US Cyber Defense Agency Cuts Vulnerability Fix Window to Three Days as AI-Powered Hacking Surges

US Shortens Cyber Fix Window to Three Days as AI Threats Rise

WASHINGTON, June 10 (Reuters) - The ⁠U.S. ⁠cyber defense agency said ⁠on Wednesday that government officials now have three days to deal with the most serious categories of digital vulnerabilities in their networks, a compressed timeline that is due in part to hackers' use of artificial intelligence. The ⁠deadline, which ⁠was set in a new directive issued by the Cybersecurity and Infrastructure Security Agency, obligates civilian federal agencies with vulnerable software or equipment to fix, disable, or remove it from the internet within three calendar days, depending on the severity of the threat. Many cyber experts ⁠worry that ⁠new, more capable AI ⁠models along the lines of Anthropic's Mythos are supercharging hackers' abilities to take advantage of digital vulnerabilities ⁠across the internet, forcing defenders to plug security holes almost as soon as they are discovered. The directive said that because the window to respond to hacks was potentially narrowing, "we must take immediate ⁠action to harden American networks" and make sure government policies for applying ⁠fixes are up to the task. Reuters first reported last month that U.S. officials were considering the adoption of a three-day deadline to deal with potentially dangerous flaws. Even under the new directive, there is still more time to deal with less severe weaknesses, such as ones that are not easy for hackers and cybercriminals to automate, or do not concern publicly exposed ⁠digital infrastructure. An appendix to the order leaves two weeks to deal with many vulnerabilities and as long as two months for the least serious category of flaw. CISA did not immediately return a message seeking comment. (Reporting by Raphael Satter in Washington; Editing by Matthew Lewis)

US shortens cyber fix window to three days as AI threats rise

Government agencies are racing against a tight three-day deadline to address significant cybersecurity issues. This urgent requirement has been established in light of emerging threats from hackers employing sophisticated artificial intelligence. The Cybersecurity and Infrastructure Security Agency has paved the way for this proactive measure, aiming to bolster the resilience of American network infrastructure. The US cyber defense agency said on Wednesday that government officials now have three days to deal with the most serious categories of digital vulnerabilities in their networks, a compressed timeline that is due in part to hackers' use of artificial intelligence. The deadline, which ⁠was ⁠set in a new directive issued by the Cybersecurity and Infrastructure Security Agency, obligates civilian federal agencies with vulnerable software or equipment to fix, disable, or remove it from the internet within three calendar days, depending on the severity of the threat. Many cyber experts worry that new, more capable AI models ⁠along the lines of Anthropic's Mythos are supercharging hackers' abilities to take advantage of digital vulnerabilities across the internet, forcing ⁠defenders to plug security holes almost as soon as they are discovered. The directive said that because the window to respond to hacks was potentially narrowing, "we must take immediate action to harden American networks" and make sure government policies for applying fixes are up to the task. Reuters first reported last month that US officials were considering the adoption of a three-day deadline to deal with potentially dangerous flaws. Even under the new directive, there is still more time ⁠to deal with less severe weaknesses, such as ones that are not easy for hackers and cybercriminals to automate, or do not concern publicly exposed digital infrastructure. An appendix to the order leaves two weeks to deal with many vulnerabilities and as long as two months for the least serious category of flaw. CISA did not immediately return a message seeking comment.

US shortens cyber fix window to three days as AI threats rise

WASHINGTON, June 10 (Reuters) - The U.S. cyber defense agency said on Wednesday that government officials now have three days to deal with the most serious categories of digital vulnerabilities in their networks, a compressed timeline that is due in part to hackers' use of artificial intelligence. The deadline, which was set in a new directive issued by the Cybersecurity and Infrastructure Security Agency, obligates civilian federal agencies with vulnerable software or equipment to fix, disable, or remove it from the internet within three calendar days, depending on the severity of the threat. Many cyber experts worry that new, more capable AI models along the lines of Anthropic's Mythos are supercharging hackers' abilities to take advantage of digital vulnerabilities across the internet, forcing defenders to plug security holes almost as soon as they are discovered. The directive said that because the window to respond to hacks was potentially narrowing, "we must take immediate action to harden American networks" and make sure government policies for applying fixes are up to the task. Reuters first reported last month that U.S. officials were considering the adoption of a three-day deadline to deal with potentially dangerous flaws. Even under the new directive, there is still more time to deal with less severe weaknesses, such as ones that are not easy for hackers and cybercriminals to automate, or do not concern publicly exposed digital infrastructure. An appendix to the order leaves two weeks to deal with many vulnerabilities and as long as two months for the least serious category of flaw. CISA did not immediately return a message seeking comment. (Reporting by Raphael Satter in Washington; Editing by Matthew Lewis)