India’s Computer Emergency Response Team, Indian Computer Emergency Response Team, has introduced a new cybersecurity framework urging organizations to patch critical security vulnerabilities in internet-facing systems within 12 hours of detection whenever feasible. The recommendation comes amid growing concerns that cybercriminals are increasingly using artificial intelligence tools and large language models (LLMs) to accelerate cyber attacks, automate exploit development, and scale malicious operations more efficiently.
The guidance was published in a 38-page blueprint released on Monday and reflects mounting fears around AI-assisted cyber exploitation. According to CERT-In, the rapid adoption of AI and LLMs by threat actors is significantly shrinking the time between the discovery of security vulnerabilities and active exploitation.
“AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems,” CERT-In stated in the document.
AI and LLMs Are Reshaping Cyber Attack Timelines
CERT-In warned that as organizations become more dependent on cloud ecosystems, interconnected infrastructure, operational technology, software supply chains, and AI-enabled platforms, the risks associated with AI-driven attacks continue to rise across industries.
The agency noted that attackers are already using AI and LLMs for a broad range of malicious activities, including attack surface mapping, exploit analysis, phishing campaigns, malware creation, and automated reconnaissance. The use of AI allows attackers to compress traditional attack preparation timelines and evade some conventional security controls.
The blueprint also highlighted that AI-enabled environments themselves can become targets. Threat actors may exploit weaknesses through prompt injection attacks, model manipulation, jailbreaking methods, data leakage vulnerabilities, training data poisoning, model theft, and orchestration pipeline compromises. Such attacks can undermine the confidentiality, integrity, and reliability of AI systems.
According to CERT-In, organizations should prepare for a future where cyberattacks become autonomous, and exploitation timelines collapse further due to advancements in AI and LLMs. The agency said this shift requires stronger operational readiness, proactive patching strategies, continuous threat assessment, and aggressive exposure reduction practices.
CERT-In Calls for Stronger Defenses Against Security Vulnerabilities
To counter AI-assisted attacks and reduce exposure to security vulnerabilities, CERT-In outlined several defensive principles that organizations should adopt.
One of the key recommendations is the assumption that breaches are inevitable. Organizations are encouraged to prepare for rapid detection, containment, and recovery during compromise scenarios. The blueprint also stresses the adoption of Zero Trust security models that enforce continuous verification and least-privilege access controls.
CERT-In further recommended implementing defense-in-depth strategies with layered protections across infrastructure to minimize the impact of successful breaches and eliminate single points of failure. The agency emphasized continuous monitoring and remediation of security vulnerabilities, along with integrating secure-by-design practices into applications, infrastructure, and AI workflows.
The framework also advises organizations to maintain operational continuity during cyber incidents and ensure the protection of sensitive and operationally critical data throughout its lifecycle. Another major focus area is software supply chain security. CERT-In urged enterprises to reduce risks linked to third-party software, AI models, and dependencies through Software Bills of Materials (SBOMs), provenance validation, and security assessments.
To evaluate the effectiveness of cybersecurity controls, the agency recommended regular red teaming exercises, vulnerability assessments, penetration testing, and independent audits. It also advised organizations to prioritize controls based on operational importance and threat exposure while establishing formal governance frameworks for AI usage and maintaining visibility into AI systems and integrations.
“Organizations should implement layered, risk-based, and continuously validated technical controls to reduce exposure to AI-assisted cyber threats,” CERT-In said. “Controls should prioritize protection of internet-facing systems, critical business applications, identities, cloud environments, APIs, sensitive data, AI-enabled systems, and operational infrastructure.”
New Patching Deadlines Introduced for Critical Flaws
A major component of the blueprint focuses on vulnerability management and patching timelines. CERT-In urged organizations to adopt continuous, risk-based vulnerability and patch management practices to reduce risks associated with security vulnerabilities, insecure APIs, misconfigurations, publicly exposed services, and weak identities.
Under the new recommendations, known exploited vulnerabilities affecting internet-facing and critical systems should be remediated within 12 hours wherever applicable. The agency also introduced additional remediation timelines based on severity and exposure levels.
Critical externally exposed vulnerabilities should be addressed within one day. Known exploited vulnerabilities impacting internal systems should also be remediated within one day unless alternative mitigation measures are implemented and documented. Critical internal vulnerabilities affecting high-value systems should be patched within three days, while high-severity vulnerabilities should be resolved within five days based on risk prioritization.
CERT-In acknowledged that immediate patching may not always be possible. In situations where fixes are unavailable, the agency advised organizations to deploy temporary mitigations such as system isolation, restricted access controls, web application firewall (WAF) or API protections, enhanced monitoring, and feature disablement until official patches are released.
The new recommendations reflect growing global concerns about the role of AI and LLMs in modern cyber warfare. As threat actors continue to automate the discovery and exploitation of security vulnerabilities, cybersecurity agencies and enterprises are facing pressure to strengthen patching practices, reduce exposure windows, and improve resilience against rapidly evolving digital threats.
