CISA: US Agencies Must Fix Critical Bugs in 3 Days Due to AI

The US Cybersecurity and Infrastructure Security Agency, or CISA, now requires federal civilian agencies to fix critical security bugs in as little as three days. This new directive comes as AI models are making it easier for hackers to find and exploit software vulnerabilities. Here's the thing: CISA's Chris Butera explained that the goal is to help agencies prioritize. They need to address the most problematic vulnerabilities first. The new rules outline how quickly bugs must be fixed, with the fastest turnaround for critical cases. What's interesting is that this directive supersedes previous orders, which allowed 15 or 30 days for patching high-urgency vulnerabilities. The criteria for urgent patching include whether a system is publicly exposed, if the bug is in CISA's Known Exploited Vulnerabilities Catalog, and if an attacker could automate the exploitation. If all these points apply, the fix must happen within three days. The bottom line: This move highlights the increasing threat AI poses to cybersecurity and the urgent need for faster defense mechanisms.