India's CERT-In demands shift to continuous cyber operations as AI accelerates attacks
India's cybersecurity agency CERT-In is pushing enterprises to abandon periodic security checks in favor of continuous monitoring and rapid response. The agency released a blueprint this week outlining how AI-assisted attacks are compressing the time between vulnerability discovery and exploitation, making traditional defenses obsolete.
CERT-In said organisations should move away from perimeter-led and periodic security approaches. Instead, teams need continuous exposure management, real-time monitoring and immediate validation of security controls.
Patch critical vulnerabilities within hours, not days
The agency set specific timelines for remediation. Internet-facing vulnerabilities affecting critical systems should be patched, mitigated or isolated within 12 hours where feasible. Critical externally exposed vulnerabilities require action within one day.
This compressed timeline reflects a hard reality: AI tools automate reconnaissance, vulnerability identification and exploit generation at scale. Less-skilled attackers can now launch sophisticated campaigns that would have required specialised knowledge months ago.
AI lowers barriers to entry for cybercriminals
CERT-In identified several AI-driven attack vectors gaining traction. Automated vulnerability scanning, chained exploit execution and semi-autonomous attack workflows operate at larger scale than traditional attacks. Generative AI tools are making phishing harder to detect through deepfake voice and video, hyper-personalised messaging and executive impersonation.
Security teams face operational pressure from the volume and speed of these attacks. CERT-In said organisations should strengthen behaviour-based monitoring, threat hunting and continuous detection to catch attackers using automation and AI techniques that evade traditional controls.
Identity-first security and breach assumptions
CERT-In pushed organisations toward identity-first security models with continuous verification and least-privilege access. The agency also recommended assuming breach scenarios and focusing on reducing detection and containment timelines rather than relying solely on prevention.
This shift acknowledges that prevention alone fails. Speed of response becomes the differentiator when breaches occur.
Enterprise AI systems are now attack surfaces
Beyond defending against AI-assisted attacks, CERT-In flagged risks from enterprise AI adoption itself. Prompt injection, model manipulation, training data poisoning and insecure AI orchestration pipelines create new vulnerabilities. Shadow AI deployments and exposure of sensitive data through public AI platforms add operational risk.
Organisations need AI governance structures with visibility into AI systems and integrations. CERT-In called for approval mechanisms for AI deployments, tighter controls on sensitive data exposure in public AI systems and human validation of AI-generated outputs.
SOCs need AI-aware capabilities
Security operations centres should strengthen telemetry correlation, behavioural analytics and deepfake detection. Cloud and AI incident handling capabilities are now essential. CERT-In also recommended continuous validation of security posture through red teaming, adversarial simulations, penetration testing and AI security assessments including prompt injection testing and model integrity reviews.
Supply chain risk compounds the problem
CERT-In warned that increasing dependence on cloud platforms, software supply chains, APIs and third-party services expands attack surfaces. A vulnerability in a single dependency can propagate across enterprise environments and impact multiple organisations.
The agency outlined a phased implementation roadmap. Foundational governance and exposure reduction should happen within seven days. Continuous monitoring, AI governance and threat hunting capabilities follow within 30 days. The final phase focuses on adversarial simulations, automation-assisted defence and AI security testing.
Organisations now face a choice: invest in continuous operations today or manage the fallout from faster, automated attacks tomorrow. CERT-In's blueprint makes clear that the traditional approach-periodic assessments and perimeter defence-no longer works when attackers operate in minutes.
For operations teams, this means staffing for 24/7 monitoring, automating routine remediation tasks and building AI-aware detection into existing workflows. The shift is not optional.
Learn more about AI capabilities for cybersecurity analysts and AI for operations teams managing these new demands.
Your membership also unlocks:
