CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

Summary

India's CERT-In issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours where feasible, citing the accelerating threat from AI-assisted cyber exploitation. The 38-page blueprint warns that threat actors are leveraging AI tools and LLMs to automate vulnerability discovery, weaponization, and exploitation, compressing attack timelines and bypassing traditional security controls. CERT-In recommends defensive principles including Zero Trust, defense-in-depth strategies, continuous threat assessment, and secure-by-design practices to counter AI-enabled threats.

Full text

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks Ravie LakshmananMay 26, 2026Artificial Intelligence / Cloud Security, The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability discovery and exploitation, and enhance the scale and velocity of cyber attacks. "AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems," CERT-In said in a 38-page blueprint published Monday. "As organizations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors." With threat actors beginning to increasingly rely on AI for a wide range of tasks, including attack surface discovery, exploit analysis, convincing phishing content, and even malware generation, they can significantly compress attack preparation timelines and bypass traditional security controls. Furthermore, AI-enabled systems may themselves become targets of malicious attacks via prompt injections, data leakage vulnerabilities, jailbreaking techniques, model manipulation, training data poisoning, model theft, and orchestration pipeline compromises, effectively undermining their confidentiality and integrity. CERT-In has warned that organizations should expect exploitation timelines to collapse significantly and attacks to become autonomous, necessitating the need for adopting heightened cybersecurity measures that involve continuous threat assessment, proactive exposure reduction, and operational preparedness. Some of the defensive principles outlined by the cybersecurity agency to reduce exposure and better respond to AI-assisted cyber threats are listed below - Assume breach and prepare for rapid detection, containment, and recovery from compromise scenarios. Adopt a Zero Trust approach by enforcing continuous verification and least-privilege access. Implement a defense-in-depth strategy with layered controls across infrastructure to eliminate single points of failure and minimize the overall impact of a successful breach. Monitor and reduce exposure to security vulnerabilities. Embed a secure-by-design paradigm into systems, applications, and AI workflows. Maintain operational continuity during cyber incidents and disruption scenarios. Safeguard sensitive and operationally critical data throughout its lifecycle. Reduce software supply chain risks arising from third-party software, AI models, and dependencies through SBOM, provenance validation, and assessments. Test security effectiveness against evolving threats through red teaming, vulnerability assessments, penetration testing, and independent audits. Prioritize controls based on operational criticality and threat exposure. Establish formal governance mechanisms regarding the use of AI systems. Maintain visibility into AI systems, integrations, and operational behavior. "Organizations should implement layered, risk-based, and continuously validated technical controls to reduce exposure to AI-assisted cyber threats," CERT-In said. "Controls should prioritise protection of internet-facing systems, critical business applications, identities, cloud environments, APIs, sensitive data, AI-enabled systems, and operational infrastructure." The agency is also urging organizations to embrace "continuous, risk-based vulnerability and patch management practices" to reduce exposure arising from security flaws, misconfigurations, insecure APIs, publicly-accessible services, and weak identities. To that end, known exploited vulnerabilities affecting internet-facing and critical systems should be remediated within 12 hours where applicable. Other risk-based remediation times are as follows - Critical externally exposed vulnerabilities: Within 1 day Known exploited vulnerabilities affecting internal systems: Within 1 day unless other mitigations are implemented and documented Critical internal vulnerabilities affecting high-value systems: Within 3 days High-severity vulnerabilities: Within 5 days based on risk prioritization In scenarios where no patches are immediately available, it's advised to implement temporary mitigations such as isolation, access restriction, WAF/API protection, enhanced monitoring, or feature disablement until the fix is released. "Given the rapidly evolving nature of AI-assisted cyber threats, organisations should continuously reassess exposure, validate security controls, strengthen resilience capabilities, and enhance operational preparedness through ongoing audits, monitoring, testing, and coordinated cybersecurity governance," CERT-In said. The blueprint arrives a month after CERT-In released an advisory warning of the growing cyber capabilities of frontier AI models from Anthropic and OpenAI, stating how their "dual-use nature" could "lower the barrier to entry for malicious cyber actors and be leveraged to accelerate attack execution, automate exploitation workflows and scale cyber campaigns." "Keeping pace with frontier AI-driven cyber developments is critical for maintaining cyber resilience," it added. "Baseline cybersecurity controls remain critical and should be rigorously enforced." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  artificial intelligence, Cloud security, cybersecurity, Malware, Phishing, Software Supply Chain, Vulnerability Management, Zero Trust ⚡ Top Stories This Week Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories Microsoft Warns of Two Actively Exploited Defender Vulnerabilities 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective The New Phishing Click: How OAuth Consent Bypasses MFA Developer Workstations Are Now Part of the Software Supply Chain ⭐ Featured Resources Claim ANY.RUN Anniversary Offer for Faster Malware Analysis [Guide] Learn to Detect AI Typosquatting Risks in Your Domain [Guide] Get Key Identity Security Insights From 2026 Snapshot Discover How to Navigate the Era of Constant Cyber Exposure

Entities