What is the story about?
India's education technology infrastructure is facing heightened scrutiny after an expert committee investigating the recent CBSE portal incident reportedly concluded that advanced artificial intelligence tools were used to identify weaknesses in the system.
According to a report by The Economic Times, a high-level panel comprising experts from IIT Kanpur and IIT Madras found that AI models, particularly Anthropic's Claude, were used to discover vulnerabilities and gain access to parts of the Central Board of Secondary Education's (CBSE) On-Screen Marking (OSM) platform.
The findings have triggered a wider government response involving the Ministry of Electronics and Information Technology (MeitY), the Indian Computer Emergency Response Team (CERT-In), the National Testing Agency (NTA) and other agencies responsible for managing critical examination infrastructure.
The development comes amid growing concerns over the cybersecurity preparedness of platforms that handle sensitive student data and support examinations taken by millions of candidates across the country.
As reported by The Economic Times, the IIT-led panel was deployed to secure the CBSE and OSM portals after concerns emerged around vulnerabilities in the system.
During its review, the committee reportedly found that the private vendor managing the platform, Coempt Edutech, lacked adequate expertise and understanding of key security mechanisms required to protect such infrastructure.
The assessment prompted immediate intervention from government authorities. According to the report, CBSE's OSM-related data has now been migrated from the vendor-managed environment to a government-controlled segment of Amazon Web Services (AWS) India with support from MeitY.
The expert team has been working on the systems for the past week and is said to have played a critical role in enabling the CBSE verification and re-evaluation portal to go live on June 2 after a brief delay.
The same panel was also tasked with reviewing other examination-related systems. The Economic Times reported that the experts completed a security assessment of the Joint Seat Allocation Authority (JoSAA) and JEE Advanced infrastructure on Wednesday, identifying and addressing vulnerabilities before clearing the platforms.
The review came shortly after copies of JEE Advanced admit cards surfaced on social media, sparking concerns over a potential data exposure incident.
Following the incident, CERT-In has reportedly been asked to conduct a formal security audit of the CBSE portal, while MeitY is coordinating with both CBSE and NTA to prevent any recurrence.
According to officials cited by The Economic Times, the government does not necessarily view the CBSE episode as a traditional cyberattack. Instead, some officials reportedly believe the activity resembled ethical hackers probing the system for weaknesses as it was preparing to go live.
Regardless of how the incident is ultimately classified, it has exposed broader concerns about cybersecurity standards in public-sector technology projects.
The report states that an advisory has been circulated to key government departments and organisations, emphasising the need to incorporate cybersecurity requirements during the design and procurement stages of digital services rather than after deployment.
The CBSE incident is unfolding against a backdrop of increasing cyber activity targeting examination infrastructure.
According to The Economic Times, one of NTA's digital platforms experienced nearly 5,00,000 access attempts on Sunday, the same day technical issues affected the Common University Entrance Test (CUET) and prevented more than 3,700 students from appearing for the examination. A re-test has been scheduled for June 6 and June 7 with additional technical support from MeitY.
CBSE also reported what it described as denial-of-service activity, with approximately 1.5 million hits recorded within two minutes and more than 1,00,000 unauthorised attempts to access files, according to the report.
Meanwhile, authorities are reviewing additional security measures ahead of future examinations. The Economic Times reported that NTA is seeking to reduce human intervention in certain processes and is exploring the use of AI-powered translation systems for multilingual examination papers. The agency is also shutting down dormant digital assets that could potentially be exploited by attackers.
For policymakers, the incident has highlighted a growing challenge: as India's examination ecosystem becomes increasingly digital, cybersecurity risks are evolving just as rapidly. The CBSE case has become a reminder that securing educational infrastructure now requires the same level of attention as building it.
According to a report by The Economic Times, a high-level panel comprising experts from IIT Kanpur and IIT Madras found that AI models, particularly Anthropic's Claude, were used to discover vulnerabilities and gain access to parts of the Central Board of Secondary Education's (CBSE) On-Screen Marking (OSM) platform.
The findings have triggered a wider government response involving the Ministry of Electronics and Information Technology (MeitY), the Indian Computer Emergency Response Team (CERT-In), the National Testing Agency (NTA) and other agencies responsible for managing critical examination infrastructure.
The development comes amid growing concerns over the cybersecurity preparedness of platforms that handle sensitive student data and support examinations taken by millions of candidates across the country.
IIT panel flags security weaknesses in vendor-managed platform
As reported by The Economic Times, the IIT-led panel was deployed to secure the CBSE and OSM portals after concerns emerged around vulnerabilities in the system.
During its review, the committee reportedly found that the private vendor managing the platform, Coempt Edutech, lacked adequate expertise and understanding of key security mechanisms required to protect such infrastructure.
The assessment prompted immediate intervention from government authorities. According to the report, CBSE's OSM-related data has now been migrated from the vendor-managed environment to a government-controlled segment of Amazon Web Services (AWS) India with support from MeitY.
The expert team has been working on the systems for the past week and is said to have played a critical role in enabling the CBSE verification and re-evaluation portal to go live on June 2 after a brief delay.
The same panel was also tasked with reviewing other examination-related systems. The Economic Times reported that the experts completed a security assessment of the Joint Seat Allocation Authority (JoSAA) and JEE Advanced infrastructure on Wednesday, identifying and addressing vulnerabilities before clearing the platforms.
The review came shortly after copies of JEE Advanced admit cards surfaced on social media, sparking concerns over a potential data exposure incident.
CERT-In and MeitY step up oversight
Following the incident, CERT-In has reportedly been asked to conduct a formal security audit of the CBSE portal, while MeitY is coordinating with both CBSE and NTA to prevent any recurrence.
According to officials cited by The Economic Times, the government does not necessarily view the CBSE episode as a traditional cyberattack. Instead, some officials reportedly believe the activity resembled ethical hackers probing the system for weaknesses as it was preparing to go live.
Regardless of how the incident is ultimately classified, it has exposed broader concerns about cybersecurity standards in public-sector technology projects.
The report states that an advisory has been circulated to key government departments and organisations, emphasising the need to incorporate cybersecurity requirements during the design and procurement stages of digital services rather than after deployment.
Growing pressure on India's examination systems
The CBSE incident is unfolding against a backdrop of increasing cyber activity targeting examination infrastructure.
According to The Economic Times, one of NTA's digital platforms experienced nearly 5,00,000 access attempts on Sunday, the same day technical issues affected the Common University Entrance Test (CUET) and prevented more than 3,700 students from appearing for the examination. A re-test has been scheduled for June 6 and June 7 with additional technical support from MeitY.
CBSE also reported what it described as denial-of-service activity, with approximately 1.5 million hits recorded within two minutes and more than 1,00,000 unauthorised attempts to access files, according to the report.
Meanwhile, authorities are reviewing additional security measures ahead of future examinations. The Economic Times reported that NTA is seeking to reduce human intervention in certain processes and is exploring the use of AI-powered translation systems for multilingual examination papers. The agency is also shutting down dormant digital assets that could potentially be exploited by attackers.
For policymakers, the incident has highlighted a growing challenge: as India's examination ecosystem becomes increasingly digital, cybersecurity risks are evolving just as rapidly. The CBSE case has become a reminder that securing educational infrastructure now requires the same level of attention as building it.
