India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat
Summary
India's cyber agency, CERT-In, has issued a directive mandating that internet-facing or critical systems be patched, mitigated, or disconnected within 12 hours of exploited vulnerabilities being identified. This accelerated response time is driven by the increasing speed and sophistication of cyberattacks, exacerbated by advancements in AI.
IFF Assessment
The 12-hour patching window highlights an escalating threat landscape where vulnerabilities are exploited rapidly, increasing the pressure on defenders to respond quickly.
Defender Context
Defenders need to be prepared for extremely rapid exploitation of vulnerabilities, requiring agile incident response and patch management processes. The mention of AI suggests that threat actors may be using AI to identify and exploit vulnerabilities even faster, demanding proactive threat hunting and intelligence.