India's Computer Emergency Response Team (CERT-In) has issued new cybersecurity guidelines that will require technology vendors to adopt AI-assisted security testing, disclose critical vulnerabilities immediately, and significantly accelerate patch deployment across the country's digital ecosystem, according to a report by Business Today.
The framework applies to OEMs, software vendors, cloud service providers, managed service providers, and other technology suppliers operating in India. The move comes as cyber threats increasingly evolve with artificial intelligence, enabling attackers to identify vulnerabilities faster, automate reconnaissance, and scale exploitation with greater precision.
Key Requirements of the CERT-In Framework
The new guidelines impose several mandatory requirements on technology vendors:
- AI-assisted security testing: Vendors must integrate AI tools into their security testing processes to keep pace with AI-accelerated attacks.
- Immediate disclosure of critical vulnerabilities: Any critical flaw must be reported to CERT-In without delay.
- Faster patch deployment: Vendors must significantly reduce the time between vulnerability discovery and patch release.
Industry Reaction
Sunil Sharma, managing director and vice president-sales (India & Saarc) at Sophos, commented, "The direction CERT-In has taken reflects what those of us in the cybersecurity industry have been seeing on the ground for a while now. Attackers are not waiting for vendors to get their house in order."
Atul Arya, founder and CEO of Blackstraw.AI, added, "This advisory solves the immediate problem well, faster patching and real visibility into what organisations are running is exactly what's needed against AI-accelerated attacks."
Supply-Chain Security Focus
A key focus of the framework is supply-chain security. Vendors will need to maintain detailed inventories of software, hardware, cryptographic tools, AI components, and third-party dependencies. This requirement aims to improve visibility across complex enterprise systems and reduce the risk of supply-chain attacks.
The guidelines come as organizations increasingly rely on a mix of first-party and third-party technology components, making it harder to track vulnerabilities without a comprehensive inventory.
Summary of CERT-In Requirements
| Requirement | Description |
|---|---|
| AI-assisted security testing | Use AI tools to find vulnerabilities faster |
| Immediate critical vulnerability disclosure | Report critical flaws to CERT-In immediately |
| Accelerated patch deployment | Reduce time to release patches after discovery |
| Supply-chain inventory | Maintain detailed list of software, hardware, cryptographic tools, AI components, and third-party dependencies |
For enterprise technology decision-makers, this framework signals a shift toward proactive, AI-driven security practices and stricter supply-chain oversight. Organizations that supply technology to India must now invest in automated testing tools and faster patch cycles to comply with the new mandates.
Sources:
