Experts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which government agencies must address critical vulnerabilities from two weeks to only three days.
The current 14-day window applies to high-severity flaws dating from 2021 onwards, listed as known to be under exploit in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
According to a Reuters report citing two unnamed sources, this might be reduced to 72 hours amid growing concern that AI models such as Anthropic’s Claude Mythos (which, according to a recent report, CISA has not yet had access to) will accelerate the ability of attackers to ...