CERT-In Calls for 12-Hour Patch Window as AI Cyber Threats Grow

India’s national cyber incident response body warned that AI is shrinking the time attackers need to find, weaponize and exploit flaws in critical digital systems.

MIT SMR Editors Reading Time: 3 minutes 

Topics

  • News

    1. OpenAI Foundation Commits $250 Million to Study AI’s Economic Impact

    2. CERT-In Calls for 12-Hour Patch Window as AI Cyber Threats Grow

    3. AI Set to Lift IP Creation at India Tech Hubs: Report

    4. Snowflake Signs $6 billion AWS Deal As AI Infrastructure Demand Rises

    5. Cognition Raises $1 Billion at $26 Billion Valuation

    6. Amazon MGM Studios Launches AI Filmmaking Fund With First Animated Projects

    • India’s Computer Emergency Response Team (CERT-In) has urged organizations to patch, mitigate or remove exposure to known exploited vulnerabilities in internet-facing and crown-jewel systems within 12 hours wherever feasible, warning that AI is accelerating cyberattacks.

    The recommendation is part of CERT-In’s new blueprint on defending digital infrastructure against AI-assisted vulnerability exploitation.

    The agency said advances in large language models and automation tools are helping attackers accelerate reconnaissance, phishing, malware generation, impersonation and exploit development.

    In cybersecurity, crown-jewel systems refer to an organization’s most critical digital assets, where a breach could cause severe financial, operational or reputational damage.

    CERT-In said AI-assisted attacks are reducing the time needed to identify and weaponize vulnerabilities across exposed services, weak identities, insecure APIs, cloud systems, operational technology and software supply chains.

    It advised organizations to move from periodic assessments to continuous vulnerability management, rapid remediation and regular validation of security controls.

    The blueprint covers governance, exposure reduction, technical controls, security operations, supply-chain risk, incident response, workforce preparedness and operational resilience.

    It also asks organizations to factor AI-enabled phishing, deepfakes, synthetic identities, business email compromise and adaptive malware into their security planning.

    CERT-In recommended a risk-based approach, prioritizing systems based on operational criticality, technology dependencies and threat conditions.

    For known exploited vulnerabilities affecting internet-facing and crown-jewel systems, it said organizations should patch, mitigate, isolate or remove exposure within 12 hours wherever feasible.

    For critical vulnerabilities, CERT-In recommended mitigating external or internal exposure within one day and patching internal high-value systems within three days.

    Where a patch is unavailable, it advised temporary controls such as isolation, access restrictions and enhanced monitoring until a fix is released.

    Topics

    About the Author


    View More

    Tags:

    More Like This

    You must to post a comment.

    First time here? : Comment on articles and get access to many more articles.