CERT-In’s New AI Cybersecurity Blueprint Sends a Clear Message: Annual Security Assessments Are No Longer Enough

The Indian Computer Emergency Response Team (CERT-In) has released one of its strongest cybersecurity advisories to date, warning organisations that artificial intelligence is fundamentally changing how cyberattacks are executed.

The newly released 38-page blueprint highlights a reality that security teams are already experiencing: attack timelines are collapsing.

What previously took threat actors days or weeks can now be achieved in hours using AI-powered reconnaissance, automated vulnerability discovery, phishing generation, exploit development, malware creation, and attack orchestration.

For organisations across BFSI, healthcare, manufacturing, retail, SaaS, and critical infrastructure, the message is clear:

Traditional security approaches are struggling to keep pace with AI-powered adversaries.

The Rise of Machine-Speed Attacks

According to CERT-In, threat actors are increasingly leveraging generative AI, large language models (LLMs), autonomous agents, and AI-powered automation platforms to accelerate the attack lifecycle.

Attackers can now:

• Discover exposed assets faster

• Identify vulnerabilities at scale

• Generate convincing phishing campaigns

• Automate exploitation attempts

• Develop adaptive malware

• Execute attacks with minimal human intervention

This shift dramatically reduces the window between vulnerability discovery and active exploitation.

In practical terms, organisations may no longer have weeks to respond.

They may only have hours.

Why CERT-In Is Recommending 12-Hour Remediation

One of the most significant recommendations in the blueprint is the expectation that known exploited vulnerabilities affecting internet-facing critical systems should be patched, mitigated, or isolated within 12 hours wherever feasible.

This recommendation represents a major shift from traditional vulnerability management practices.

Many organisations still operate on:

• Quarterly VAPT cycles

• Annual penetration tests

• Compliance-driven audits

• Periodic security reviews

While these exercises remain valuable, they are not designed to address vulnerabilities that can be weaponised within hours.

The threat landscape has evolved.

Security operations must evolve with it.

Continuous Vulnerability Assessment Becomes a Business Requirement

For years, cybersecurity programs have largely focused on identifying vulnerabilities during scheduled assessments.

AI changes this equation.

If attackers are continuously scanning, continuously analysing, and continuously exploiting, then organisations must adopt a similar mindset.

This is where Continuous Vulnerability Assessment becomes critical.

Instead of waiting for the next audit cycle, organisations need the ability to:

• Continuously discover internet-facing assets

• Identify newly introduced exposures

• Detect misconfigurations in real time

• Validate remediation efforts

• Prioritise exploitable vulnerabilities

• Reduce attacker dwell time

Security can no longer be treated as a point-in-time activity.

It must become an ongoing operational process.

AI Systems Are Now Targets Too

The CERT-In blueprint also highlights risks specific to AI deployments.

As enterprises increasingly integrate AI into business workflows, customer interactions, analytics platforms, and internal operations, AI systems themselves become attack surfaces.

Emerging risks include:

1. Prompt injection attacks

2. Model manipulation

3. Training data poisoning

4. Sensitive data leakage

5. Model theft

6. AI workflow compromise

7. Orchestration pipeline attacks

Many organisations are deploying AI faster than they are securing it.

This creates new opportunities for attackers and new responsibilities for security teams.

The Shift Toward Zero Trust and Exposure Management

CERT-In's guidance strongly emphasizes:

1. Zero Trust architectures

2. Continuous monitoring

3. Rapid detection and containment

4. Defense-in-depth strategies

5. Continuous exposure management

6. Secure-by-design development

This reflects a broader global trend.

The focus is no longer just preventing breaches.

The focus is reducing exposure, detecting compromise faster, and limiting impact when incidents occur.

What Organisations Should Do Next

Security leaders should immediately evaluate:

Asset Visibility

Do you know every internet-facing asset connected to your organisation?

Exposure Monitoring

Can newly introduced vulnerabilities be identified within hours rather than weeks?

Remediation Speed

Can critical vulnerabilities be addressed within the timelines now being recommended?

AI Security Readiness

Are AI applications, models, and integrations being assessed for emerging AI-specific attack vectors?

Continuous Validation

Can security controls be continuously tested and verified?

These questions will increasingly determine cyber resilience in an AI-driven threat landscape.

Final Thoughts

CERT-In's latest blueprint is not simply another advisory.

It is a recognition that cyberattacks are entering a new era where automation, AI, and machine-speed exploitation are changing the rules of defense.

Organisations that continue relying solely on periodic assessments and compliance-driven reviews will find it increasingly difficult to keep pace.

The future belongs to organisations that embrace continuous visibility, continuous validation, and continuous vulnerability assessment.

As AI accelerates offensive capabilities, cybersecurity must become equally continuous, adaptive, and proactive.

The attack surface never sleeps.

Your security program shouldn't either.

How Com Olho Helps

Com Olho enables organisations to move beyond periodic security assessments through Continuous Vulnerability Assessment, Crowdsourced Security Testing, Attack Surface Discovery, AI Security Testing, and Vulnerability Validation.

By combining human expertise, security researchers, and AI-assisted workflows, organisations gain continuous visibility into evolving risks before attackers can exploit them.