CERT-In warns AI-powered cyber attacks are accelerating, urges 12-hour patch window
Synopsis
Key Takeaways
India's nodal cybersecurity agency, the Computer Emergency Response Team – India (CERT-In), has issued a stark warning that the rapid mainstreaming of artificial intelligence is fundamentally reshaping the global threat landscape, with cybercriminals now deploying advanced AI tools to mount faster, more targeted, and harder-to-detect attacks. The alert was published in the agency's latest cybersecurity blueprint, released on 26 May 2025 from New Delhi.
How AI Is Arming Cybercriminals
According to the blueprint, technologies including generative AI, large language models (LLMs), autonomous agents, and AI-powered automation platforms are being actively weaponised by threat actors. Attackers are using these tools to accelerate reconnaissance, automate vulnerability detection, craft hyper-targeted phishing campaigns, and develop adaptive malware capable of evading conventional security defences.
CERT-In noted that AI-enabled exploitation has sharply compressed the time attackers need to identify weaknesses in digital infrastructure — including exposed services, insecure APIs, and weak digital identities — giving defenders a narrower window to respond than ever before.
Why Traditional Defences Are No Longer Enough
'As organisations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors,' the blueprint stated.
The agency cautioned that perimeter-based security models — long the backbone of enterprise defence — are insufficient against this new class of threats. It urged organisations to shift toward adaptive, resilience-driven security frameworks that assume breach rather than simply attempt to prevent it. This comes amid a broader global pattern of state-sponsored and criminal actors integrating AI into their offensive toolkits, a trend flagged by cybersecurity bodies across the US, EU, and UK in recent months.
CERT-In's Key Directives to Organisations
The blueprint lays out a set of concrete measures organisations must adopt. These include regular system scanning, continuous monitoring of internet-facing assets, thorough review of cloud and API environments, and ensuring that detected vulnerabilities are fully remediated — not merely flagged.
CERT-In also directed organisations to prioritise security risks based on severity and exploitability, with particular urgency for vulnerabilities affecting critical infrastructure or publicly accessible systems. Notably, the agency proposed strict remediation timelines: critical flaws on internet-facing or important systems must be patched within 12 hours, while other high-risk vulnerabilities should be resolved within one to five days depending on assessed risk level.
Where patches are unavailable, CERT-In recommended temporarily isolating affected systems, restricting access, and intensifying monitoring to contain potential compromise.
Supply Chain Transparency and the Bill of Materials Frameworks
The agency also flagged growing risks in software and digital supply chains, which have become a preferred entry point for sophisticated attackers. To address this, CERT-In recommended adoption of four transparency frameworks: Software Bill of Materials (SBOM), AI Bill of Materials (AIBOM), Quantum Bill of Materials (QBOM), and Cryptographic Bill of Materials (CBOM).
These frameworks are designed to help organisations map software dependencies, verify trusted sources, and reduce exposure from third-party technologies and AI-based tools embedded in their systems — an area that has seen repeated exploitation in recent years, from the SolarWinds breach to more recent AI model supply chain incidents globally.
What Comes Next
The blueprint signals that CERT-In is moving toward a more prescriptive, timeline-driven compliance posture for Indian organisations, particularly those operating critical infrastructure. Industry bodies and enterprise security teams are expected to align their vulnerability management programmes with the new directives. As AI capabilities continue to evolve on both sides of the security divide, the pressure on defenders to automate and accelerate their own response cycles will only intensify.