CERT-In Unveils New Cybersecurity Blueprint to Counter AI-Powered Threats

India’s cybersecurity agency CERT-In has released a comprehensive new framework aimed at protecting organisations from rapidly evolving AI-assisted cyber attacks. The 38-page blueprint highlights how advancements in artificial intelligence, including generative AI models, autonomous agents, and automation platforms, are drastically reducing the time required for hackers to identify and exploit vulnerabilities. CERT-In has advised organisations to patch internet-facing and critical systems within 12 hours of identifying vulnerabilities wherever possible. The agency also recommended faster mitigation timelines for high-risk and high-value systems to strengthen cyber resilience.

The framework warns that AI-powered cyber threats are becoming increasingly sophisticated, with attackers now capable of automating reconnaissance, vulnerability discovery, phishing campaigns, malware creation, and deepfake-enabled fraud at an unprecedented scale. CERT-In stressed that traditional static cybersecurity models are no longer sufficient and urged organisations to adopt adaptive AI-driven defence mechanisms. Key recommendations include implementing Zero Trust security architecture, multi-factor authentication, privileged access management, micro-segmentation, continuous monitoring, and regular Red Team security audits. The agency also reiterated the mandatory requirement for organisations to report cyber incidents within six hours while encouraging the use of advanced auditing and software transparency mechanisms such as SBOM, AIBOM, QBOM, and CBOM.