CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability

According to the report, CERT-In has issued guidance recommending that organizations patch or otherwise mitigate critical, internet-facing vulnerabilities within 12 hours where feasible, explicitly citing the growing use of AI tools and large language models by attackers to automate vulnerability discovery and exploitation at scale.[1][2] The framework also urges continuous, risk-based vulnerability and patch management, secure-by-design principles for AI workflows, and governance mechanisms around AI system use.[1] From a CyberSE.AI perspective, this highlights malicious AI use as a driver for dramatically shortened remediation timelines and the need to integrate AI-specific controls (e.g., monitoring AI-enabled systems, securing AI-related supply chain components) into broader vulnerability management and incident response programs. Practically, organizations should treat AI-accelerated exploitation as an assumption in their threat model, align patch SLAs with these tighter windows, and use services like AI Security Readiness Assessment, AI CISO Advisory, and AI Policy Generator & Support to embed these expectations into policy, architecture, and continuous red teaming against AI