For years the mantra in IT security has been simple — patch everything. But in the age of AI that’s no longer realistic. And this week CISA made it official with a new approach that changes the game for federal agencies and sets a precedent for the entire industry.

CISA’s new risk-based patching framework requires federal agencies to patch the most dangerous vulnerabilities within just 72 hours. The reason? AI is now helping attackers discover and exploit software flaws faster than ever — making the old “patch everything eventually” approach dangerously outdated.

Under the new rules, priorities are clear:

Top priority — Internet-facing vulnerabilities that are actively being exploited AND can be automated

Everything else — Ranked and addressed based on actual risk level

This week’s big takeaway: Cybersecurity isn’t about patching everything anymore — it’s about patching smarter. When attackers can use AI to scale their efforts at machine speed, defenders have to laser-focus on what matters most and move fast.

Speed now beats volume.

https://www.cisa.gov/news-events/news/patch-smarter-not-harder

https://www.cisa.gov/news-events/news/cisa-issues-new-directive-improving-how-federal-agencies-prioritize-mitigation-cyber-vulnerabilities

Week ending June 13th, 2026

Hosted by Peter

00:00:00 – Intro: The End of Patch Everything

00:00:35 – CISA’s New 72-Hour Rule Explained

00:00:50 – How AI Is Accelerating Attacks

00:00:58 – Takeaway: Speed Beats Volume

00:01:02 – Sign-Off

The post Saturday Security: CISA’s New 72-Hour Patch Rule appeared first on psilva's prophecies.

*** This is a Security Bloggers Network syndicated blog from psilva's prophecies authored by psilva. Read the original post at: https://psilvas.wordpress.com/2026/06/13/saturday-security-cisas-new-72-hour-patch-rule/