In its latest cybersecurity framework, the agency highlighted how technologies such as generative AI, large language models (LLMs), autonomous agents, and AI-driven automation tools are being increasingly utilized by cybercriminals to “speed up reconnaissance, automate vulnerability detection, create highly targeted phishing attacks, develop adaptive malware, and improve the scale and speed of cyber assaults.
The blueprint indicates that AI-fueled cyber exploitation is significantly shortening the time attackers need to uncover vulnerabilities in systems, exposed services, insecure APIs, and weak digital identities.
“As organizations grow more reliant on interconnected digital infrastructure, cloud environments, software supply chains, operational technologies, and AI-enabled platforms, the potential ramifications of AI-powered cyber threats are escalating across various sectors,” CERT stated.
CERT-In has urged organizations to move past traditional perimeter-focused cybersecurity measures and adopt a more flexible and resilience-oriented strategy as AI-driven threats evolve.
It emphasized that companies should consistently scan their systems, monitor internet-exposed assets, evaluate cloud and API environments, and ensure vulnerabilities are adequately addressed post-detection. CERT-In also recommended that organizations prioritize risks based on their severity and potential for exploitation, particularly when they relate to critical systems or publicly exposed networks.
The agency proposed strict timelines for addressing vulnerabilities. According to the framework, critical issues affecting vital or internet-facing systems should be patched within 12 hours whenever possible, while other high-risk vulnerabilities should be managed within one to five days, depending on their severity.
If patches are unavailable, organizations are advised to temporarily isolate affected systems, restrict access, and enhance monitoring.
CERT-In also called for organizations to bolster the security of their software and digital supply chains. The agency suggested frameworks such as Software Bill of Materials (SBOM), AI Bill of Materials (AIBOM), Quantum Bill of Materials (QBOM), and Cryptographic Bill of Materials (CBOM).
These frameworks are intended to assist companies in identifying software dependencies, verifying sources, and minimizing risks associated with third-party technologies and AI tools.
The agency also pointed out the dangers associated with unchecked use of public AI platforms and large language models (LLMs). CERT-In advised organizations to implement safeguards to prevent manipulation of AI systems through harmful inputs and to monitor unauthorized or ‘shadow AI’ usage within their premises. It stressed that crucial AI-assisted decisions should continue to involve human oversight instead of being fully automated.
CERT-In further indicated that organizations must report cyber incidents within six hours. The framework also outlined a phased implementation plan, commencing with immediate risk mitigation measures and enforcing multi-factor authentication (MFA) in the first week.
The subsequent phase aims to enhance operations and upgrade Security Operations Centers (SOCs) within 8-30 days, while the final stage includes advanced resilience testing and red team simulations within 31-60 days.
