CBSE and JEE Portals Face AI-Driven Security Probes, Prompting Government Intervention
A high-level expert panel from IIT Kanpur and Madras, deployed to secure the CBSE’s On-Screen Marking (OSM) portal, discovered that AI tools primarily Claude were used to detect vulnerabilities in the system. The investigation revealed that Coempt Edutech, the vendor managing the CBSE-OSM portal, lacked sufficient expertise in cybersecurity, prompting the Ministry of Electronics and Information Technology (MeitY) to transfer the data to a government-controlled segment of Amazon Web Services (AWS) in India.
The panel, active for a week, ensured the CBSE’s verification and re-evaluation portal went live on June 2, a day behind schedule, while also conducting a security audit of the JEE Advanced portal and the Joint Seat Allocation Authority (JoSAA), addressing critical vulnerabilities. Earlier this week, leaked JEE Advanced admit cards surfaced on social media, raising concerns over potential data breaches.
MeitY and CERT-In have since intensified oversight, with CERT-In conducting a security audit of the CBSE portal and MeitY coordinating with the National Testing Agency (NTA) and CBSE to prevent further incidents. Following the CBSE-vendor dispute, an advisory has been issued to government departments, emphasizing cybersecurity hygiene in digital service procurement from the design stage.
Heightened security measures come amid a surge in cyber incidents. On June 2, the same day as CUET technical glitches that barred 3,700 students from taking the exam, one of NTA’s portals faced 500,000 attack attempts. A re-test for affected CUET candidates is scheduled for June 6-7, with MeitY providing digital bandwidth support and Tata Consultancy Services (TCS) managing the exam infrastructure.
The CBSE portal also experienced a denial-of-service (DoS) attack, recording 1.5 million hits in two minutes and over 100,000 unauthorized file access attempts. However, MeitY officials clarified that the OSM portal incident was not classified as a cyberattack but rather ethical hacking probes that exposed gaps before the system went live.
With NEET-UG 2026 being a pen-and-paper test, MeitY is focusing on exam center security and monitoring for the NTA, which oversees exams for over 2.2 million students. To reduce vulnerabilities, the NTA is minimizing human intervention particularly in translation processes by leveraging AI for exam paper translations (available in 13 languages) and implementing an "air-gapped" system. Additionally, the agency is decommissioning dormant digital assets that could serve as potential entry points for cyber threats.
A key concern highlighted by MeitY is the lack of "elementary cybersecurity hygiene" in government departments, often due to rushed or overly ambitious technology transitions. The CBSE incident has underscored the need for stronger procurement standards and proactive security measures in public digital infrastructure.
Central Board Of Secondary Education(CBSE) cybersecurity rating report: https://www.rankiteo.com/company/central-board-of-secondary-education-cbse-
Coempt Edu Teck cybersecurity rating report: https://www.rankiteo.com/company/coempt-edu-teck
"id": "CENCOE1780562286",
"linkid": "central-board-of-secondary-education-cbse-, coempt-edu-teck",
"type": "Vulnerability",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Students appearing for CBSE '
'exams',
'industry': 'Education',
'location': 'India',
'name': 'Central Board of Secondary Education (CBSE)',
'size': 'Large',
'type': 'Government Education Board'},
{'customers_affected': 'Over 2.2 million students '
'(NEET, JEE, CUET, etc.)',
'industry': 'Education',
'location': 'India',
'name': 'National Testing Agency (NTA)',
'size': 'Large',
'type': 'Government Examination Agency'},
{'customers_affected': 'CBSE OSM portal users',
'industry': 'Education Technology',
'location': 'India',
'name': 'Coempt Edutech',
'type': 'Vendor'}],
'attack_vector': ['AI-driven vulnerability scanning',
'Unauthorized file access attempts'],
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'JEE Advanced admit cards'},
'description': 'A high-level expert panel from IIT Kanpur and Madras '
'discovered AI tools (primarily Claude) were used to detect '
'vulnerabilities in CBSE’s On-Screen Marking (OSM) portal. The '
'vendor, Coempt Edtech, lacked cybersecurity expertise, '
'prompting MeitY to transfer data to a government-controlled '
'AWS segment. Security audits were conducted on the JEE '
'Advanced and JoSAA portals after leaked JEE Advanced admit '
'cards surfaced on social media. The CBSE portal also faced a '
'DoS attack with 1.5 million hits in two minutes and over '
'100,000 unauthorized file access attempts.',
'impact': {'brand_reputation_impact': 'Concerns over data breaches and exam '
'integrity',
'data_compromised': 'Potential exposure of JEE Advanced admit '
'cards',
'downtime': 'CBSE verification and re-evaluation portal delayed by '
'one day',
'identity_theft_risk': 'Potential risk due to leaked admit cards',
'operational_impact': '3,700 CUET students barred from taking '
'exams; re-test scheduled for June 6-7',
'systems_affected': ['CBSE OSM portal',
'JEE Advanced portal',
'JoSAA portal',
'CUET portal']},
'investigation_status': 'Ongoing',
'lessons_learned': 'Lack of elementary cybersecurity hygiene in government '
'departments, need for stronger procurement standards and '
'proactive security measures in public digital '
'infrastructure.',
'motivation': 'Ethical hacking probes (not classified as a cyberattack)',
'post_incident_analysis': {'corrective_actions': 'Enhanced monitoring, '
'AI-driven translations, '
'decommissioning dormant '
'assets, air-gapped systems',
'root_causes': 'Insufficient vendor expertise, '
'rushed technology transitions, '
'lack of cybersecurity hygiene'},
'recommendations': ['Implement cybersecurity hygiene from the design stage',
'Minimize human intervention in exam processes',
'Use AI for secure exam paper translations',
'Decommission dormant digital assets',
'Adopt air-gapped systems for critical operations'],
'references': [{'source': 'Government statements and media reports'}],
'regulatory_compliance': {'regulatory_notifications': 'CERT-In conducted '
'security audit, MeitY '
'issued advisory'},
'response': {'communication_strategy': 'Advisory issued to government '
'departments on cybersecurity hygiene',
'containment_measures': 'Data transferred to '
'government-controlled AWS segment, '
'security audits conducted',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'network_segmentation': 'Government-controlled AWS segment',
'recovery_measures': 'CBSE portal went live on June 2, CUET '
're-test scheduled for June 6-7',
'remediation_measures': 'Enhanced monitoring, decommissioning '
'dormant digital assets, AI-driven exam '
'paper translations',
'third_party_assistance': 'IIT Kanpur and Madras expert panel'},
'stakeholder_advisories': 'Advisory issued to government departments on '
'cybersecurity hygiene in digital service '
'procurement.',
'title': 'AI-Driven Security Probes on CBSE and JEE Portals',
'type': ['Security Probe', 'Denial-of-Service (DoS)'],
'vulnerability_exploited': 'Lack of cybersecurity hygiene, insufficient '
'vendor expertise'}