India's CERT-In Mandates 12-Hour Patching Deadline for Critical Infrastructure

India’s Computer Emergency Response Team (CERT-In) has mandated a 12-hour patching deadline for organizations to address exposed vulnerabilities in their systems, citing accelerated exploitation timelines driven by AI-powered attack tools. The directive applies to critical infrastructure sectors and government entities, requiring immediate remediation of flaws that are publicly disclosed or actively exploited. While no specific CVE IDs or technical details of the vulnerabilities were provided, the notice emphasizes the urgency due to reduced time-to-exploitation from days to hours. The policy aims to mitigate risks from automated attacks leveraging AI to scan and exploit weaknesses at scale. The deadline is effective immediately under CERT-In’s existing cybersecurity guidelines.