India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws

CERT-In has issued new guidance urging Indian organizations to remediate known exploited and internet-facing vulnerabilities rapidly—setting an indicative 12-hour expectation for KEVs on crown-jewel systems and shorter windows for externally exposed critical flaws—citing that generative AI, LLMs and autonomous agents are accelerating reconnaissance, vulnerability discovery, phishing and malware development; the guidance also covers AI-specific risks, governance, zero-trust, supply-chain assurances and reiterates a six-hour incident reporting requirement.