CISA sets 3-day high-risk patch rule for civilian federal agencies

Technology Jun 10, 2026

The US Cybersecurity and Infrastructure Security Agency (CISA) now wants civilian federal agencies to patch high-risk cybersecurity flaws within 3 days, a big shift as hackers get smarter with AI tools.
The goal? To keep American networks safer from fast-evolving attacks.

Lower severity bugs get extended deadlines

Less dangerous bugs get a bit more breathing room, with deadlines ranging from 2 weeks to 2 months based on how serious they are.
CISA's new rules follow last month and highlight just how quickly the cyber threat landscape is changing thanks to advanced AI like Anthropic's Mythos.