The Indian government is urging all ministries, states, union territories, and key financial regulators to tighten cybersecurity defenses and review digital vulnerabilities in light of AI-driven threats.

CERT-In has prepared a cybersecurity blueprint that underpins the advisory and will guide implementation across government and regulators.

Organizations are instructed to adopt CERT-In's blueprint with a focus on continuous monitoring, proactive exposure management, and rapid threat identification and containment rather than relying on periodic assessments.

Authorities are told to circulate CERT-In's guidelines to OEMs and technology vendors, mandating routine security assessments of products, up-to-date SBOMs, prompt disclosure of critical vulnerabilities, and swift security patches.

Vulnerabilities in internet-facing and critical systems should be fixed within 12 hours where feasible, with serious externally exposed flaws addressed within a day.

The guidance is designed to address the evolving global cybersecurity landscape and reduce exposure to AI-enabled threats.

MeitY highlights rapid AI advancements, including generative AI, large language models, autonomous agents, and AI-based automation, as transforming the cybersecurity landscape and raising risk to digital infrastructure, with attackers able to move faster and become more sophisticated.

The measures aim to strengthen India's digital infrastructure and bolster preparedness against AI-enabled cyber threats, while raising security standards across technology providers and public institutions.

The notice has been circulated to Secretaries of all central ministries, chief secretaries of states and UTs, and regulators such as RBI, SEBI, NABARD, IRDAI, and the Central Electricity Authority.