AI subject tested: Claude Opus 4.7 (web search on)
Question (paraphrased): Does the CPMI-IOSCO 2016 Cyber Guidance explicitly reference or align with the NIST Cybersecurity Framework?
AI response:
"The 2016 Guidance is principles-based and does not explicitly adopt or normatively cross-reference the NIST Cybersecurity Framework in its text, although it was developed in awareness of NIST CSF, ISO/IEC 27000 series, COBIT and similar bodies of practice."
Regulator verbatim text:
"Unknown — searches did not confirm a verbatim NIST citation in the 2016 Cyber Resilience Guidance. The five guidance categories are structurally similar to the NIST CSF five functions but may be independently derived."
Failure mode: inference_drift
Substrate document: p_01_GUIDELINE_d146___whether_NIST_CSF_is_formally_cite_d146.htm
This finding documents a confirmed hallucination by Claude Opus 4.7 (web search on) on a probe of the regulation. The model's response was tested against the regulator's verbatim primary text and classified as inference_drift. Full per-finding context is available via the linked Citation ID.
Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.
RegLeg Specialist Panel (2026). "Does the CPMI-IOSCO 2016 Cyber Guidance explicitly reference or align with the NIST Cybersecurity Framework? — AI Labs." Citation ID: RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47. RegLegBrief AI Hallucination Research, published 2026-06-07. https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-cyber-resilience-fmi-2016/whitepaper/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008--opus-47-websearch/
RegLeg Specialist Panel. (2026). Does the CPMI-IOSCO 2016 Cyber Guidance explicitly reference or align with the NIST Cybersecurity Framework? [Hallucination finding RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-cyber-resilience-fmi-2016/whitepaper/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008--opus-47-websearch/
RegLeg Specialist Panel, Does the CPMI-IOSCO 2016 Cyber Guidance explicitly reference or align with the NIST Cybersecurity Framework? [RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47], RegLegBrief AI Hallucination Research (June 07, 2026), https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-cyber-resilience-fmi-2016/whitepaper/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008--opus-47-websearch/.
@misc{reglegbrief_RLB_H_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q008_Opus47,
author = {RegLeg Specialist Panel},
title = {Does the CPMI-IOSCO 2016 Cyber Guidance explicitly reference or align with the NIST Cybersecurity Framework?},
year = {2026},
publisher = {RegLegBrief AI Hallucination Research},
note = {Hallucination finding Citation ID: RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47},
url = {https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-cyber-resilience-fmi-2016/whitepaper/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008--opus-47-websearch/}
}
Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.