CERT-In warns AI-powered cyber attacks are accelerating, urges 12-hour patch window

Share:
Audio Loading voice…
CERT-In warns AI-powered cyber attacks are accelerating, urges 12-hour patch window

Synopsis

CERT-In's new cybersecurity blueprint reveals that AI is no longer just a defender's tool — it is now a primary offensive weapon. With LLMs automating phishing and adaptive malware evading legacy defences, the agency is demanding a 12-hour patch window for critical flaws and pushing SBOM-style transparency across supply chains. India's digital infrastructure is in the crosshairs.

Key Takeaways

CERT-In issued a cybersecurity blueprint on 26 May 2025 warning that AI tools are dramatically accelerating cyber attack capabilities.
Threat actors are using generative AI , LLMs , and autonomous agents to automate reconnaissance, phishing, and adaptive malware development.
Critical vulnerabilities on internet-facing systems must be patched within 12 hours ; other high-risk flaws within one to five days .
CERT-In recommended adoption of SBOM , AIBOM , QBOM , and CBOM frameworks to improve supply chain transparency.
Traditional perimeter-based defences are deemed insufficient; organisations are urged to adopt adaptive, resilience-driven security models.

India's nodal cybersecurity agency, the Computer Emergency Response Team – India (CERT-In), has issued a stark warning that the rapid mainstreaming of artificial intelligence is fundamentally reshaping the global threat landscape, with cybercriminals now deploying advanced AI tools to mount faster, more targeted, and harder-to-detect attacks. The alert was published in the agency's latest cybersecurity blueprint, released on 26 May 2025 from New Delhi.

How AI Is Arming Cybercriminals

According to the blueprint, technologies including generative AI, large language models (LLMs), autonomous agents, and AI-powered automation platforms are being actively weaponised by threat actors. Attackers are using these tools to accelerate reconnaissance, automate vulnerability detection, craft hyper-targeted phishing campaigns, and develop adaptive malware capable of evading conventional security defences.

CERT-In noted that AI-enabled exploitation has sharply compressed the time attackers need to identify weaknesses in digital infrastructure — including exposed services, insecure APIs, and weak digital identities — giving defenders a narrower window to respond than ever before.

Why Traditional Defences Are No Longer Enough

'As organisations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors,' the blueprint stated.

The agency cautioned that perimeter-based security models — long the backbone of enterprise defence — are insufficient against this new class of threats. It urged organisations to shift toward adaptive, resilience-driven security frameworks that assume breach rather than simply attempt to prevent it. This comes amid a broader global pattern of state-sponsored and criminal actors integrating AI into their offensive toolkits, a trend flagged by cybersecurity bodies across the US, EU, and UK in recent months.

CERT-In's Key Directives to Organisations

The blueprint lays out a set of concrete measures organisations must adopt. These include regular system scanning, continuous monitoring of internet-facing assets, thorough review of cloud and API environments, and ensuring that detected vulnerabilities are fully remediated — not merely flagged.

CERT-In also directed organisations to prioritise security risks based on severity and exploitability, with particular urgency for vulnerabilities affecting critical infrastructure or publicly accessible systems. Notably, the agency proposed strict remediation timelines: critical flaws on internet-facing or important systems must be patched within 12 hours, while other high-risk vulnerabilities should be resolved within one to five days depending on assessed risk level.

Where patches are unavailable, CERT-In recommended temporarily isolating affected systems, restricting access, and intensifying monitoring to contain potential compromise.

Supply Chain Transparency and the Bill of Materials Frameworks

The agency also flagged growing risks in software and digital supply chains, which have become a preferred entry point for sophisticated attackers. To address this, CERT-In recommended adoption of four transparency frameworks: Software Bill of Materials (SBOM), AI Bill of Materials (AIBOM), Quantum Bill of Materials (QBOM), and Cryptographic Bill of Materials (CBOM).

These frameworks are designed to help organisations map software dependencies, verify trusted sources, and reduce exposure from third-party technologies and AI-based tools embedded in their systems — an area that has seen repeated exploitation in recent years, from the SolarWinds breach to more recent AI model supply chain incidents globally.

What Comes Next

The blueprint signals that CERT-In is moving toward a more prescriptive, timeline-driven compliance posture for Indian organisations, particularly those operating critical infrastructure. Industry bodies and enterprise security teams are expected to align their vulnerability management programmes with the new directives. As AI capabilities continue to evolve on both sides of the security divide, the pressure on defenders to automate and accelerate their own response cycles will only intensify.

Point of View

But the harder question is whether most Indian organisations — especially mid-sized enterprises and public sector bodies — have the security operations maturity to action it. The blueprint's supply chain transparency push (SBOM, AIBOM, QBOM, CBOM) is technically sound but largely aspirational for an ecosystem where even basic asset inventories are incomplete. The real gap is not awareness of AI-powered threats; it is the operational capacity to respond at machine speed. Until CERT-In pairs these directives with enforcement mechanisms and capacity-building for smaller organisations, this risks being a well-intentioned document that critical infrastructure operators acknowledge and quietly shelve.
NationPress
12 Jul 2026

Frequently Asked Questions

What has CERT-In warned about AI and cybersecurity?
CERT-In has warned that cybercriminals are actively using generative AI, large language models, and autonomous agents to launch faster, more sophisticated attacks. The agency's latest blueprint states these tools are being used to automate vulnerability detection, craft targeted phishing campaigns, and develop adaptive malware that evades traditional defences.
What is CERT-In's new 12-hour patch rule?
CERT-In has directed organisations to patch critical vulnerabilities affecting internet-facing or important systems within 12 hours of detection. Other high-risk flaws should be remediated within one to five days depending on the severity and exploitability of the vulnerability.
What are SBOM, AIBOM, QBOM, and CBOM?
These are transparency frameworks recommended by CERT-In to secure software and digital supply chains. SBOM (Software Bill of Materials) maps software dependencies; AIBOM covers AI components; QBOM addresses quantum technologies; and CBOM tracks cryptographic elements. Together they help organisations verify trusted sources and reduce third-party risk.
Why are traditional cybersecurity defences no longer sufficient?
CERT-In says perimeter-based security models cannot keep pace with AI-enabled attacks that compress reconnaissance and exploitation timelines. The agency is urging a shift to adaptive, resilience-driven frameworks that assume systems may already be compromised rather than relying solely on preventing entry.
Who is affected by CERT-In's new cybersecurity directives?
The directives apply broadly to all organisations operating digital infrastructure in India, with particular urgency for those running critical infrastructure, publicly accessible systems, and cloud or API-dependent environments. Both private enterprises and public sector bodies are expected to align with the blueprint's recommendations.
Nation Press
The Trail

Connected Dots

Tracing the thread behind this story — newest first.

8 Dots
  1. Latest 2 months ago
  2. 2 months ago
  3. 4 months ago
  4. 5 months ago
  5. 7 months ago
  6. 8 months ago
  7. 10 months ago
  8. 1 year ago
Google Prefer NP
On Google