CERT-In Mandates 12-Hour Patch Deadline for Internet-Facing Vulnerabilities

CERT-In published a 38-page blueprint warning that generative AI and autonomous agents are shortening exploitation timelines and demanding rapid remediation: known exploited internet-facing and crown‑jewel vulnerabilities should be contained and patched within 12 hours where feasible, critical external flaws within one day, and other high-severity issues within a few days. The guidance emphasizes continuous exposure management across cloud, APIs and AI systems, zero-trust and assume-breach design, strengthened SOCs with behavior analytics and threat hunting, a 0–60 day three-phase roadmap for immediate risk reduction to advanced automation, and mandatory incident reporting within six hours.