India's national cybersecurity agency is pushing enterprises to abandon traditional periodic security checks and shift to round-the-clock monitoring as artificial intelligence enables attackers to weaponize vulnerabilities in hours instead of days. The Indian Computer Emergency Response Team (CERT-In) released a comprehensive blueprint warning that AI-assisted cyber exploitation is compressing the gap between vulnerability discovery and active attacks, forcing organizations to rethink their entire defense strategy.

How Is AI Changing the Speed of Cyberattacks?

The acceleration is dramatic. CERT-In identified automated reconnaissance, vulnerability identification, exploit generation, and chained exploit execution as key risks emerging from AI-assisted cyber operations. What once took weeks of manual work by skilled attackers now happens in hours through AI automation. The agency warned that AI is "lowering the barrier for cybercrime" by allowing less-skilled actors to launch sophisticated attacks at scale.

This speed increase is reshaping how organizations must respond. CERT-In mandated that internet-facing exploited vulnerabilities affecting critical systems should be patched, mitigated, or isolated "within 12 hours" where feasible, while critical externally exposed vulnerabilities should be addressed within one day. These timelines represent a fundamental shift from the traditional quarterly or monthly patch cycles many enterprises still rely on.

What Specific AI-Powered Threats Are Organizations Facing?

The threats span multiple attack vectors. CERT-In identified deepfake voice and video fraud, hyper-personalized phishing, and executive impersonation attacks as growing enterprise risks as generative AI tools become more accessible. The agency noted that AI-generated malware, automated scripting, and semi-autonomous attack execution workflows can operate at a larger scale than traditional attacks.

A World Economic Forum report reinforces this concern, finding that 94% of organizations now identify AI as the most significant force reshaping cyber risks in 2026, while 87% flagged AI vulnerabilities as the fastest-growing cyber threat. The shift in executive priorities is striking: while chief information security officers (CISOs) still rank ransomware as their top concern, chief executive officers (CEOs) now rank cyber-enabled fraud and phishing as their biggest fear, overtaking ransomware for the first time.

The human impact is substantial. According to the World Economic Forum survey, 73% of respondents said they or someone in their professional or personal network had been affected by cyber-enabled fraud. Among common attack types, phishing, vishing (voice phishing), and smishing (SMS phishing) attacks were the most common, impacting 62% of respondents, followed by payment fraud at 37% and identity theft at 32%.

Steps to Strengthen AI-Aware Cybersecurity Operations

CERT-In outlined a comprehensive approach to defending against AI-assisted threats. Organizations should implement the following measures:

• Continuous Exposure Management: Shift from periodic assessments to real-time monitoring and validation of security controls, with rapid remediation of identified vulnerabilities within strict timelines.
• AI Governance and Visibility: Establish governance structures, maintain visibility into AI systems and integrations, monitor AI APIs, and define approval mechanisms for AI deployments to prevent unauthorized or shadow AI usage.
• Identity-First Security Models: Implement continuous verification, least-privilege access, and stronger access governance, moving away from perimeter-centric approaches that assume a trusted internal network.
• Behavior-Based Monitoring and Threat Hunting: Strengthen detection capabilities through telemetry correlation, behavioral analytics, deepfake detection readiness, and cloud and AI incident handling capabilities.
• Continuous Validation Through Adversarial Testing: Conduct red teaming, adversarial simulations, penetration testing, and AI security assessments, including prompt injection testing and AI API assessments.
• Supply Chain and Third-Party Assurance: Focus on dependency reviews and supply-chain validation as part of cybersecurity operations, given that vulnerabilities in a single component can propagate across enterprise environments.

CERT-In outlined a phased implementation roadmap. The first phase, spanning seven days, focuses on foundational governance and exposure reduction measures. The second phase, within 30 days, emphasizes continuous monitoring, AI governance, and threat hunting capabilities. The final phase concentrates on adversarial simulations, automation-assisted defense operations, continuous control validation, and AI security testing.

The agency also called for an "assume breach" approach, where organizations prepare for rapid detection, containment, and recovery from compromise scenarios through continuous monitoring, segmentation, telemetry, rapid incident response mechanisms, and breach simulations.

Why Are Organizations Struggling to Keep Up?

Despite growing awareness, many organizations lack the necessary controls. The World Economic Forum found that the share of organizations assessing the security of AI tools before deployment almost doubled from 37% in 2025 to 64% in 2026, yet 29% of organizations still lacked any formal process to review AI security before deployment. This gap represents a significant vulnerability as enterprises rapidly adopt AI systems without adequate security vetting.

Data leaks associated with generative AI emerged as the top concern for 34% of respondents in 2026, up sharply from 22% in 2025, while 29% flagged the "advancement of adversarial capabilities" such as AI-enabled phishing, malware creation, and deepfakes as a risk. These concerns reflect the dual nature of AI in cybersecurity: the same tools that can defend systems can also be weaponized for attacks.

Geopolitical factors are amplifying the pressure. About 64% of organizations said geopolitically motivated cyberattacks now shaped their cyber risk mitigation strategies, while 91% of the world's largest organizations had altered cybersecurity strategies because of geopolitical volatility. Additionally, confidence in government cyber preparedness has weakened, with 31% of respondents lacking confidence in their country's ability to respond to major cyberattacks on critical infrastructure, up from 26% the previous year.

The public sector faces particular challenges. While 23% of public-sector organizations admitted insufficient cyber resilience, only 11% in the private sector made the same admission. This disparity is concerning given that critical infrastructure, government systems, and essential services depend on public-sector cybersecurity.

What Does This Mean for Enterprise Security Teams?

The shift toward continuous operations represents a fundamental change in how organizations must staff and structure their security teams. Traditional security operations centers (SOCs) that operate during business hours or rely on periodic vulnerability assessments are no longer sufficient. Organizations must invest in 24/7 monitoring, automation-assisted defense operations, and AI-aware security capabilities.

CERT-In emphasized that organizations should strengthen "behaviour-based monitoring, threat hunting and continuous detection capabilities" as attackers increasingly use automation and AI-assisted techniques to evade traditional security controls. This requires not just technology investments but also talent development and process redesign.

The interconnected nature of modern digital infrastructure amplifies risk. CERT-In warned that increasing dependence on cloud platforms, software supply chains, APIs, and third-party services is expanding enterprise attack surfaces and creating cascading risk across interconnected digital ecosystems. A vulnerability in a single component or dependency can propagate across enterprise environments and impact multiple organizations, increasing pressure on enterprises, service providers, and channel partners managing multi-vendor infrastructure.

As AI-assisted attacks become faster, more automated, and increasingly scalable, organizations are expected to continuously monitor, validate, and reduce exposure. The era of periodic security assessments and reactive incident response is ending. The future of cybersecurity belongs to those who can operate continuously, adapt rapidly, and validate their defenses against AI-assisted adversaries.