NEW DELHI: The controversy surrounding the Central Board of Secondary Education’s (CBSE) On-Screen Marking (OSM) system has taken a fresh turn, with a high-level team of experts from IIT Kanpur and IIT Madras reportedly finding that artificial intelligence tools were used to identify vulnerabilities in the Board’s digital infrastructure.According to a report by The Economic Times, the expert panel concluded that powerful AI tools, particularly Anthropic’s Claude, were used to detect weaknesses that later enabled access to parts of the CBSE-linked portal ecosystem. The findings come weeks after a series of cybersecurity disclosures, data exposure claims and operational disruptions put CBSE’s digital evaluation system under intense scrutiny.The panel was brought in after multiple vulnerabilities were reported in systems associated with the Board’s newly introduced OSM platform, which was used this year for the evaluation of Class 12 answer sheets.IIT team reportedly flags concerns over vendor capabilitiesOne of the most significant observations made by the expert group relates to the capability of the vendor entrusted with the OSM infrastructure.As reported by The Economic Times, the panel found that Coempt Eduteck, the company handling the OSM platform, lacked adequate capability and conceptual understanding of portal security mechanisms.The development is likely to intensify questions surrounding the procurement and implementation of the OSM system, which has already been facing scrutiny following complaints about scanned answer sheets, portal glitches and alleged cybersecurity weaknesses.The Centre has already ordered an inquiry into the procurement process linked to the OSM platform, while a leadership overhaul at CBSE saw the transfer of senior officials and the appointment of a new chairperson.Data shifted to government-controlled cloud infrastructureIn a move aimed at strengthening security, all CBSE-OSM data has now been shifted from infrastructure managed by the private vendor to a government-controlled segment of Amazon Web Services (India), The Economic Times reported.The migration was reportedly carried out with support from the Ministry of Electronics and Information Technology (MeitY), which has become closely involved in monitoring digital examination systems following recent controversies.The IIT-led team has also been credited with helping stabilise and secure CBSE’s verification and re-evaluation portal, which eventually went live after a delay.Wider review of examination cybersecurity underwayThe implications of the CBSE episode appear to be extending beyond a single board examination system.According to The Economic Times, the same panel also reviewed the JEE Advanced digital infrastructure after concerns emerged regarding the online availability of admit-card related records. The vulnerabilities were reportedly addressed following the review.The report further states that MeitY and CERT-In have stepped up oversight of examination-related digital platforms and have asked for a security audit of the CBSE portal.Officials quoted by The Economic Times indicated that the government does not necessarily view the CBSE incident as a conventional cyberattack. Instead, it is being seen as a case where ethical hackers and independent researchers identified security gaps that were subsequently addressed.The developments have also triggered broader discussions within government circles about technology procurement, vendor due diligence and cybersecurity preparedness. The Economic Times reported that an advisory has been circulated among departments emphasising the need to assess the technical capability of private vendors more rigorously and to incorporate cybersecurity safeguards from the earliest stages of digital project design.The latest findings come at a time when educational agencies are increasingly relying on digital systems to conduct examinations, evaluate answer sheets and manage student records. As more services move online, cybersecurity is emerging as a critical component of examination governance, alongside transparency, accuracy and operational efficiency.
