CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

What happened

CERT-In, India’s national cybersecurity agency, has issued a new directive demanding that organizations fix critical vulnerabilities in internet-facing systems within 12 hours of detection, wherever feasible. This accelerated patching requirement is a direct response to the growing threat from cyber attackers using artificial intelligence tools and large language models to automate vulnerability discovery and exploitation.

Why it matters

The shrinking window for patching critical flaws significantly raises the operational pressure on IT and security teams. Attackers leveraging AI can scan and exploit weak points far faster than before, so organizations that cannot keep up risk having their exposed systems compromised before patches are applied. The directive effectively forces tighter vulnerability management cycles and may require investments in rapid detection, automated remediation, and robust monitoring to comply. It also raises the stakes for any internet-facing infrastructure, increasing the cost of neglect or delays in security patching.

What to watch next

How organizations balance this mandate with the realities of patch testing and deployment will be telling. Some may turn to automated vulnerability management tools or orchestrate faster patch release pipelines. Expect regulators and CERT-In to push for more real-time reporting of patching compliance. Meanwhile, attackers will likely accelerate their use of AI-driven automation, pushing defenders to evolve toward equally rapid response workflows and AI-enabled defense tools. Watch for increased demand for managed patching services and AI-powered security solutions in India and possibly beyond.

AI Quick Briefs Editorial Desk