3. Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon

Question (paraphrased to protect IP): How does the CPMI-IOSCO 2016 Cyber Guidance define 'cyber resilience', and is that definition aligned with the 2018 FSB Cyber Lexicon?
Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
What AI assistants typically say: AI tools provided a specific verbatim-style definition of cyber resilience attributed to the 2016 guidance — "the ability to anticipate, absorb, adapt to, rapidly respond to, and recover from disruption caused by a cyber attack" — and went further to assert that the 2018 FSB Cyber Lexicon explicitly drew on the CPMI-IOSCO definition when establishing its own standardised terminology.
What the regulator actually says: The FSB Cyber Lexicon was published in November 2018, two years after the 2016 guidance. Its standardised definitions postdate the 2016 document and may not match how terms were used in 2016; no claim has been confirmed about whether the Lexicon directionally drew on the CPMI-IOSCO text or developed its definitions independently.
Why the AI went wrong: The AI produced an unverified specific definition attributed to the 2016 guidance and then asserted a directional influence relationship between the two documents — that the FSB Lexicon drew on the CPMI-IOSCO text — for which no evidentiary basis exists. Both the definition's attribution and the claimed influence are fabricated with apparent confidence.
Cited source(s): Regulator portal: https://www.bis.org

Impact for Public Auditors in international jurisdictions advising on the Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)

For public auditors checking definitions used in cyber policy and KRI work, an asserted consistency between the 2016 guidance and the November 2018 FSB Cyber Lexicon collapses a two-year gap in regulator vocabulary into a single asserted alignment. Audit testing that uses the asserted alignment as evidence of definitional grounding leaves the audit team exposed if the source documents are produced for inspection.

References — raw findings (per AI model)

RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Opus47 Claude Opus 4.7 (web search on)
RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46 Claude Sonnet 4.6 (web search on)

This finding also affects

← Previous finding Depth of incident response and recovery detail in the 2016 Cyber Guidance Next finding → Currency of the 2016 Cyber Resilience Guidance as the operative international standard

Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020

Plain text Download

RegLeg Specialist Panel (2026). "Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon — Practitioners — Public Auditors." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020. RegLegBrief AI Hallucination Research, published 2026-05-26. https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/

APA 7th edition Download

RegLeg Specialist Panel. (2026). Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/

Bluebook / OSCOLA (US + UK legal) Download

RegLeg Specialist Panel, Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020], RegLegBrief AI Hallucination Research (May 26, 2026), https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/.

BibTeX Download

@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q020,
  author    = {RegLeg Specialist Panel},
  title     = {Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020},
  url       = {https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/}
}

← Back to case study summary Case study detail →

About Citation IDs →

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.