Claude, other AI tools used to breach CBSE portals: IIT Panel

New Delhi: The high-level panel of top experts from IIT Kanpur and Madras deployed to secure the CBSE and its on-screen marking (OSM) portals has found that powerful artificial intelligence tools, mainly Claude, were used to detect vulnerabilities and gain access, ET has learnt.

The panel also found that the CBSE-OSM vendor, Coempt Edutech, did not have adequate capability or conceptual knowledge on portal security mechanisms.

Accordingly, backed with strong support from the Ministry of Electronics and Information Technology (MeitY), the CBSE-OSM data was shifted from the private vendor to a government-managed and controlled segment of Amazon Web Services (India).

The panel, which has now been deployed for a week, has played a crucial role in ensuring that the CBSE verification and re-evaluation portal went live, even though a day late on June 2. The panel also completed a security analysis of the JEE Advanced portal, Joint Seat Allocation Authority, on Wednesday, addressing vulnerabilities and clearing it, ET has gathered.

Copies of admit cards linked to JEE Advanced had emerged on social media earlier this week, raising concerns over data breach.

Meanwhile, MeitY and the Indian Computer Emergency Response Team (CERT-In) moved into the picture in a big way. The expert panel has asked CERT-In to conduct a security audit of the CBSE portal while MEITY is coordinating with NTA and CBSE to check against any further incidents.

After the CBSE-vendor row, an advisory is learnt to have been issued to key departments and bodies on ensuring cybersecurity hygiene in digital services procurement and request for proposals from the design stage itself.

All organisations are on high alert amid rounds of cyber lapses and with good reason.

ET gathers that one of NTA's digital portals was hit by half a million attempts on Sunday - the day CUET was held up by technical glitches and delays, which prevented over 3,700 students from appearing for the exam. A re-test will be held for them on June 6-7 with a strong MeitY support to back up the digital bandwidth even as top IT services firm, Tata Consultancy Services, is handling the exam.

CBSE on Tuesday also reported a denial of service (to overwhelm a website/portal) attacks, causing 1.5 million hits on the portal within two minutes and more than 100,000 unauthorised file access.

MeitY, however, does not essentially consider the CBSE OSM portal a case of 'cyberattack', but more a case of ethical hackers probing for gaps as soon as the portal was attempting to go live - gaps that were finally addressed, officials indicated.

Even though NEET-UG 2026 is a pen-and-paper test and does not require CUET-OSM-like security rings, MeitY is working closely with NTA to support exam security at test centres and monitoring levels, it is gathered.

With translators now emerging as a key weak link as per CBI probe, NTA is particularly aiming at minimising human interface and using AI largely to translate the exam paper (offered in 13 languages) to ensure an "air-gapped" system ahead of the test involving over 2.2 million students.

Also, NTA is closing down several of its digital assets which may have gone into dormancy or disuse but could offer a gateway to hacking, officials in the know said.

A major MeitY focus area for the future - following the CBSE controversy over procurement - is the general lack of "elementary hygiene" in effecting hurried, over-ambitious technology transition targets by government departments, officials said.

ET gathers that the advisory that has gone to departments emphasises on exercising caution in procurement processes and the need to fully ascertain capacity/capability of private vendors.