HomeTechnology

CERT-In Strengthens Cybersecurity Framework, Mandates 12-Hour Patching for Critical Vulnerabilities Amid AI Threat Surge

CERT-In Strengthens Cybersecurity Framework, Mandates 12-Hour Patching for Critical Vulnerabilities Amid AI Threat Surge

India’s Computer Emergency Response Team (CERT-In) has introduced a robust cybersecurity framework designed to bolster the resilience of organizations against emerging cyber threats. The newly released guidelines stress the urgent need for organizations to rectify critical security vulnerabilities in internet-facing systems within 12 hours of detection, where feasible. This initiative responds to rising concerns regarding the use of artificial intelligence (AI) tools and large language models (LLMs) by cybercriminals to accelerate attacks and automate exploit development.

The 38-page blueprint, made public on Monday, reflects the increasing anxiety surrounding AI-assisted cyber exploitation. CERT-In emphasizes that the swift adoption of AI and LLMs by malicious actors significantly shortens the time between identifying security vulnerabilities and exploiting them.

“AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems,” CERT-In stated in the document.

AI and LLMs Are Reshaping Cyber Attack Timelines

CERT-In has issued a serious warning that as organizations become more reliant on cloud ecosystems, interconnected infrastructure, operational technology, software supply chains, and AI-enabled platforms, the risks associated with AI-driven attacks are escalating across various sectors. The agency noted that attackers are utilizing AI and LLMs for a range of malicious activities, including attack surface mapping, exploit analysis, phishing campaigns, malware creation, and automated reconnaissance. This technological advantage enables attackers to compress traditional attack preparation timelines and circumvent conventional security measures.

The blueprint also highlights that AI-enabled environments themselves can become targets. Threat actors may exploit vulnerabilities through prompt injection attacks, model manipulation, data leakage, training data poisoning, and orchestration pipeline compromises. Such attacks can severely undermine the confidentiality, integrity, and reliability of AI systems.

According to CERT-In, organizations must prepare for a future where cyberattacks become increasingly autonomous, and exploitation timelines continue to collapse due to advancements in AI and LLMs. This shift necessitates enhanced operational readiness, proactive patching strategies, continuous threat assessment, and aggressive exposure reduction practices.

CERT-In Calls for Stronger Defenses Against Security Vulnerabilities

To counter AI-assisted attacks and mitigate exposure to security vulnerabilities, CERT-In has outlined several defensive principles that organizations should adopt. One key recommendation is to assume that breaches are inevitable. Organizations are encouraged to prepare for rapid detection, containment, and recovery during compromise scenarios. The framework advocates for adopting Zero Trust security models that enforce continuous verification and least-privilege access controls.

CERT-In further recommends implementing defense-in-depth strategies, which involve layered protections across infrastructure to minimize the impact of successful breaches and eliminate single points of failure. Continuous monitoring and remediation of security vulnerabilities are emphasized, along with integrating secure-by-design practices into applications, infrastructure, and AI workflows.

The framework also advises organizations to maintain operational continuity during cyber incidents and ensure the protection of sensitive and operationally critical data throughout its lifecycle. A significant focus area is software supply chain security, with CERT-In urging enterprises to mitigate risks associated with third-party software, AI models, and dependencies through Software Bills of Materials (SBOMs), provenance validation, and security assessments.

To assess the effectiveness of cybersecurity controls, the agency recommends regular red teaming exercises, vulnerability assessments, penetration testing, and independent audits. Organizations are advised to prioritize controls based on operational importance and threat exposure while establishing formal governance frameworks for AI usage and maintaining visibility into AI systems and integrations.

“Organizations should implement layered, risk-based, and continuously validated technical controls to reduce exposure to AI-assisted cyber threats,” CERT-In stated. “Controls should prioritize protection of internet-facing systems, critical business applications, identities, cloud environments, APIs, sensitive data, AI-enabled systems, and operational infrastructure.”

New Patching Deadlines Introduced for Critical Flaws

A crucial aspect of the blueprint focuses on vulnerability management and patching timelines. CERT-In urges organizations to adopt continuous, risk-based vulnerability and patch management practices to mitigate risks associated with security vulnerabilities, insecure APIs, misconfigurations, publicly exposed services, and weak identities.

Under the new recommendations, known exploited vulnerabilities affecting internet-facing and critical systems should be remediated within 12 hours whenever applicable. The agency has also introduced additional remediation timelines based on severity and exposure levels. Critical externally exposed vulnerabilities should be addressed within one day, while known exploited vulnerabilities impacting internal systems should also be remediated within one day unless alternative mitigation measures are documented. Critical internal vulnerabilities affecting high-value systems should be patched within three days, while high-severity vulnerabilities should be resolved within five days based on risk prioritization.

CERT-In acknowledges that immediate patching may not always be feasible. In cases where fixes are unavailable, the agency advises organizations to deploy temporary mitigations such as system isolation, restricted access controls, web application firewalls (WAF), enhanced monitoring, and feature disablement until official patches are released.

The new recommendations reflect a growing global concern regarding the role of AI and LLMs in modern cyber warfare. As threat actors continue to automate the discovery and exploitation of security vulnerabilities, cybersecurity agencies and enterprises face increasing pressure to strengthen patching practices, reduce exposure windows, and enhance resilience against rapidly evolving digital threats.

As reported by cyberwarriorsmiddleeast.com.

Explore the latest digital editions of FAME Delivered in the Magazine section: https://famedelivered.com/magazine/

Published on 2026-05-27 17:07:00 • By FAME Delivered News Desk

FAME Delivered News Desk

CERT-In Strengthens Cybersecurity Framework, Mandates 12-Hour Patching for Critical Vulnerabilities Amid AI Threat Surge

CERT-In Strengthens Cybersecurity Framework, Mandates 12-Hour Patching for Critical Vulnerabilities Amid AI Threat Surge

India’s Computer Emergency Response Team (CERT-In) has introduced a robust cybersecurity framework designed to bolster the resilience of organizations against emerging cyber threats. The newly released guidelines stress the urgent need for organizations to rectify critical security vulnerabilities in internet-facing systems within 12 hours of detection, where feasible. This initiative responds to rising concerns regarding the use of artificial intelligence (AI) tools and large language models (LLMs) by cybercriminals to accelerate attacks and automate exploit development.

The 38-page blueprint, made public on Monday, reflects the increasing anxiety surrounding AI-assisted cyber exploitation. CERT-In emphasizes that the swift adoption of AI and LLMs by malicious actors significantly shortens the time between identifying security vulnerabilities and exploiting them.

“AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems,” CERT-In stated in the document.

AI and LLMs Are Reshaping Cyber Attack Timelines

CERT-In has issued a serious warning that as organizations become more reliant on cloud ecosystems, interconnected infrastructure, operational technology, software supply chains, and AI-enabled platforms, the risks associated with AI-driven attacks are escalating across various sectors. The agency noted that attackers are utilizing AI and LLMs for a range of malicious activities, including attack surface mapping, exploit analysis, phishing campaigns, malware creation, and automated reconnaissance. This technological advantage enables attackers to compress traditional attack preparation timelines and circumvent conventional security measures.

The blueprint also highlights that AI-enabled environments themselves can become targets. Threat actors may exploit vulnerabilities through prompt injection attacks, model manipulation, data leakage, training data poisoning, and orchestration pipeline compromises. Such attacks can severely undermine the confidentiality, integrity, and reliability of AI systems.

According to CERT-In, organizations must prepare for a future where cyberattacks become increasingly autonomous, and exploitation timelines continue to collapse due to advancements in AI and LLMs. This shift necessitates enhanced operational readiness, proactive patching strategies, continuous threat assessment, and aggressive exposure reduction practices.

CERT-In Calls for Stronger Defenses Against Security Vulnerabilities

To counter AI-assisted attacks and mitigate exposure to security vulnerabilities, CERT-In has outlined several defensive principles that organizations should adopt. One key recommendation is to assume that breaches are inevitable. Organizations are encouraged to prepare for rapid detection, containment, and recovery during compromise scenarios. The framework advocates for adopting Zero Trust security models that enforce continuous verification and least-privilege access controls.

CERT-In further recommends implementing defense-in-depth strategies, which involve layered protections across infrastructure to minimize the impact of successful breaches and eliminate single points of failure. Continuous monitoring and remediation of security vulnerabilities are emphasized, along with integrating secure-by-design practices into applications, infrastructure, and AI workflows.

The framework also advises organizations to maintain operational continuity during cyber incidents and ensure the protection of sensitive and operationally critical data throughout its lifecycle. A significant focus area is software supply chain security, with CERT-In urging enterprises to mitigate risks associated with third-party software, AI models, and dependencies through Software Bills of Materials (SBOMs), provenance validation, and security assessments.

To assess the effectiveness of cybersecurity controls, the agency recommends regular red teaming exercises, vulnerability assessments, penetration testing, and independent audits. Organizations are advised to prioritize controls based on operational importance and threat exposure while establishing formal governance frameworks for AI usage and maintaining visibility into AI systems and integrations.

“Organizations should implement layered, risk-based, and continuously validated technical controls to reduce exposure to AI-assisted cyber threats,” CERT-In stated. “Controls should prioritize protection of internet-facing systems, critical business applications, identities, cloud environments, APIs, sensitive data, AI-enabled systems, and operational infrastructure.”

New Patching Deadlines Introduced for Critical Flaws

A crucial aspect of the blueprint focuses on vulnerability management and patching timelines. CERT-In urges organizations to adopt continuous, risk-based vulnerability and patch management practices to mitigate risks associated with security vulnerabilities, insecure APIs, misconfigurations, publicly exposed services, and weak identities.

Under the new recommendations, known exploited vulnerabilities affecting internet-facing and critical systems should be remediated within 12 hours whenever applicable. The agency has also introduced additional remediation timelines based on severity and exposure levels. Critical externally exposed vulnerabilities should be addressed within one day, while known exploited vulnerabilities impacting internal systems should also be remediated within one day unless alternative mitigation measures are documented. Critical internal vulnerabilities affecting high-value systems should be patched within three days, while high-severity vulnerabilities should be resolved within five days based on risk prioritization.

CERT-In acknowledges that immediate patching may not always be feasible. In cases where fixes are unavailable, the agency advises organizations to deploy temporary mitigations such as system isolation, restricted access controls, web application firewalls (WAF), enhanced monitoring, and feature disablement until official patches are released.

The new recommendations reflect a growing global concern regarding the role of AI and LLMs in modern cyber warfare. As threat actors continue to automate the discovery and exploitation of security vulnerabilities, cybersecurity agencies and enterprises face increasing pressure to strengthen patching practices, reduce exposure windows, and enhance resilience against rapidly evolving digital threats.

As reported by cyberwarriorsmiddleeast.com.

Explore the latest digital editions of FAME Delivered in the Magazine section: https://famedelivered.com/magazine/

Published on 2026-05-27 17:07:00 • By FAME Delivered News Desk

RELATED ARTICLES

Technology

HBO Max Poised for Historic Emmy Wins as Paramount Merger Looms

FAME Delivered News Desk -
HBO Max Poised for Historic Emmy Wins as Paramount Merger Looms Warner Bros. is on the brink of a significant transition as it prepares for...
Technology

Cybersecurity Strengthens as Essential Infrastructure for UAE Economy Amid Rising Digital Threats

FAME Delivered News Desk -
Cybersecurity Strengthens as Essential Infrastructure for UAE Economy Amid Rising Digital Threats In March 2023, drone strikes targeting Amazon Web Services (AWS) facilities in the...
Technology

IAEA Director General Commends UAE’s Peaceful Nuclear Energy Programme, Emphasizes Strengthening Nuclear Safety and Security

FAME Delivered News Desk -
IAEA Director General Commends UAE's Peaceful Nuclear Energy Programme, Emphasizes Strengthening Nuclear Safety and Security Grossi's Visit Highlights UAE's Nuclear Achievements Abu Dhabi: Rafael Mariano Grossi,...
Technology

Video Security Industry Reshapes with Strategic Merger and AI-Driven Insights

FAME Delivered News Desk -
Video Security Industry Reshapes with Strategic Merger and AI-Driven Insights The video security sector is experiencing a transformative shift, moving from a fragmented landscape of...
Technology

African Development Bank Group Launches €25 Million Clean Cooking Program to Boost Access Across Africa at 2026 Annual Meetings

FAME Delivered News Desk -
African Development Bank Group Launches €25 Million Clean Cooking Program to Boost Access Across Africa at 2026 Annual Meetings The African Development Bank Group (AfDB)...

Latest Posts

Latest Posts

Don't Miss

Subscribe

To be updated with all the latest news, offers and special announcements.