Logo
FrontierNews.ai

India's 60-Day Cybersecurity Sprint: Why AI-Speed Attacks Demand Machine-Speed Defenses

India has issued a sweeping 60-day cybersecurity directive requiring organizations to shift from slow, reactive defenses to rapid, AI-powered responses against machine-speed attacks. The Indian government's Ministry of Electronics and Information Technology (MeitY) released a comprehensive framework in late June 2026 that fundamentally reshapes how the nation's critical infrastructure must defend itself against artificial intelligence-assisted cyberattacks. The directive signals a stark reality: traditional security approaches are no longer sufficient when attackers can weaponize vulnerabilities at machine speed.

What Makes AI-Driven Cyberattacks Different From Traditional Threats?

The new blueprint, developed by India's Computer Emergency Response Team (CERT-In), identifies a chilling paradigm shift in the cyber threat landscape. Artificial intelligence technologies, including generative AI, large language models (LLMs), and autonomous agents, are enabling threat actors to automate reconnaissance, weaponize vulnerabilities at machine speed, and launch highly personalized, deepfake-enabled social engineering campaigns. The days of human hackers manually probing firewalls are effectively over. Today's cyber battlefield is AI versus AI, with autonomous agents capable of launching attacks faster than human defenders can respond.

This acceleration has compressed response windows dramatically. Organizations can no longer afford the luxury of days or weeks to patch vulnerabilities. The blueprint reflects this reality by setting aggressive remediation deadlines that would have seemed impossible just a few years ago. Vulnerabilities in internet-facing critical systems that are already being exploited must be contained or patched within 12 hours. Critical external vulnerabilities must be addressed within one day, and high-severity vulnerabilities within five days.

How Should Organizations Implement the New Cybersecurity Requirements?

The CERT-In blueprint mandates a phased, risk-based implementation over 60 days, broken into three distinct phases that organizations must follow:

  • Phase I (Days 0-7): Immediate risk reduction, including identifying critical assets, enforcing multi-factor authentication (MFA), and patching known exploited vulnerabilities to establish a baseline defense posture.
  • Phase II (Days 8-30): Operational strengthening through AI governance inventories and behavior-based threat hunting to understand and monitor AI systems within the organization.
  • Phase III (Days 31-60): Advanced resilience testing, such as red teaming and adversarial AI simulations to validate that defenses can withstand sophisticated attacks.

Beyond these phases, the directive requires organizations to transition from periodic compliance checks to continuous validation and adaptive defense. This represents a fundamental shift in security philosophy, moving from a static, perimeter-based approach to a dynamic, threat-informed defense doctrine.

Why Must Organizations Secure AI Systems Themselves?

A critical insight in the blueprint is that AI systems are not just tools for attackers; they are also targets. The framework dedicates significant focus to securing enterprise AI against multiple threat vectors. Organizations must defend against prompt injection attacks, where malicious inputs manipulate AI model behavior; model manipulation, where attackers alter the AI's decision-making; and training data poisoning, where attackers corrupt the data used to train AI systems. The directive also calls for strict governance over "Agentic AI" systems, requiring human oversight, operational boundaries, and emergency shutdown mechanisms for autonomous operations.

This dual focus reflects a maturation in cybersecurity thinking. Defenders must now protect both against AI-powered attacks and the AI systems they deploy for defense. The blueprint emphasizes that securing the AI itself is as critical as using AI to defend against threats.

What Role Does Supply Chain Transparency Play in the New Framework?

To secure the digital supply chain, the directive pushes for widespread adoption of extended Bill of Materials (xBOM) frameworks. Organizations and original equipment manufacturers (OEMs) are urged to maintain four types of bills of materials: Software (SBOM), AI (AIBOM), Quantum (QBOM), and Cryptographic (CBOM) bills of materials. This ensures complete visibility into software dependencies, AI model provenance, and third-party risks. By understanding exactly what components and models are embedded in their systems, organizations can identify vulnerabilities and manage supply chain risks more effectively.

The emphasis on supply chain transparency reflects lessons learned from recent cyberattacks that exploited vulnerabilities in third-party software and services. By requiring detailed documentation of all components, the framework aims to prevent attackers from using hidden dependencies as entry points.

How Are Security Operations Centers Evolving to Meet These Threats?

The blueprint calls for the modernization of Security Operations Centers (SOCs) into what it terms "Agentic SOCs" that leverage AI-assisted defensive operations. Traditional signature-based detection methods, which look for known patterns of malicious code, are now obsolete against AI-generated malware and adaptive evasion techniques. Instead, the new approach emphasizes behavioral analytics and anomaly detection, which can identify unusual patterns even when attackers use novel techniques.

This shift means that security teams must increasingly think like machine learning experts, understanding how AI systems behave and how to detect when that behavior deviates from normal patterns. The modernization of SOCs is not optional; it is a requirement for organizations to keep pace with AI-powered attacks.

The directive also reiterates India's stringent incident reporting norms, requiring organizations to report cyber incidents to CERT-In within six hours of detection, complete with mechanisms for deepfake detection and AI-specific incident handling. This rapid reporting requirement ensures that the government can track emerging threats and coordinate responses across critical sectors.

What Are the Real-World Implications for Critical Infrastructure?

With critical sectors like finance, healthcare, energy, and digital public infrastructure in the crosshairs of AI-powered attackers, the new blueprint asserts that traditional static security approaches are no longer sufficient. The mandate is clear: if defenders are not fighting bots with bots and shrinking remediation from days to mere hours, they are already compromised. As exploitation timelines shrink and attacks become increasingly autonomous, India is mandating a threat-informed defense doctrine that matches the speed and sophistication of modern attacks.

The 60-day timeline is intentionally aggressive. It reflects the government's assessment that the window for implementing these changes is rapidly closing. Organizations that fail to meet these deadlines risk becoming vulnerable to the next generation of AI-powered cyberattacks. The blueprint is not a suggestion; it is a directive to all central ministries, departments, state governments, and regulatory bodies, making it effectively mandatory for India's critical infrastructure.

" }