{"data":{"id":"3088b01b-9b29-44a7-b1a4-61b8e47a86e1","title":"CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks","summary":"India's CERT-In has issued new security guidelines requiring organizations to patch critical vulnerabilities in internet-exposed systems within 12 hours because attackers are increasingly using AI and LLMs (large language models, which are AI systems trained on large amounts of text) to automate the discovery and exploitation of security weaknesses faster than ever before. The guidelines warn that AI-assisted attacks can compress the time needed for attackers to find and weaponize vulnerabilities, and recommend defensive measures like continuous vulnerability monitoring, Zero Trust security (verifying access at every step), layered security controls, and secure-by-design practices.","solution":"CERT-In recommends organizations implement the following: \"Assume breach and prepare for rapid detection, containment, and recovery from compromise scenarios. Adopt a Zero Trust approach by enforcing continuous verification and least-privilege access. Implement a defense-in-depth strategy with layered controls across infrastructure to eliminate single points of failure and minimize the overall impact of a successful breach. Monitor and reduce exposure to security vulnerabilities. Embed a secure-by-design paradigm into systems, applications, and AI workflows. Maintain operational continuity during cyber incidents and disruption scenarios. Safeguard sensitive and operationally critical data throughout its lifecycle. Reduce software supply chain risks arising from third-party software, AI models, and dependencies through SBOM (software bill of materials), provenance validation, and assessments. Test security effectiveness against evolving threats through red teaming, vulnerability assessments, penetration testing, and independent audits.\" Organizations should also adopt \"continuous, risk-based vulnerability and patch management practices\" and prioritize patching known exploited vulnerabilities affecting internet-facing and critical systems.","labels":["policy","security"],"sourceUrl":"https://thehackernews.com/2026/05/cert-in-mandates-12-hour-patching-for.html","publishedAt":"2026-05-26T09:13:02.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":["prompt_injection","model_poisoning","data_extraction","model_theft","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-26T09:13:02.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability","safety"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}