CBSE and JEE Portals Face AI-Driven Security Probes, Prompting Government Intervention A high-level expert panel from IIT Kanpur and Madras, deployed to secure the CBSE’s On-Screen Marking (OSM) portal, discovered that AI tools primarily Claude were used to detect vulnerabilities in the system. The investigation revealed that Coempt Edutech, the vendor managing the CBSE-OSM portal, lacked sufficient expertise in cybersecurity, prompting the Ministry of Electronics and Information Technology (MeitY) to transfer the data to a government-controlled segment of Amazon Web Services (AWS) in India. The panel, active for a week, ensured the CBSE’s verification and re-evaluation portal went live on June 2, a day behind schedule, while also conducting a security audit of the JEE Advanced portal and the Joint Seat Allocation Authority (JoSAA), addressing critical vulnerabilities. Earlier this week, leaked JEE Advanced admit cards surfaced on social media, raising concerns over potential data breaches. MeitY and CERT-In have since intensified oversight, with CERT-In conducting a security audit of the CBSE portal and MeitY coordinating with the National Testing Agency (NTA) and CBSE to prevent further incidents. Following the CBSE-vendor dispute, an advisory has been issued to government departments, emphasizing cybersecurity hygiene in digital service procurement from the design stage. Heightened security measures come amid a surge in cyber incidents. On June 2, the same day as CUET technical glitches that barred 3,700 students from taking the exam, one of NTA’s portals faced 500,000 attack attempts. A re-test for affected CUET candidates is scheduled for June 6-7, with MeitY providing digital bandwidth support and Tata Consultancy Services (TCS) managing the exam infrastructure. The CBSE portal also experienced a denial-of-service (DoS) attack, recording 1.5 million hits in two minutes and over 100,000 unauthorized file access attempts. However, MeitY officials clarified that the OSM portal incident was not classified as a cyberattack but rather ethical hacking probes that exposed gaps before the system went live. With NEET-UG 2026 being a pen-and-paper test, MeitY is focusing on exam center security and monitoring for the NTA, which oversees exams for over 2.2 million students. To reduce vulnerabilities, the NTA is minimizing human intervention particularly in translation processes by leveraging AI for exam paper translations (available in 13 languages) and implementing an "air-gapped" system. Additionally, the agency is decommissioning dormant digital assets that could serve as potential entry points for cyber threats. A key concern highlighted by MeitY is the lack of "elementary cybersecurity hygiene" in government departments, often due to rushed or overly ambitious technology transitions. The CBSE incident has underscored the need for stronger procurement standards and proactive security measures in public digital infrastructure.