India's national cyber agency has told organizations to fix, mitigate, or disconnect exposed critical systems within 12 hours when a known-exploited vulnerability affects them. In new CERT-In guidance on defending against AI-assisted attacks, the agency says the half-day target applies where feasible to internet-facing or 'crown jewel' systems with exploited n-day flaws, while other cases such as internal systems generally get a 24-hour target; this is guidance rather than a single-CVE advisory.
Why it matters: This raises the urgency for Indian organizations and anyone tracking national cyber guidance as attackers use artificial intelligence to speed up exploitation. Defenders should review patching and mitigation playbooks now so internet-exposed high-value systems can be patched, shielded, or taken offline quickly when active exploitation is known.
2026.05.27
100% relevant
This article establishes a new trackable story because it centers on a new CERT-In directive-style guidance change setting a 12-hour response expectation for known-exploited flaws, not on any previously listed breach, CVE, or advisory event.
← Back to all stories