- CISA issued a new directive telling US federal agencies to fix high‑severity security flaws in as little as three days.
What actually happened: The Cybersecurity and Infrastructure Security Agency warned that defenders cannot afford to take weeks to patch. The advisory cites the rise of AI‑driven tools that can locate and weaponize vulnerabilities much faster than before. Agencies are now expected to triage, test, and deploy patches on a dramatically compressed timeline.
Why it matters: Faster patch cycles could narrow the window attackers have to exploit known flaws, especially those generated by generative AI. However, the shift also pressures IT teams already stretched thin, raising concerns about rushed fixes and potential new bugs.
The move mirrors similar fast‑track patch mandates in the private sector, but applying it across a sprawling bureaucracy will be a real test of capacity.