India's CERT-In Orders 12-Hour Patching Deadline for Internet-Facing Vulnerabilities Amid AI-Driven Threats
India's Computer Emergency Response Team (CERT-In) has issued a new directive requiring organizations to patch critical internet-facing vulnerabilities within 12 hours of disclosure, a notably aggressive timeline compared to traditional patching windows.
The mandate comes in response to the growing sophistication of cyberattacks, particularly those leveraging artificial intelligence to automate vulnerability scanning and exploitation. CERT-In cited the缩短时间 between vulnerability disclosure and active exploitation as a key driver for the new requirement.
Under the directive, organizations operating in India must prioritize updates for internet-facing systems, including web servers, VPNs, and network infrastructure components. Failure to comply may result in regulatory action, according to the advisory.
Security experts have noted that while 12-hour patching is challenging for large enterprises with complex infrastructure, it reflects a broader trend toward faster remediation timelines as threat actors deploy AI tools to accelerate attack campaigns. The mandate aligns India with more stringent global cybersecurity standards emerging in response to state-sponsored and criminal hacking operations.