CERT-In Orders 12-Hour Patching for Internet-Facing Flaws as AI Speeds Cyber Exploits
Updated
Updated · The Hacker News · May 26
CERT-In Orders 12-Hour Patching for Internet-Facing Flaws as AI Speeds Cyber Exploits
2 articles · Updated · The Hacker News · May 26
Summary
A 38-page CERT-In blueprint tells organizations to fix known exploited vulnerabilities on internet-facing and critical systems within 12 hours where feasible, tightening India’s response window for exposed flaws.
CERT-In said AI tools and large language models are shrinking the time attackers need to find, weaponize and exploit weaknesses, while helping scale phishing, malware creation and automated attack campaigns.
The guidance sets broader remediation targets of 1 day for critical externally exposed flaws and exploited internal bugs, 3 days for critical internal vulnerabilities on high-value systems, and 5 days for high-severity issues.
Where patches are unavailable, organizations are told to isolate systems, restrict access, deploy WAF or API protections, and increase monitoring until fixes arrive.
The mandate builds on a CERT-In advisory issued a month ago warning that frontier AI models from Anthropic and OpenAI could lower barriers for malicious actors and accelerate cyber operations.
As AI now discovers zero-day flaws, is India's new patch mandate already a step behind?
Could India's 12-hour patch rule cause more system crashes than it prevents from cyberattacks?
With AI threats rising, can India's small businesses survive these aggressive new cybersecurity deadlines?
India’s 12-Hour Patch Order: How AI-Accelerated Attacks Are Forcing a New Cybersecurity Normal
Overview
India has launched a critical cybersecurity mandate through CERT-In, responding to the rapid evolution of cyber threats fueled by advanced AI technologies. Threat actors now use AI to automate attacks and discover vulnerabilities faster than ever, prompting CERT-In to require organizations to patch critical internet-facing systems within just 12 hours. This new directive marks a shift from periodic audits to a proactive, continuous security approach, emphasizing unprecedented patching speeds and constant vigilance. The mandate aims to drastically reduce the window for attackers, ensuring organizations stay ahead in an increasingly AI-driven threat landscape.