CERT-In AI Blueprint: Why Indian CISOs Need Machine-Speed Risk Operations

A Qualys India perspective on CERT-In’s blueprint, the post-Mythos threat landscape India faces, and why the operating model needs to change. 

What happens when access to a frontier AI model disappears overnight?

On June 12, 2026, Anthropic received a US export control directive, which required it to suspend access to Fable 5 and Mythos 5 for all foreign nationals, including its own employees. Both models were disabled worldwide.

For Indian CISOs, the signal was clear: a foreign government judged this class of AI cyber capability serious enough to control. But the underlying cybersecurity threat did not disappear. Anthropic stated that comparable capability already exists in publicly accessible models, such as GPT-5.5, and the UK AI Security Institute found GPT-5.5 statistically tied with Mythos Preview on expert cyber benchmarks.

India lost some defensive access when Mythos was suspended. Attackers did not lose the capability. Autonomous, expert-level vulnerability discovery and exploitation remain available through unrestricted public models and leaked models circulating on the dark web.

CERT-In saw this coming. It’s May 25, 2026, the “Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure” calls for 12-hour remediation, continuous validation with evidence of closure, AI governance, and India-resident log retention.

The question is whether current security operating models can meet it.

The End of Linear Cyber Risk: Why Mythos-Class AI Changes the Vulnerability Equation 

Mythos-class AI is not a faster version of a traditional vulnerability scanner. Traditional scanners match software version strings against CVE databases. They are, at their core, pattern-matching engines: they find what is already known to be vulnerable and tell you about it.

Mythos represents a genuine inflection point in cybersecurity. It can read code, form hypotheses, run software, debug failures, and produce working exploits. The model identified thousands of high and critical-severity vulnerabilities. Of 198 findings reviewed by professional security contractors, 89% received the same severity rating the model had assigned, and 98% were within one severity level. 

But what caught the industry’s attention were the vulnerabilities Mythos uncovered:

• A 27-year-old denial-of-service vulnerability in OpenBSD’s TCP SACK implementation.
• A 17-year-old remote code execution flaw in FreeBSD’s NFS server.
• A 16-year-old out-of-bounds write in FFmpeg’s H.264 codec.

For India, the decisive point is that GPT-5.5 remains generally available. Anthropic has publicly estimated that comparable capability will reach open-source models on a horizon of roughly 12-18 months. Forecasts like that are uncertain by nature, but the direction is not. When that diffusion happens, the access-control problem disappears entirely. Any actor with a capable GPU cluster can run the same class of reasoning that is currently finding critical vulnerabilities across global software infrastructure.

Between 2021 and mid-2025, India recorded 2M+ cybersecurity incidents, according to CERT-In’s reported figures. This served as the baseline before Mythos-class capability existed.

The trajectory from here is not linear.

India’s Threat Reality: What the Data Actually Shows 

Indian security teams have the data. What is missing is the operating urgency. Across 2025 and mid-2026, the pattern is clear: ransomware-as-a-service victim counts are rising, vendor portals and supply-chain access are becoming preferred entry points into BFSI, DDoS campaigns are targeting power, telecom, and government portals, and APT groups are using MSI installers, DLL sideloading, and open-source RATs against defence establishments and critical infrastructure. The hardest-hit sectors remain banking, finance, healthcare, and hospitality.

Most successful attacks are not exotic zero-days. They exploit known vulnerabilities, unpatched systems, cloud misconfigurations, and vendor-portal access paths. Mythos-class AI changes the speed and scale at which those weaknesses can be found and weaponized.

The economics are unambiguous. IBM put India’s average breach cost at ₹22 crore and the breach lifecycle at 263 days. Shadow AI was among the top three cost drivers, adding ₹1.79 crore to the average breach. Yet only 42% of Indian organizations reported having any policy to manage AI or detect Shadow AI use.

That now collides with 12-hour vulnerability containment, India’s CERT-In mandate sets, 6-hour incident reporting, RBI and SEBI obligations, DPDP breach notification, and potential penalties up to ₹250 crore.

The point is not that any single fine is imminent. The point is that a 263-day average detection-and-containment lifecycle is colliding with a regulatory environment that increasingly expects responses measured in hours, coinciding with an attacker capability that now compresses discovery-to-exploitation into the same timeframe.

The CERT-In blueprint 2026, which Indian CISOs must now operationalize, covers nine areas, fourteen sections, and a three-phase implementation roadmap. The real shift is not in the summary, but in Section 9’s remediation expectations.

Its indicative expectations are: 

• Known exploited vulnerabilities on internet-facing and crown-jewel systems: contain, patch, or mitigate within 12 hours 
• Critical externally exposed vulnerabilities: within 1 day 
• Known exploited vulnerabilities on internal systems: within 1 day 
• Critical internal vulnerabilities on high-value systems: within 3 days 
• High-severity vulnerabilities: within 5 days, based on risk prioritization 
• Where no patch is available: deploy temporary mitigations (isolation, access restriction, WAF/API protection, enhanced monitoring, or feature disablement) until a fix exists

Consider what 12 hours means operationally. A vulnerability surfaces on an internet-facing system at 9 AM; CERT-In expects the exploit path to be closed, or a documented compensating control to be in place, by 9 PM the same day. For organizations whose change advisory board meets weekly and whose patch cycle runs two to four weeks from discovery to deployment, even the 12-hour bar is structurally out of reach. That breaks the old operating model.

CERT-In also requires cyber incidents to be reported within six hours, which makes delayed detection and slow escalation a compliance risk. The blueprint is built on four defensive principles: assume breach, zero trust, defense-in-depth, and continuous exposure management. In practice, that means continuous monitoring, segmentation, telemetry, breach simulation, MFA, PAM, conditional access, micro-segmentation, layered controls across infrastructure, applications, identities, cloud, AI systems, and continuous validation that remediation actually worked.

The AI-governance requirements are equally significant: usage policies, approval workflows, AI inventories, shadow AI monitoring, and guardrails for agentic AI.

The blueprint calls for layered, risk-based, and continuously validated controls. The question now is whether the attack path was actually closed and whether you can demonstrate it.

The Operating Model Shift: From Human-Speed to Machine-Speed Risk Operations 

Qualys’ post-Mythos position is simple: teams are not failing from lack of effort; the scan, score, ticket, remediate, verify model is too slow. KEV volume grew 6.5x in four years, CVEs reached 48,177 in 2025, and time-to-exploit has hit minus seven days, meaning attackers are exploiting some flaws before patches exist. Human-speed vulnerability management cannot handle frontier-AI disclosure volumes. Weekly scans, manual triage, tickets, and maintenance window patching were built for slower exploit cycles.

The post-Mythos environment and CERT-In blueprint point to a Qualys Risk Operations Center (ROC) for CERT-In compliance: a closed-loop Risk Operations Center that runs detection, prioritization, remediation, and validated closure continuously at machine speed, while humans set policy and govern risk instead of manually executing every action.

• Detect – Scan your full stack (cloud, on-premises, containers, mobile, OT, and IBM zSystems mainframe) continuously, at Six Sigma accuracy. Nothing in the estate is invisible.
• Prioritize – Fuse CVSS, EPSS, CISA KEV, live threat-actor activity, and business-asset criticality to surface the under-1% of findings that are weaponized and reachable. The queue holds confirmed risk, not theoretical noise.
• Validate – Run production-safe exploit-chain testing to prove the attack path is genuinely open in your environment, given your deployed controls. Action is taken on proof, not probability.
• Remediate – Close the path autonomously: patch with AI reliability scoring, deploy patchless mitigation, or isolate the asset (with or without a vendor fix). The window of exposure closes at machine speed.
• Prove – Re-run the identical exploit chain to confirm closure, and generate validated, audit-ready evidence mapped to the regulator’s requirement. The auditor gets proof that the path is closed.

The SLA that matters is not ticket closure. It is confirmed exploit-path closure, with risk quantified, trended, and proven down. That is regulatory alignment. 

The Four Pillars of Operating Model Shift 

Pillar 1: AI-Speed Detection

You cannot defend an attack surface you cannot see at the speed it changes. A Risk Operations Center begins with continuous asset discovery and detection across cloud, on-premises, containers, mobile, OT, and IBM z/OS mainframe systems. Six Sigma detection accuracy backs it, delivering critical or zero-day signatures in hours. Qualys provides this foundation, but detection is only the first filter. Real-Time Threat Indicators, such as actively exploited, wormable, predicted high-risk, and CISA KEV, help surface the vulnerabilities most likely to be weaponized. 

Pillar 2: Hyper-Prioritization

Detection without prioritization only moves the bottleneck. The question is not what is vulnerable, but what is exploitable in your environment right now. 

• TruRisk combines CVSS, EPSS, CISA KEV, live threat-actor activity, and business criticality into a weighted risk score.
• TruLens adds dark-web signals, ransomware-group tracking, and peer benchmarks to show whether actors targeting your sector are weaponizing the issue.
• TruConfirm moves prioritization from theory to proof. Embedded in Qualys ETM, it validates the actual exploit chain safely in production to produce binary evidence of exploitability – whether an exposure is actually exploitable or already blocked by controls such as WAF rules, inactive services, or segmentation. It follows the attacker’s entry path but replaces destructive payloads with safe verification through direct-response validation, cryptographic checks, or out-of-band callbacks. No exfiltration, persistence, disk writes, or disruption. TruConfirm has performed more than 8 million + validations across 1,700+ CVEs to date.
• Agent Val, the agentic-AI layer inside ETM, orchestrates the workflow: select, validate, prioritize, remediate, and revalidate. It continuously decides what to validate next by attacker relevance and business impact. Findings close only when the exploit path is retested and blocked, reducing remediation noise and improving time-to-remediate by roughly 70%.

Pillar 3: Autonomous Remediation

TruRisk Eliminate closes the loop at machine speed through patching, patchless mitigation, and isolation. 

• For patching, Patch Management uses an AI Patch Reliability Score to predict production impact before deployment, then rolls out patches in phased waves with automatic rollback. More than 150 million patches were deployed in the past year, including 40 million fully autonomous deployments, with a rollback rate below 0.1%.
• For vendor-locked, legacy, or OT systems where patching inside 12 hours is unrealistic, TruRisk Mitigate applies compensating controls such as WAF rules, service disablement, port blocking, and configuration changes.
• TruRisk Isolate can quarantine high-risk assets at the network level in minutes.
• Qflow automates multi-step decisions, such as applying mitigations for CISA KEVs when patches are unavailable and restoring access only after risk is closed. 

Pillar 4: Cyber Risk Quantification

The first three pillars reduce risk. The fourth makes that reduction measurable, defensible, and board ready.

An ROC measures posture through a TruRisk Score from 0 to 1000 across assets, business units, and the enterprise. It also tracks Average Window of Exposure: how long a known, weaponized risk remains open. Leaders can translate that exposure into financial terms relative to India’s average breach cost of ₹22 crore. The result is clear evidence for CFOs, CROs, auditors, and regulators: current risk, trend, closure proof, and accountable targets. 

The Conclusion CERT-In Already Reached 

CERT-In calls for adaptive, intelligence-driven, continuously validated, resilience-oriented security, not static controls or annual assessments. That is the operating model Mythos-class AI makes necessary: closed-loop detection, prioritization, remediation, and proof at threat speed. An export-control directive did not neutralize the risk. It confirmed the capability is serious, diffusing, and moving toward broader availability. CERT-In saw this in May. Indian organizations must now prove they can operate at that speed. 

Close the gap between human-scale operations and machine-speed attacks.

See how your organization measures up against CERT-In’s AI vulnerability blueprint, and where your current operating model may fall short. 

Frequently Asked Questions

What does CERT-In’s 2026 blueprint actually require for vulnerability remediation timelines?

Known exploited vulnerabilities on internet-facing systems must be contained within 12 hours. Critical internal vulnerabilities get 3 days. The standard is confirmed exploit-path closure with audit-ready evidence — not ticket submission.

How does AI-assisted vulnerability exploitation change the threat landscape for Indian organizations?

Models like Mythos autonomously discover working exploits, including vulnerabilities sitting undetected for 27 years. GPT-5.5 matches that capability and remains publicly accessible. Offensive AI didn’t disappear when Mythos was restricted.

What is India’s average breach cost and why does the 263-day breach lifecycle matter?

IBM puts India’s average breach at ₹22 crore across a 263-day lifecycle. CERT-In now expects 12-hour containment. That gap isn’t a performance problem — at current regulatory velocity, it’s a liability.

What is a Risk Operations Center and how does it address CERT-In’s requirements?

A ROC is a closed-loop system running detection, prioritization, remediation, and validated closure at machine speed. It replaces manual triage with continuous, evidence-backed operations built for 12-hour SLAs, not weekly patch cycles.

What counts as proof of compliance under CERT-In’s 2026 AI vulnerability blueprint?

CERT-In requires continuously validated controls with evidence that the exploit path is actually closed — not tickets or static documentation. Proof means production-safe exploit retesting, mapped to the specific requirement, audit-ready.