CERT-In has introduced a significantly stricter cybersecurity response framework, mandating rapid remediation timelines for critical vulnerabilities as artificial intelligence increasingly transforms the scale, speed, and sophistication of cyberattacks targeting organisations across sectors.
In its latest 38-page cybersecurity framework, the agency has recommended that organisations patch critical vulnerabilities in internet-facing systems within 12 hours wherever feasible. The updated directive comes amid growing concerns that cybercriminals are increasingly leveraging AI tools, generative AI platforms, large language models (LLMs), and autonomous automation systems to accelerate cyber operations and reduce the response time available to defenders.
AI reshaping cyber threats
According to CERT-In, AI-assisted cyber activity is rapidly shrinking the time required for attackers to identify weak systems, compromised identities, insecure APIs, exposed cloud environments, and misconfigured infrastructure.
The agency warned that threat actors are now using AI across multiple stages of cyberattacks, including reconnaissance, vulnerability discovery, exploit generation, phishing campaign creation, malware development, and attack orchestration.
CERT-In noted that the growing adoption of cloud infrastructure, interconnected enterprise systems, operational technology networks, AI-enabled applications, and complex software supply chains has significantly widened the cyber risk surface for organisations.
The framework highlighted that enterprises must now prepare for attack environments where exploitation cycles become increasingly automated, adaptive, and capable of operating at machine speed.
Growing risks to AI systems
Beyond traditional cyber risks, CERT-In also flagged emerging threats specifically targeting AI systems and machine learning environments.
The agency identified prompt injection attacks, AI model manipulation, training data poisoning, orchestration pipeline breaches, model theft, and sensitive data leakage as major risks capable of undermining the integrity and confidentiality of AI-driven systems.
The advisory additionally warned organisations against uncontrolled use of public AI tools and shadow AI deployments within enterprise environments, stressing the importance of stronger governance and human oversight for AI-supported operations and decision-making.
Faster remediation timelines
As part of its updated framework, CERT-In has recommended aggressive remediation timelines based on severity and exploitability of vulnerabilities.
The agency advised that critical vulnerabilities affecting internet-facing systems should ideally be fixed within 12 hours wherever feasible.
Additional timelines recommended by CERT-In include:
• Critical external vulnerabilities: within 1 day
• Internally exploited vulnerabilities: within 1 day with documented mitigation
• High-value internal systems: within 3 days
• High-severity vulnerabilities: within 5 days depending on operational risk
Where immediate patching is not possible, organisations have been advised to deploy temporary safeguards such as system isolation, restricted access controls, enhanced monitoring, API protection, feature disabling, and network segmentation until permanent fixes are available.
Shift toward adaptive cybersecurity
CERT-In emphasized that traditional perimeter-focused cybersecurity approaches are becoming increasingly insufficient against AI-enabled attacks and urged organisations to adopt more adaptive and resilience-focused security architectures.
The framework recommends zero-trust security models, defence-in-depth strategies, secure-by-design development practices, continuous vulnerability monitoring, and improved visibility across cloud and digital environments.
The agency also called for stronger software and digital supply chain security through frameworks such as Software Bill of Materials (SBOMs), provenance validation, and regular supply chain security assessments.
Focus on resilience and preparedness
CERT-In further advised organisations to strengthen cyber resilience through continuous audits, penetration testing, red team exercises, and proactive threat monitoring capabilities.
The updated framework reflects growing global concerns that advanced AI technologies are lowering the barriers for cybercriminals while simultaneously increasing the scale, automation, and complexity of digital attacks.
With AI rapidly reshaping the global cybersecurity landscape, CERT-In’s latest guidance signals a major push toward faster response mechanisms, stronger governance frameworks, and continuous cyber resilience across India’s digital ecosystem.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
