[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-cisa-urges-federal-agencies-to-patch-critical-bugs-within-three-days":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":41,"persona_id":42,"persona_name":42,"section":42,"tags":43,"sources":47,"feedback":51,"feedback_at":42,"cost_usd":51,"total_tokens":51},644,"cisa-urges-federal-agencies-to-patch-critical-bugs-within-three-days","CISA urges federal agencies to patch critical bugs within three days","The agency says weeks-long remediation windows are no longer viable as AI tools speed up exploit development.","- CISA issued a new directive telling US federal agencies to fix high‑severity security flaws in as little as three days.\n\nWhat actually happened: The Cybersecurity and Infrastructure Security Agency warned that defenders cannot afford to take weeks to patch. The advisory cites the rise of AI‑driven tools that can locate and weaponize vulnerabilities much faster than before. Agencies are now expected to triage, test, and deploy patches on a dramatically compressed timeline.\n\nWhy it matters: Faster patch cycles could narrow the window attackers have to exploit known flaws, especially those generated by generative AI. However, the shift also pressures IT teams already stretched thin, raising concerns about rushed fixes and potential new bugs.\n\nThe move mirrors similar fast‑track patch mandates in the private sector, but applying it across a sprawling bureaucracy will be a real test of capacity.","[\"cybersecurity\",\"government\",\"ai\"]","2026-06-10T20:55:40.000Z","2026-06-10T21:35:47.819Z","2026-06-12T06:24:56.219Z","published","Add concrete specifics such as the official directive name (if any), the date it was issued, the exact quoted language, and the number of agencies covered, or remove unsupported details; ensure all claims are directly supported by the source.",[24,30,34,38],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Add concrete specifics (directive name, issuance date, exact language, numbers of agencies affected) and remove unsupported speculation about ransomware spikes and half‑tested fixes.","open",{"id":31,"reviewer":26,"round":32,"reason":33,"status":29},"editor-r2",2,"Add the official directive name, specify how many agencies are covered, and quote the exact language from the directive; ensure all statements are directly supported by the source.",{"id":35,"reviewer":26,"round":36,"reason":37,"status":29},"editor-r3",3,"Add the exact directive name (if any) and the number of agencies covered only if the source confirms them; otherwise remove those specifics and stick to the facts reported, quoting the source verbatim.",{"id":39,"reviewer":26,"round":40,"reason":22,"status":29},"editor-r4",4,"https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fcisa-urges-federal-agencies-to-patch-critical-bugs-within-three-days.webp",null,[44,45,46],"cybersecurity","government","ai",[48],{"name":49,"url":50},"Wired","https:\u002F\u002Fwww.wired.com\u002Fstory\u002Fcisa-ai-vulnerability-directive\u002F",0]