- The Indian Computer Emergency Response Team (CERT-In) mandates a 12-hour patch deadline for critical vulnerabilities where feasible.
- The directive responds to threat actors increasingly using AI tools to automate and accelerate cyberattacks.
- Organizations are urged to adopt a Zero Trust model and implement layered, risk-based security controls.
- A formal governance framework for AI system usage and continuous security validation is recommended.
The Indian Computer Emergency Response Team (CERT-In) issued a stringent new cybersecurity blueprint on Monday, demanding organizations patch critical flaws in internet-facing systems within 12 hours to counter AI-boosted threats. This urgent guideline stems from the agency’s assessment that artificial intelligence tools are drastically compressing the time adversaries need to find and exploit vulnerabilities.
CERT-In stated that “AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities.” Consequently, the potential impact of these AI-enabled cyber threats is escalating across all digital-dependent sectors.
However, AI systems themselves are becoming prime targets through techniques like prompt injection and data poisoning. Meanwhile, the agency warned that exploitation timelines will collapse further, making attacks more autonomous and requiring heightened defensive measures.
Consequently, the blueprint outlines defensive principles including adopting a Zero Trust approach and implementing a defense-in-depth strategy. Organizations are also instructed to embed secure-by-design paradigms and maintain operational continuity during incidents.
Formal governance for AI system usage and maintaining visibility into AI operations are other critical recommendations. CERT-In emphasized that controls should prioritize protecting internet-facing systems, critical applications, and cloud environments.
The agency is pushing for continuous, risk-based vulnerability management with strict remediation deadlines. For instance, critical externally exposed vulnerabilities should be fixed within one day, while high-severity issues require action within five days.
When patches are unavailable, temporary mitigations like isolation or enhanced monitoring must be deployed. This guidance follows a recent CERT-In advisory on the dual-use dangers of frontier AI models from companies like Anthropic and OpenAI.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
