India's Computer Emergency Response Team (CERT-In) says defenders should endevor to patch or mitigate exploited n-day vulnerabilities within 12 hours as the cybercrime landscape continues its AI-ification.The organization's recommended half-day window applies only to bugs that affect internet-facing or "crown jewel" systems and are known to be exploited. In these cases, CERT-In told defenders to "patch, mitigate, or remove exposure within 12 hours where feasible."
For other flaws, such as a standard critical vulnerability (CVSS 9.0 or higher) affecting an internal system, or a known exploited bug affecting an internal system, defenders can enjoy a much more leisurely 24-hour window.
The revised suggestions come as part of a new guide released by CERT-In this week to help infosec pros better protect against AI-assisted cyberattacks."AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems," CERT-In's report reads. "As organizations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors."CERT-In's report follows a trail of news stories in 2026 that all suggest AI is becoming an increasingly important part of cybersecurity for both attackers and defenders.The field of agentic AI has especially matured rapidly in the past year. Consumer-grade tools like OpenClaw have made it easier for non-technical users to experiment with autonomous tech, raising its profile and awareness of its capabilities.Agents are equipped with all the necessary permissions to make significant system changes, but as global intelligence agencies recently highlighted, their behavior can at times be unexpected, and they're also prone to mischief.
