CERT-In calls for AI-assisted security testing, faster patches

India's Computer Emergency Response Team (CERT-In) has issued stringent new cybersecurity guidelines, mandating technology vendors to adopt AI-assisted security testing and drastically accelerate patch deployment, with critical internet-facing vulnerabilities requiring remediation within an unprecedented 12-hour window. This urgent directive, issued in mid-June 2026, is a direct response to the escalating threat landscape where artificial intelligence is empowering attackers to identify and exploit software flaws at machine speed, compressing traditional 'time-to-exploit' windows from months to mere hours. The framework applies broadly to OEMs, software developers, and cloud providers operating within India, signaling a major shift in accountability for securing the nation's digital ecosystem. The stakes are higher than ever, as generative AI and large language models are fueling a surge in new vulnerabilities, with 2026 forecasts projecting up to 66,000 CVEs – a volume far outpacing human patching capabilities. This alarming disparity, highlighted by a median fix time of 43 days for known exploited vulnerabilities in 2025, forces a paradigm shift from reactive defense to proactive, AI-driven cyber resilience. CERT-In move also emphasizes robust supply-chain security, demanding detailed inventories of all software, hardware, and third-party AI components, aligning with the broader objectives of India's National Cybersecurity Strategy 2026 and the impending full enforceability of the Digital Personal Data Protection Act (DPDPA) in May 2027. Looking ahead, the new guidelines underscore an industry-wide imperative to embrace AI-enabled defense mechanisms, including automated threat detection and incident response, to counter the very tools malicious actors now wield. Organizations must assume breach and fortify their defenses with continuous monitoring, Zero Trust security model, and aggressive remediation SLAs to meet these new standards. The effectiveness of this mandate will hinge on both technological adoption and a fundamental re-evaluation of security operations, setting a challenging but crucial precedent for digital security in the age of accelerated AI warfare.