Dark Web
India Just Made Patching a 12-Hour Job — and the Rest of the World Will Follow
Andrew Mason
June 8, 2026
Summary
India's CERT-In introduces a 12-hour critical patching mandate, reshaping global cybersecurity protocols in response to AI-driven threats.

Introduction

In a bold move that could redefine cybersecurity expectations globally, India's CERT-In announced a stringent patching mandate with unprecedented urgency. Introduced in the comprehensive "Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure," this mandate establishes one of the most aggressive patching timelines ever seen. Given the rapid pace of AI-driven cyberattacks, this development is crucial for organisations worldwide. In this blog, we delve into the strategic implications of this directive and what it means for you.

The Need for Speed: Why the 12-Hour Mandate?

What's Driving This Change?

AI-assisted exploitation has dramatically accelerated the attack timelines, making rapid response critical. CERT-In's mandate requires high-priority vulnerabilities to be addressed within 12 hours of acknowledgment. This shift from traditional CVSS-dependent frameworks to AI-driven strategies stems from the realisation that cybercriminals are now weaponising vulnerabilities faster than ever before.

The Numbers

Data underscores this urgency. Vulnerabilities like Drupal CVE-2026-9082were exploited within 48 hours; PAN-OS CVE-2026-0257 saw weaponisation within just four days. Huntress reflects that some vulnerabilities are capitalised upon within merely hours. The lesson is stark: patch delays are costly.

Understanding the Blueprint

Tiered Response Structure

CERT-In categorises vulnerabilities based on threat level:

  1. 12 hours: For internet-facing known-exploited flaws.
  2. 24 hours: For other critical external vulnerabilities.
  3. 72 hours: Address critical internal vulnerabilities.
  4. 5 days: All high-severity issues without active exploits.

This approach emphasizes timeliness over traditional severity assessments, reflecting the real-world pace of exploitations enabled by AI.

Operational Hurdles

Facing Reality

Despite the mandate's necessity, execution poses numerous challenges. According to Gartner's Apeksha Kaushik, "The primary barriers are not just technical, but operational." Most organisations lack real-time asset visibility and automated vulnerability prioritisation frameworks necessary for such rapid turnarounds.

Building Robust Systems

To adhere to these SLAs, enterprises must transform their operational strategies around the clock:

  • Continuous External Asset Discovery:Regular scans are now outdated; instantaneous visibility is imperative.
  • Automated KEV-Integrated Prioritisation: Efficiency improves significantly when vulnerability management incorporates Known Exploited Vulnerabilities (KEVs).
  • Pre-rehearsed Remediation Runbooks:Ensure every team knows their role, streamlining responses, minimising time wastage.

A Global Perspective

The Geopolitical Impact

India's groundbreaking move sets a precedent; eyes in the EU, UK, and US are already turning towards it. This blueprint's success will resonate beyond borders—particularly as jurisdictions like NCSC and CISA begin to adopt similar frameworks to counter the shared threat of AI-accelerated attacks.

Future-Proofing Through EASM

What does this mean for exposure management teams? It signals the urgency to evolve and build capabilities before regulators mandate change. Smart EASM and vulnerability management leaders should integrate these strategies preemptively.

Conclusion

The CERT-In's aggressive timeline is not merely an Indian anomaly; it is a harbinger of universal transformation. By repositioning patching practices to meet AI-enhanced threats, organisations can safeguard their future in a digitally volatile world.

Stay ahead by embracing this future-driven perspective today. Integrate continuous discovery, automation, and agile team responses with DarkInvader's solutions, setting your organisation as a leader in cybersecurity best practices.

As the digital landscape evolves, so too must our defences. Adapt and thrive by treating CERT-In's blueprint not as an oncoming burden but as an opportunity for resilience.

FAQ

What is CERT-In?

CERT-In is India's national cybersecurity agency responsible for protecting the country's cyber infrastructure.

Why is a 12-hour patching mandate significant?

It's the most rapid patching SLAs globally, acknowledging the swift pace of AI-driven cyberattacks.

How can my organisation meet this stringent deadline?

Adopt continuous asset discovery and automated prioritisation, and streamline response with rehearsed workflows.

Is this mandate likely to influence global cyber strategies?

Yes. With leading geopolitical entities observing, similar mandates will likely emerge internationally.

By transforming your vulnerability management approach aligned with CERT-In's foresight, you embrace inevitable regulatory evolution proactively.

Blog Categories

All
News & Releases
EASM
Security Strategies
Cybercrime
OSINT
AI Threats
Dark Web

Blog Tags

AI
Attack Surface Management
Brand Protection
Compliance
Credential Theft
Crypto Crime
Cyber War
Dark Web
Dark Web Monitoring
Data Breach
Deepfakes
Digital Identity
Domain Security
DORA
EASM
Executive Protection
Exposed Assets
Extortion
Fake Websites
GDPR
I2P
Malware
Marketplaces & Forums
OSINT
Phishing
Privacy
Ransomware
Social Media Risk
Supply Chain Risk
Telegram
Threat Intelligence
Tor
Typosquatting
Vulnerability Management
Website Takedowns
Zero Trust
Andrew Mason

Andrew is an entrepreneur and technology leader with a strong track record of building, scaling, and exiting high-growth technology businesses. He is the founder of several award-winning companies including RandomStorm, Data Protection People, RapidSpike, Pentest People, and DarkInvader, each operating at the forefront of cybersecurity, risk management, and digital resilience. Across these ventures, Andrew has consistently focused on creating commercially successful businesses grounded in deep technical capability and clear market need.

Sign Up for Your Free Account

Unlock full visibility of your external attack surface with DarkInvader’s continuous, real-time monitoring. Create your free account to discover unknown assets, detect emerging risks and stay ahead of potential threats before attackers can exploit them.

Create My Free Account

Platform Features

Asset DiscoveryAsset MonitoringVulnerability ScanningDark Web MonitoringTelegram MonitoringPeople Monitoring
Leaked CredentialsOSINT MonitoringDNS MonitoringBrand MonitoringVIP MonitoringResearch TeamGlobal Threat Intelligence
Website TakedownsNyx, AI Security ConsultantManagement ReportsThird-Party IntegrationsClient-Facing APISupplier Risk Management

Company

AboutPartnersPlansContact

Resources

Privacy PolicyFAQBlog

Platform 7D, New Station Street, Leeds,
LS1 4BT, United Kingdom

©2026 DarkInvader, All Rights Reserved