Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: ai-threats (1 article)Clear

CERT-In mandates 12-hour patching window for internet-facing KEV vulnerabilities to counter AI-assisted attacks; full risk-tiered SLA blueprint

India's national CERT has published a risk-tiered patch SLA blueprint in response to AI-assisted attack acceleration. Internet-facing systems with KEV-listed vulnerabilities must be remediated within 12 hours; critical externally exposed flaws within 1 day; internal-system KEV within 1 day unless documented compensating controls exist; critical internal flaws on high-value systems within 3 days; high-severity issues within 5 days. CERT-In urges defenders to assume breach, adopt Zero Trust and defense-in-depth, embed secure-by-design into AI workflows, validate via red teaming, and treat AI-system visibility as a first-class governance concern. Mitigations (isolation, WAF, monitoring) are expected when no patch is available.

Check
Inventory your current patch SLAs against CERT-In's tiers. Identify any internet-facing systems with KEV CVEs older than 12 hours. Map AI workflows and governance gaps.
Affected
Any organization with patch SLAs measured in weeks/months on internet-facing systems. AI-assisted attacks compress exploit-development to hours/days; old SLAs are now structurally inadequate.
Fix
Adopt CERT-In's tiered SLA: 12hr for internet-facing KEV, 1d for critical exposed or internal KEV, 3d for critical internal high-value, 5d high-severity. Pair with Zero Trust isolation and WAF controls.