The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced a new risk-based approach to vulnerability remediation, requiring federal civilian agencies to patch the most dangerous cyber vulnerabilities within 72 hours. Announced through Binding Operational Directive (BOD) 26-04, the new CISA vulnerability management directive replaces older remediation requirements with a framework designed to prioritize vulnerabilities that pose the greatest risk to government systems.

The move comes as cybersecurity officials warn that artificial intelligence is helping threat actors identify and exploit security flaws faster than ever before. The directive aims to improve federal cy...