US shortens cyber fix window to three days as AI threats rise

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has significantly shortened the time government agencies have to address critical digital vulnerabilities, setting a new deadline of three days. This compressed timeline reflects growing concerns over the escalating threat posed by hackers leveraging artificial intelligence.

The directive mandates that civilian federal agencies must now fix, disable, or remove vulnerable software or equipment within three calendar days, depending on the severity of the threat. This rapid response is seen as crucial in the face of increasingly sophisticated cyberattacks. Many experts believe that advanced AI models are amplifying hackers' capabilities, enabling them to exploit digital weaknesses almost as soon as they are discovered.

CISA emphasized the need for immediate action to "harden American networks" and ensure that government policies for applying fixes are robust enough to keep pace with emerging threats. The agency acknowledged that the window for responding to cyber threats is potentially narrowing, necessitating a more aggressive approach to cybersecurity.

While the three-day deadline applies to the most serious categories of vulnerabilities, the directive still allows for longer response times for less severe weaknesses. For flaws that are not easily automated by cybercriminals or do not affect publicly exposed digital infrastructure, agencies have two weeks. The least serious category of flaw allows for up to two months for remediation. CISA did not immediately respond to requests for comment.

“

we must take immediate action to harden American networks