Organizations across India have received a critical call to action from the Indian Computer Emergency Response Team (CERT-In), urging them to address and rectify actively exploited internet-facing vulnerabilities within a time frame of 12 hours. This guidance is a direct response to the rapid advancements in artificial intelligence (AI) that have significantly intensified the pace of cyber-attacks.
The latest document issued by CERT-In on May 25th outlines a concerning trend in the cyber landscape: attackers are leveraging AI technologies to drastically shorten the window of opportunity for defenders. This acceleration in threat activity is rooted in the ability of AI systems to enhance the discovery of vulnerabilities and streamline the execution of malicious campaigns, including reconnaissance, phishing, and the development of malware. The AI rush is reshaping the operational dynamics of cybersecurity, effectively compressing the timeline from the moment a weakness is identified to the moment it is exploited.
### A Blueprint Built Around AI Threats
In a bid to fortify the cyber defenses of organizations, CERT-In has established an indicative framework that emphasizes a 12-hour timeline for remediating known exploited vulnerabilities (KEVs), specifically concerning “internet-facing and crown-jewel systems.” This directive not only highlights the urgency of rapid response but also delineates further tiers of response based on the assessed risk of vulnerabilities.
For critical flaws that are exposed to the internet, a one-day remediation window has been stipulated. Meanwhile, for critical internal vulnerabilities on high-value systems, a three-day window is advised, and for high-severity issues, organizations are encouraged to act within five days. In instances where patches are unavailable, CERT-In suggests implementing interim measures. These could include isolating vulnerable systems, restricting access, or employing web application firewalls to mitigate potential threats until a definitive fix can be applied.
To aid in prioritization, CERT-In has directed organizations to utilize the KEV catalog along with the Exploit Prediction Scoring System (EPSS). This multifaceted approach encourages a more comprehensive evaluation of vulnerabilities, moving beyond reliance on severity scores alone. CERT-In intentionally refrains from characterizing the timelines as mandatory, instead describing them as expectations designed to be adapted based on operating criticality and the level of threat exposure an organization confronts.
### Securing AI Deployments and Incident Reporting
In addition to patching protocols, the new guidance presents a robust framework that encompasses governance, the establishment of zero-trust architectures, and the integration of AI-aware security operations. The importance of supply-chain assurance is underscored, specifically through the implementation of software and AI bills of materials (BOMs).
The document gives particular attention to the security of organizational AI deployments, addressing threats such as prompt injection, model theft, training-data poisoning, and governance challenges associated with autonomous agents operating with minimal human oversight. These elements are especially pertinent as organizations increasingly deploy AI solutions across various operational domains.
A crucial aspect of the guidance is the reaffirmation of the existing obligation requiring entities to report cybersecurity incidents to CERT-In within six hours of their detection—a directive that has been in effect since 2022. Such prompt reporting is vital for the overall health of the cybersecurity ecosystem and enables faster response and remediation efforts.
CERT-In recommends the phased implementation of its recommendations, beginning with an initial focus on governance, exposure reduction, and the adoption of multi-factor authentication (MFA) within the first week. This initial phase sets the stage for subsequent actions that include operational strengthening, red teaming exercises, and adversarial AI testing.
### Conclusion
As the cyber threat landscape continues to evolve rapidly, driven increasingly by the capabilities of artificial intelligence, organizations in India are faced with an imperative to enhance their cybersecurity resilience. By following CERT-In’s guidance, focusing on timely vulnerability remediation, and establishing robust security frameworks, organizations can better protect themselves against the escalating threats posed by malicious actors who are relentlessly exploiting the innate vulnerabilities of the digital world. The proactive steps outlined in this directive not only demonstrate a commitment to strengthening security postures but also reflect a broader understanding of the complexities of cybersecurity in the modern era.