newsio aggregates and links to original sources. We do not own the original images or content. If you believe content infringes on intellectual property rights, contact us — it will be removed at first notice.
genai/news//The Economic Times
AI tools like Claude were used to find vulnerabilities in CBSE's on-screen marking portal, revealing the vendor's inadequate security knowledge.
AI tools like Claude were used to detect vulnerabilities in the CBSE on-screen marking portal.
KEY POINTS
The CBSE-OSM vendor, Coempt Edutech, lacked adequate portal security knowledge, prompting a data shift to AWS.
A high-level IIT expert panel secured both the CBSE-OSM and JEE Advanced portals after vulnerabilities emerged.
MeitY issued advisories emphasizing cybersecurity hygiene in procurement and vendor capability assessment.
NTA is minimizing human involvement in exam translations, using AI to reduce cybersecurity risks.
Synopsis
AI tools like Claude were used to find vulnerabilities in CBSE's on-screen marking portal, revealing the vendor's inadequate security knowledge. Following this, data was moved to a government-controlled AWS segment. A high-level panel addressed these issues and also secured the JEE Advanced portal amid concerns of data breaches.
New Delhi: The high-level panel of top experts from IIT Kanpur and Madras deployed to secure the CBSE and its on-screen marking (OSM) portals has found that powerful artificial intelligence tools, mainly Claude, were used to detect vulnerabilities and gain access, ET has learnt.
The panel also found that the CBSE-OSM vendor, Coempt Edutech, did not have adequate capability or conceptual knowledge on portal security mechanisms.
Accordingly, backed with strong support from the Ministry of Electronics and Information Technology (MeitY), the CBSE-OSM data was shifted from the private vendor to a government-managed and controlled segment of Amazon Web Services (India).
The panel, which has now been deployed for a week, has played a crucial role in ensuring that the CBSE verification and re-evaluation portal went live, even though a day late on June 2. The panel also completed a security analysis of the JEE Advanced portal, Joint Seat Allocation Authority, on Wednesday, addressing vulnerabilities and clearing it, ET has gathered.
Live Events
Copies of admit cards linked to JEE Advanced had emerged on social media earlier this week, raising concerns over data breach.
Meanwhile, MeitY and the Indian Computer Emergency Response Team (CERT-In) moved into the picture in a big way. The expert panel has asked CERT-In to conduct a security audit of the CBSE portal while MEITY is coordinating with NTA and CBSE to check against any further incidents.
After the CBSE-vendor row, an advisory is learnt to have been issued to key departments and bodies on ensuring cybersecurity hygiene in digital services procurement and request for proposals from the design stage itself.
All organisations are on high alert amid rounds of cyber lapses and with good reason.
ET gathers that one of NTA's digital portals was hit by half a million attempts on Sunday - the day CUET was held up by technical glitches and delays, which prevented over 3,700 students from appearing for the exam. A re-test will be held for them on June 6-7 with a strong MeitY support to back up the digital bandwidth even as top IT services firm, Tata Consultancy Services, is handling the exam.
CBSE on Tuesday also reported a denial of service (to overwhelm a website/portal) attacks, causing 1.5 million hits on the portal within two minutes and more than 100,000 unauthorised file access.
MeitY, however, does not essentially consider the CBSE OSM portal a case of 'cyberattack', but more a case of ethical hackers probing for gaps as soon as the portal was attempting to go live - gaps that were finally addressed, officials indicated.
Even though NEET-UG 2026 is a pen-and-paper test and does not require CUET-OSM-like security rings, MeitY is working closely with NTA to support exam security at test centres and monitoring levels, it is gathered.
With translators now emerging as a key weak link as per CBI probe, NTA is particularly aiming at minimising human interface and using AI largely to translate the exam paper (offered in 13 languages) to ensure an "air-gapped" system ahead of the test involving over 2.2 million students.
Also, NTA is closing down several of its digital assets which may have gone into dormancy or disuse but could offer a gateway to hacking, officials in the know said.
A major MeitY focus area for the future - following the CBSE controversy over procurement - is the general lack of "elementary hygiene" in effecting hurried, over-ambitious technology transition targets by government departments, officials said.
ET gathers that the advisory that has gone to departments emphasises on exercising caution in procurement processes and the need to fully ascertain capacity/capability of private vendors.
(You can now subscribe to our Economic Times WhatsApp channel)
Melting mountains: Can India defuse 189 looming flood risks in Himalayas?
Why Indian manufacturers may want the rupee to hit 100
Down 30% in 1 year, are AI-hit Infy, TCS still value stocks?
How practical is India’s latest investor protection framework?
Wafers to war: Vinay Dube on how Iran crisis is hitting Akasa
Stock Radar: After a 24% correction, Max Healthcare breaks key resistance level; analysts see long-term potential
1
2
3