The Indian Computer Emergency Response Team (CERT-In) has introduced new regulations mandating that critical vulnerabilities in internet-facing systems be patched within 12 hours when feasible. This urgent directive aims to protect organizations from cyber threats that exploit artificial intelligence (AI) tools and large language models (LLMs) for automating vulnerability discovery and exploitation, thereby accelerating the scale and speed of cyber attacks.
AI-Driven Cyber Threats
CERT-In’s comprehensive 38-page blueprint outlines how AI-assisted cyber activities significantly reduce the time required for adversaries to identify, weaponize, and exploit weaknesses in exposed services, identities, APIs, and systems. As organizations increasingly rely on interconnected digital infrastructure, cloud environments, and AI platforms, the potential impact of AI-driven threats is expanding across various sectors.
Cybercriminals are leveraging AI to streamline tasks such as discovering attack surfaces, analyzing exploits, crafting convincing phishing content, and even generating malware. This capability allows them to compress attack preparation timelines and evade conventional security measures. Additionally, AI systems themselves are becoming targets through methods like prompt injections, data leaks, and model manipulation.
Strategies for Mitigating AI Threats
Organizations must anticipate rapid exploitation timelines and the potential for autonomous attacks, necessitating enhanced cybersecurity measures. CERT-In emphasizes the importance of continuous threat assessment, proactive exposure reduction, and operational readiness. Key defensive strategies include assuming breach scenarios, adopting a Zero Trust framework, and implementing a defense-in-depth approach.
Further recommendations include embedding security by design, maintaining operational continuity during disruptions, safeguarding critical data, and minimizing software supply chain risks. Regular assessments such as red teaming, penetration testing, and audits are also advised to ensure security effectiveness against evolving threats.
Patching and Risk Management Guidelines
CERT-In underscores the need for continuous, risk-based vulnerability and patch management to mitigate exposure from security flaws, misconfigurations, and weak points like APIs and identities. It mandates that known exploited vulnerabilities impacting internet-facing systems be addressed within 12 hours where possible. Other timelines include addressing critical external vulnerabilities within a day, internal high-value system vulnerabilities within three days, and high-severity vulnerabilities within five days based on risk prioritization.
In situations where patches are unavailable, organizations should implement temporary mitigations such as isolation, access restrictions, and enhanced monitoring. CERT-In advises ongoing reassessment of exposure, validation of security controls, and strengthening of resilience capabilities through regular audits and coordinated cybersecurity governance.
This initiative follows a previous advisory from CERT-In warning about the advancements in AI models from Anthropic and OpenAI, highlighting their potential dual-use nature. Staying updated with AI-driven cyber developments is crucial for maintaining cyber resilience, emphasizing the necessity of enforcing baseline cybersecurity controls.
