IIT-Kanpur recruits teen who flagged flaws in CBSE's digital evaluation system

A 19-year-old ethical hacker who came into the spotlight after highlighting alleged vulnerabilities in the Central Board of Secondary Education's (CBSE) digital answer-sheet evaluation platform has been recruited by the Indian Institute of Technology (IIT)-Kanpur's cybersecurity research hub.

Nisarga Adhikary, who recently cleared his Class 12 examinations, has joined C3iHub, IIT-Kanpur's cybersecurity and cyber defence innovation centre, as an Open Source Intelligence (OSINT) and threat intelligence engineer on a contractual basis.

The appointment comes amid growing concerns over the security of digital infrastructure used in public services, including education and governance.

Adhikary gained attention earlier this year after publicly raising concerns about the security architecture of the CBSE's On-Screen Marking (OSM) system, which is used for the digital evaluation of board examination answer sheets.

He alleged weaknesses in areas such as access controls, password management and authentication processes, triggering debate among cybersecurity experts and prompting closer scrutiny of the platform.

The CBSE, however, maintained that the vulnerabilities identified by Adhikary were confined to a testing environment and did not impact the live evaluation system used for assessment.

IIT-Kanpur cites technical potential

IIT-Kanpur Director Manindra Agrawal described Adhikary as a talented young technologist with significant potential in the cybersecurity field.

“We believe he has significant potential, and his joining IIT-K will provide him with the opportunity to enhance his capabilities while contributing to cybersecurity and threat intelligence initiatives at C3iHub,” Agrawal told PTI.

According to institute officials, Adhikary's responsibilities will include analysing publicly available information, identifying vulnerabilities in digital systems and assisting in cybersecurity threat assessment and intelligence-gathering projects.

The role marks his first full-time position in a dedicated cybersecurity environment.

“In my earlier work, I mostly worked as a software engineer while cybersecurity remained more of a passion project,” Adhikary said.

He added that he had previously worked with startup teams as well as overseas companies on technology-related assignments.

Interest sparked by OSM rollout

Adhikary said his interest in the CBSE platform developed after widespread discussions and criticism surrounding the introduction of the OSM system during the examination season.

According to him, he began examining publicly accessible code associated with the platform and subsequently identified what he described as multiple security weaknesses.

While he declined to disclose details of his remuneration at IIT-Kanpur, Adhikary said compensation offered by foreign firms had been higher due to earnings linked to overseas markets.

“The salary is decent, but working with US-based companies gave a financial advantage because of dollar earnings,” he said.

His recruitment is being viewed by many in the cybersecurity community as an example of how young researchers and ethical hackers can contribute to strengthening digital security systems through responsible disclosure and technical expertise.