IIT Kanpur and IIT Madras panel found AI tools including Claude exploited CBSE portal vulnerabilities, prompting government security overhaul and CERT-In audit of examination infrastructure.
IIT Panel Concludes AI Tools Detected CBSE Portal Vulnerabilities
India’s education technology infrastructure faces heightened scrutiny after an expert committee investigating the recent CBSE portal incident concluded that advanced artificial intelligence tools exploited CBSE portal vulnerabilities in the system. A high-level panel comprising experts from IIT Kanpur and IIT Madras found that AI models, particularly Anthropic’s Claude, discovered vulnerabilities and gained access to parts of the Central Board of Secondary Education’s (CBSE) On-Screen Marking (OSM) platform.
The findings have triggered a wider government response involving the Ministry of Electronics and Information Technology (MeitY), the Indian Computer Emergency Response Team (CERT-In), the National Testing Agency (NTA), and other agencies responsible for managing critical examination infrastructure. This development comes amid growing concerns over cybersecurity preparedness of platforms handling sensitive student data and supporting examinations taken by millions of candidates across the country.
IIT Panel Flags Vendor’s Inadequate Security Expertise
As reported by The Economic Times, the IIT-led panel deployed to secure CBSE and OSM portals after concerns emerged around system vulnerabilities. During its review, the committee found that the private vendor managing the platform, Coempt Edutech, lacked adequate expertise and understanding of key security mechanisms required to protect such infrastructure.
The assessment prompted immediate intervention from government authorities. According to the report, CBSE’s OSM-related data has now migrated from the vendor-managed environment to a government-controlled segment of Amazon Web Services (AWS) India with MeitY support. The expert team worked on the systems for the past week and played a critical role in enabling the CBSE verification and re-evaluation portal to go live on June 2 after a brief delay.
Panel Reviews JoSAA and JEE Advanced Infrastructure
The same panel was also tasked with reviewing other examination-related systems. The Economic Times reported that experts completed a security assessment of the Joint Seat Allocation Authority (JoSAA) and JEE Advanced infrastructure on Wednesday, identifying and addressing vulnerabilities before clearing the platforms.
The review came shortly after copies of JEE Advanced admit cards surfaced on social media, sparking concerns over a potential data exposure incident. This proactive assessment demonstrates the government’s commitment to preventing similar security breaches across all examination platforms.
CERT-In and MeitY Increase Oversight of Examination Systems
Following the incident, authorities asked CERT-In to conduct a formal security audit of the CBSE portal, while MeitY coordinates with both CBSE and NTA to prevent any recurrence. According to officials cited by The Economic Times, the government does not necessarily view the CBSE episode as a traditional cyberattack. Instead, some officials believe the activity resembled ethical hackers probing the system for weaknesses as it prepared to go live.
Regardless of how the incident is ultimately classified, it exposed broader concerns about cybersecurity standards in public-sector technology projects. The report states that an advisory has circulated to key government departments and organisations, emphasising the need to incorporate cybersecurity requirements during the design and procurement stages of digital services rather than after deployment.
NTA Faces Massive Access Attempts During CUET Technical Issues
The CBSE incident unfolds against a backdrop of increasing cyber activity targeting examination infrastructure. According to The Economic Times, one of NTA’s digital platforms experienced nearly 5,00,000 access attempts on Sunday, the same day technical issues affected the Common University Entrance Test (CUET) and prevented more than 3,700 students from appearing for the examination. A re-test has been scheduled for June 6 and June 7 with additional technical support from MeitY.
CBSE also reported what it described as denial-of-service activity, with approximately 1.5 million hits recorded within two minutes and more than 1,00,000 unauthorised attempts to access files, according to the report.
Authorities Review Security Measures for Future Examinations
Meanwhile, authorities are reviewing additional security measures ahead of future examinations. The Economic Times reported that NTA is seeking to reduce human intervention in certain processes and is exploring the use of AI-powered translation systems for multilingual examination papers. The agency is also shutting down dormant digital assets that could potentially be exploited by attackers.
For policymakers, the incident has highlighted a growing challenge: as India’s examination ecosystem becomes increasingly digital, cybersecurity risks are evolving just as rapidly. The CBSE case has become a reminder that securing educational infrastructure now requires the same level of attention as building it. The integration of AI tools in cyber attacks represents a new dimension of threat that authorities must address through updated security protocols and continuous monitoring systems.
#CBSE #CyberAttack #IITKanpur #IITMadras #Claude #AITools #CERTIn #MeitY #EducationTechnology #Cybersecurity
Disclaimer
The information in this article is based on available public sources and official statements as of the time of publication. While we aim for accuracy, we do not guarantee completeness or correctness. We advise readers to verify key details from official sources before making any decisions. The website (iitiimsamvaad.com) is not liable for any loss or damage arising from the use of this content. The authors are also not responsible for any such loss or damage.