India's CERT-In recommends 12-hour fixes where feasible in AI strategy
India's Computer Emergency Response Team (CERT-In) has recommended that organizations resolve known exploited vulnerabilities affecting internet-facing and crown-jewel systems within 12 hours where feasible.
This is part of a fresh strategy launched on May 25, 2026, to keep up with fast-moving AI-powered cyber threats, such as phishing scams and sneaky malware that AI can whip up quickly.
CERT-In requires 24-hour fixes, 6-hour reports
Along with the main deadline, CERT-In wants internal and external system issues fixed within 24 hours.
High-value systems get three days, and high-severity problems must be sorted in five days.
Organizations also have to report any security incidents within 6 hours.
The agency is pushing for smarter defenses too, like continuous monitoring and zero-trust security, so India's digital spaces stay safer as cyber threats evolve.