CERT-In Mandates 12-Hour Patching for Critical Vulnerabilities in Internet-Facing Systems

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines mandating organizations to patch critical security vulnerabilities in internet-facing systems within 12 hours of identification where feasible. The directive aims to mitigate threats posed by threat actors leveraging artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability exploitation. No specific CVEs, dates, or technical details about the vulnerabilities were provided in the notice. The focus is on internet-exposed systems, though no geographical or sector-specific restrictions were mentioned. The impact described includes heightened risks from AI-assisted cyberattacks accelerating exploitation timelines.