India's Computer Emergency Response Team has established a 12-hour deadline for patching or mitigating exploited vulnerabilities in internet-facing systems or critical infrastructure, citing the increasing use of artificial intelligence in cyber attacks1. This directive applies to bugs that are known to be exploited and have a significant impact on security. In such cases, defenders are expected to take immediate action to patch, mitigate, or remove exposure within the specified timeframe. The goal is to reduce the window of opportunity for attackers to exploit these vulnerabilities. For less critical flaws, such as internal system vulnerabilities, the response time may be longer. The new guideline reflects the growing concern about the role of AI in amplifying cyber threats. This matters to security practitioners because prompt patching is now crucial to preventing AI-assisted attacks from causing significant damage.
India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat
⚠️ Critical Alert
Why This Matters
In these cases, CERT-In told defenders to "patch, mitigate, or remove exposure within 12 hours where feasible." For other flaws, such as a standard critical vulnerability (CVSS.
References
- The Register. (2026, May 27). India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat. *The Register*. https://www.theregister.com/security/2026/05/27/cert-in-professes-12-hour-patching-for-ai-assisted-attacks/5247009
Original Source
The Register
Read original →