The Indian Computer Emergency Response Team (CERT-In) has introduced stringent guidelines that require organizations to address critical security vulnerabilities in internet-facing systems within a 12-hour timeframe, where feasible. This directive aims to bolster defenses against an evolving landscape of cyber threats, particularly those involving the exploitation of artificial intelligence (AI) tools and large language models (LLMs) by malicious actors. By enforcing prompt patching protocols, CERT-In seeks to mitigate the risks associated with automated attacks that leverage these advanced technologies.
For businesses, the implications of this mandate are significant. Organizations must prioritize vulnerability management and ensure their security teams are adequately prepared to act swiftly in response to identified risks. This may necessitate investing in automated patch management solutions and enhancing incident response capabilities to comply with the new guidelines effectively. As the threat landscape continues to evolve with AI-driven tactics, adherence to these recommendations is crucial for maintaining robust cybersecurity postures and protecting sensitive data from potential breaches.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/05/cert-in-mandates-12-hour-patching-for.html)*