AI Threat Velocity and CERT-In’s 12-Hour Patch Mandate

Key Takeaways

• India’s Computer Emergency Response Team (CERT-In) published a 38-page directive on May 25–26, 2026—CISG-2026-02, “Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure”—requiring organizations to patch known exploited vulnerabilities on internet-facing systems within 12 hours where feasible, with graduated timelines extending to five days for lower-risk internal flaws [1].

• AI-assisted attack tooling has fundamentally compressed the exploitation window: according to CrowdStrike’s 2026 Global Threat Report, the average eCrime actor breakout time has fallen to 29 minutes, while the fastest observed breakout occurred in just 27 seconds [2]; separately, CSA research documents that AI systems now generate working proof-of-concept exploit code for disclosed CVEs in as little as 10 to 15 minutes at approximately one dollar per attempt [3].

• Enterprise defenders are moving in the opposite direction: the mean time to remediate complex enterprise applications reached five months and ten days in 2026, and the 2026 Verizon Data Breach Investigations Report found that organizations patched only 26% of CISA’s Known Exploited Vulnerabilities catalog—down from 38% the prior year—as vulnerability exploitation surpassed credential theft to become the leading initial access vector for the first time [4][5].

• The CERT-In blueprint is notable for extending beyond patch timelines: it formalizes a 60-day phased implementation roadmap spanning 11 core defensive principles, including AI governance requirements, zero trust adoption, adversarial testing obligations, and a mandate to adopt Software Bill of Materials (SBOM), AI Bill of Materials (AIBOM), Quantum Bill of Materials (QBOM), and Cryptographic Bill of Materials (CBOM) frameworks to reduce supply-chain exposure [1].

• Where patches are unavailable, CERT-In explicitly endorses compensating controls—system isolation, access restriction, web application firewall protection, feature disablement, and enhanced monitoring—reflecting an operational awareness that in an AI-accelerated threat environment, the absence of a vendor fix cannot be treated as an acceptable justification for continued exposure [1].

• The directive’s scope and structure position it as a model for how national cybersecurity agencies can translate AI-threat research into binding operational guidance; security teams in non-Indian organizations that operate within India’s digital infrastructure sectors, or that benchmark their vulnerability programs against peer frameworks, should evaluate CERT-In’s tiered remediation timelines as a reference standard.

Background

The collapse of the vulnerability exploitation window is among the most consequential shifts in operational security of the past five years. What once provided security teams weeks or months to test and deploy patches has compressed, through the application of generative AI to offensive tooling, into a window measured in hours or days—and sometimes in minutes. CERT-In’s CISG-2026-02 blueprint is the most detailed national-government response to this structural shift yet published, and its 12-hour remediation requirement for internet-facing, known-exploited vulnerabilities represents both a policy statement and an implicit acknowledgment that the traditional patch cadence is no longer adequate.

CERT-In operates under India’s Information Technology Act as the nodal agency for cybersecurity incident response and advisory functions. The agency has historically issued advisories on specific vulnerabilities and incident reporting obligations; the 2022 directive mandating six-hour incident reporting to CERT-In established its appetite for compressed timelines. The May 2026 blueprint extends that posture into proactive vulnerability management, formalizing remediation timelines that would have been considered operationally impractical by most enterprise security teams just three years ago.

This directive did not arrive in isolation. In April 2026, CERT-In issued a separate high-severity advisory specifically addressing frontier AI models from major AI developers, warning that their “dual-use nature” could “lower the barrier to entry for malicious cyber actors and be leveraged to accelerate attack execution, automate exploitation workflows and scale cyber campaigns” [6]. That advisory named specific model capabilities—automated codebase analysis, reconnaissance, phishing content generation, and multi-stage attack orchestration—as threat enablers, establishing an evidentiary basis for the compressed timelines now codified in CISG-2026-02. The May blueprint is, in this sense, the operational policy that follows from the April threat assessment.

The statistical backdrop for CERT-In’s position is well-supported by independent research. CSA’s April 2026 whitepaper The Collapsing Exploit Window: AI-Speed Vulnerability Weaponization documented that the median time from vulnerability disclosure to weaponized exploitation fell from 756 days in 2018 to approximately five days by late 2023, with 32.1% of newly tracked exploits appearing on or before the CVE’s public disclosure date in 2025 [3]. The CVE-Genie framework, documented in that paper, achieved a 51% reproduction rate for 2024–2025 CVEs at an average cost of $2.77 per vulnerability. The implication is direct: the financial and time barriers to exploit development have effectively disappeared for any threat actor with access to commodity AI tooling.

Security Analysis

The Blueprint’s Core Architecture

CISG-2026-02’s primary innovation is not any single remediation timeline but rather its integration of risk-tiered patching deadlines within a structured 60-day implementation roadmap. The framework organizes remediation urgency across five tiers: known exploited vulnerabilities on internet-exposed systems are assigned the 12-hour window; critical externally exposed vulnerabilities must be addressed within one day; known exploited vulnerabilities affecting internal systems carry a matching one-day deadline unless documented compensating controls are in place; critical internal vulnerabilities affecting high-value systems must be remediated within three days; and high-severity vulnerabilities more broadly are assigned a five-day window based on risk prioritization [1].

These timelines are structured around a 60-day implementation roadmap divided into three phases. Phase I, covering days zero through seven, focuses on immediate risk reduction: establishing governance structures, identifying internet-facing assets, implementing multi-factor authentication, and beginning critical patching. Phase II, spanning days eight through thirty, targets operational strengthening—SOC monitoring enhancement, continuous vulnerability management, AI governance framework establishment, and cloud and API security assessment. Phase III, covering days thirty-one through sixty, emphasizes advanced resilience: red team exercises, continuous control validation, security automation, and AI model integrity verification [1].

Running beneath this roadmap are eleven core defensive principles that the blueprint treats as foundational rather than aspirational. These include the assume-breach operational posture, zero trust with continuous verification, defense-in-depth layered controls, continuous exposure management, secure-by-design integration into AI workflows, data lifecycle protection, supply chain risk reduction through xBOM adoption, formal AI governance mechanisms, and a mandate for regular adversarial testing [1]. The breadth of this list is significant: CERT-In is not issuing a narrow patching directive but a comprehensive security posture requirement that treats AI-assisted threat velocity as the organizing threat model for all of these controls.

The Asymmetry Between Attacker and Defender Timelines

The 12-hour mandate acquires its full significance when examined against current attacker and defender timelines side by side. CrowdStrike’s 2026 Global Threat Report found that the average eCrime breakout time—the interval between initial access and lateral movement to additional hosts—fell to 29 minutes in 2025, a 65% speed increase from 2024, with the fastest observed instance occurring in just 27 seconds [2]. VulnCheck’s Q1 2025 analysis found that 28.3% of CVEs were exploited within 24 hours of their public disclosure, meaning that for nearly a third of newly disclosed vulnerabilities, the effective remediation window before active exploitation begins is measured in hours rather than days [7]. The Verizon 2026 DBIR corroborated this trajectory, finding that vulnerability exploitation overtook credential theft as the primary initial access vector—accounting for 31% of all breaches analyzed—for the first time in the report’s nineteen-year history [4].

Against this attacker velocity, enterprise defenders are operating at fundamentally different timescales. The average mean time to remediation for complex enterprise applications reached five months and ten days in 2026, driven by compatibility testing requirements, change management processes, production stability concerns, and the organizational coordination overhead of patching systems distributed across geographically dispersed environments [3]. The 2026 Verizon DBIR’s finding that organizations patched only 26% of CISA KEV entries—vulnerabilities with confirmed, active exploitation—underscores that the problem is not primarily a lack of awareness but a structural mismatch between the pace of threat and the pace of enterprise operations [4][5].

AI-enabled adversary operations increased 89% year-over-year according to CrowdStrike, with AI tooling deployed across reconnaissance, credential theft, lateral movement, and evasion [2]. This acceleration is not a future projection but a documented 2025 operational reality. The window for effective patch-based defense against a determined AI-assisted adversary has, for certain vulnerability classes, effectively closed before most organizations’ patch management cycles begin.

Operational Feasibility and the Compensating Controls Imperative

Acknowledgment that 12-hour patching will not always be achievable is embedded directly in the directive’s language—the mandate applies “where feasible,” and CERT-In explicitly defines an alternative path through compensating controls for cases where vendor patches are unavailable or deployment is operationally infeasible [1]. This design choice reflects a realistic assessment of enterprise environments. Production systems with rigid uptime requirements, complex dependency trees, or vendor-controlled update schedules cannot be patched on demand regardless of regulatory intent. A 12-hour mandate applied rigidly to all internet-facing systems would create impossible choices for operators of legacy infrastructure, healthcare systems, or industrial control environments.

The practical implication for security teams is a two-track approach: those vulnerabilities that can be patched quickly—particularly on cloud-hosted systems, containerized workloads, and managed services with automated update capabilities—should be treated as subject to the 12-hour standard as a default. Those systems where immediate patching is genuinely infeasible should trigger an immediate compensating controls workflow: network isolation, API rate limiting, WAF rule deployment, enhanced monitoring for exploitation indicators, and documented risk acceptance through formal governance processes. CERT-In’s inclusion of both tracks within the same framework reflects an operationally sophisticated understanding of the enterprise environment.

The Supply Chain and xBOM Dimension

The blueprint’s requirement to adopt SBOM, AIBOM, QBOM, and CBOM frameworks addresses a dimension of AI-era threat velocity that pure patch management cannot resolve. An organization that cannot enumerate its software dependencies cannot assess its exposure to a disclosed CVE in under 12 hours; the limiting factor is inventory knowledge, not patching capacity. CERT-In’s own technical guidelines on xBOM frameworks, published separately, establish minimum elements and recommendations for each framework type [8]. The AIBOM requirement is particularly timely given the rapid proliferation of third-party AI components—pretrained models, inference APIs, vector databases, and agent orchestration frameworks—in enterprise software stacks. These components represent a vulnerability surface that existing software inventory tools were not designed to track.

The 2026 threat landscape compounds the supply chain risk dimension. As documented by CrowdStrike, adversaries are actively injecting malicious prompts into enterprise GenAI tools at scale and abusing AI development platforms as attack vectors [2]. An organization without AIBOM visibility cannot determine whether an AI component it relies upon has been compromised, updated with a malicious dependency, or exposed by a model-level vulnerability. The CERT-In blueprint’s inclusion of xBOM adoption alongside remediation timelines signals that the Indian government views supply chain transparency as a prerequisite for, not merely an enhancement to, effective vulnerability management.

Recommendations

Immediate Actions

Organizations should immediately triage their internet-facing systems against the CISA Known Exploited Vulnerabilities catalog and establish whether current patch deployment capabilities can meet a 12-hour SLA for systems in that category. For cloud-hosted and containerized workloads, most organizations can achieve sub-12-hour patching for known exploited vulnerabilities through automated deployment pipelines; enabling these capabilities should be the first priority. For legacy or operationally constrained systems, the immediate action is not to attempt 12-hour patching but to pre-define and document compensating controls—network segmentation boundaries, WAF rule sets, access restriction policies—that can be activated immediately when a known-exploited vulnerability affecting those systems is disclosed. Incident reporting processes to CERT-In (for organizations within India’s jurisdiction) or to applicable sector-specific authorities should be reviewed against the 6-hour reporting timeline now formalized in CISG-2026-02 [1].

Short-Term Mitigations

Continuous exposure management—the practice of maintaining a real-time inventory of internet-facing assets and their patch states—should be established or matured within the 60-day implementation window CERT-In defines. Effective 12-hour patching is impossible without this inventory baseline. Organizations should also begin SBOM collection for their critical applications and evaluate tooling that can auto-generate AIBOM artifacts for AI-dependent components; the window for implementing these capabilities ahead of regulatory expectation is narrowing as additional national agencies look to CERT-In’s blueprint as a model. Zero trust architecture principles—particularly continuous verification for lateral movement paths—address the breakout-time threat vector documented by CrowdStrike by limiting what an adversary can access in the 29-minute window between initial access and containment.

Strategic Considerations

The structural remediation gap identified by the 2026 Verizon DBIR—26% of known exploited vulnerabilities patched, enterprise MTTR of five months—reflects organizational and process constraints that cannot be solved by policy directive alone. Security engineering investment should focus on reducing the organizational friction around patch deployment: automated testing pipelines that compress compatibility validation timelines, canary deployment patterns that reduce production disruption risk, and vulnerability management platforms that integrate threat intelligence feeds to auto-prioritize based on exploitation status. Formal AI governance mechanisms—including model integrity verification, adversarial testing against deployed AI systems, and AI-specific incident response playbooks—should be developed as first-class security program components rather than appendices to existing frameworks. CERT-In’s phased implementation roadmap, with its explicit 60-day structure, provides a reasonable operational template for organizations seeking to establish a governance timeline for these investments.

CSA Resource Alignment

The CERT-In blueprint’s threat model and defensive recommendations map directly to several foundational CSA frameworks. CSA’s MAESTRO (Multi-Agent Environment, Security, Threat, Risk and Outcome) framework provides a seven-layer agentic AI threat modeling architecture that captures the attack surfaces CERT-In identifies—autonomous reconnaissance, exploit chaining, and lateral movement enabled by AI agents—and provides structured control objectives for each layer [9]. Security teams applying CERT-In’s AI governance requirements will find MAESTRO’s Layer 1 (Foundation Model) and Layer 2 (Data Operations) threat models directly applicable to the model integrity verification and AIBOM requirements in Phase III of the blueprint.

The CSA AI Controls Matrix (AICM) provides 243 control objectives across 18 security domains for AI development and deployment, mapping to ISO/IEC 42001, NIST AI RMF 1.0, and other standards [10]. Several AICM domains—including vulnerability management, supply chain security, and continuous monitoring—align precisely with CERT-In’s xBOM and continuous exposure management requirements, giving organizations a vendor-agnostic control framework through which to operationalize the directive. The Agentic Trust Framework (ATF), developed by the CSA AI Safety Initiative, addresses the governance and operational control questions for AI agent deployment that CERT-In’s “secure AI adoption” principle raises but leaves to organizational implementation.

For organizations subject to CERT-In’s jurisdiction or seeking to benchmark against it, the STAR for AI program provides an attestation pathway through which AI security controls can be independently assessed and disclosed—directly supporting the formal AI governance and transparency obligations in CISG-2026-02.

References

[1] Indian Computer Emergency Response Team (CERT-In). “Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure (CISG-2026-02).” CERT-In, May 2026.

[2] CrowdStrike. “2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface.” CrowdStrike, February 2026.

[3] Cloud Security Alliance AI Safety Initiative. “The Collapsing Exploit Window: AI-Speed Vulnerability Weaponization.” CSA Labs, April 2026.

[4] Verizon. “2026 Data Breach Investigations Report.” Verizon Business, May 2026.

[5] CISA. “Known Exploited Vulnerabilities Catalog.” Cybersecurity and Infrastructure Security Agency, continuously updated.

[6] Business Standard. “India’s Cert-In warns of AI-led cyber threats, lists protection steps.” Business Standard Technology Desk, April 2026.

[7] The Hacker News / VulnCheck. “159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure.” The Hacker News, April 2025.

[8] Indian Computer Emergency Response Team (CERT-In). “Technical Guidelines on SBOM, QBOM & CBOM, AIBOM, and HBOM (Version 2.0).” CERT-In.

[9] Cloud Security Alliance. “Agentic AI Threat Modeling Framework: MAESTRO.” CSA Blog, February 2025.

[10] Cloud Security Alliance. “AI Controls Matrix.” CSA, 2025.