India's national CERT has published a risk-tiered patch SLA blueprint in response to AI-assisted attack acceleration. Internet-facing systems with KEV-listed vulnerabilities must be remediated within 12 hours; critical externally exposed flaws within 1 day; internal-system KEV within 1 day unless documented compensating controls exist; critical internal flaws on high-value systems within 3 days; high-severity issues within 5 days. CERT-In urges defenders to assume breach, adopt Zero Trust and defense-in-depth, embed secure-by-design into AI workflows, validate via red teaming, and treat AI-system visibility as a first-class governance concern. Mitigations (isolation, WAF, monitoring) are expected when no patch is available.