CBSE to NEET: Centre to fight AI threats

New Delhi: Reeling under a series of cyber attacks, from the CBSE-OSM portal case to Telegram leaks of NEET-UG exam paper that forced a mega exam cancellation, the government has asked all ministries to guard against growing 'AI-driven cyber threats', review vulnerabilities and ensure that all third-party vendors comply with guidelines, ET has learnt.The Centre has also initiated a major 'AI-driven vulnerability assessment' across all governmental portals, websites, applications and critical delivery systems to strengthen cybersecurity preparedness and protect the national digital infrastructure.Also Read: NEET-UG re-exam: NTA to hold nationwide mock drill on June 20; check what it means hereThe Ministry of Electronics and Information Technology (MeitY) has sent out at least 2-3 high level communications to all key ministries over the last few days, asking departments to strengthen defences against AI-assisted vulnerabilities exploitation.

All ministries have been asked to review the 'cybersecurity posture' across all organisations and bodies under their administrative control.Ministries have also been asked to ensure that all Original Equipment Manufacturers (OEMs)/third party vendors operating within their remit must adhere to the stringent new Cert-In guidelines that seek supply chain transparency, strict security patching timelines, immediate breach disclosures and strict, evidence-backed security contracts.

Many of the above were found wanting in the CBSE-OSM case involving private vendor Coempt Eduteck.The CBSE-On Screen Marking (OSM) portal was also breached by several ethical hackers who exposed vulnerabilities in the system.An expert team with two IIT directors on board, had to be deployed to secure the portal before it could be opened to the public late last month.

In case of NEET-UG, the exam was cancelled after several original questions were allegedly found leaked on Telegram, a messaging platform that now stands banned in India until a day after the NEET-UG retest on June 21.Also Read: SC refuses to accord urgent hearing on pleas related to NEET-UG 2026The latest communication sent out by MeitY comes against this backdrop, pointing to the mushrooming of AI, generative AI and AI-driven automation tools besides large language models which have speeded up the process of identifying vulnerabilities in a digital portal.This 'AI-enabled cyber exploitation' allows adversaries to spot and exploit vulnerabilities and gaps such as insecure APIs besides misconfigured and exposed systems, faster than before, the ministry cautioned in its communication.

This in turn also creates room for easier creation of highly targeted phishing campaigns and advanced malware to pilot cyberattacks at much greater speed and scale, it said.With organisations increasingly interconnected on digital infrastructure, sharing cloud platforms, AI-enabled systems, software supply chains and operational technologies, the potential of AI-driven cyberthreats now looms large, ministries have been warned.Meanwhile, Cert-In has started conducting AI-assisted 'vulnerability discovery' assessments across governmental digital infrastructure.

Detailed reports have also been sent out to various departments on the same, ET has learnt.MeitY in May wrote to all ministries on the issue, seeking action taken data on organisation-specific recommendations made by Cert-In to enhance cybersecurity preparedness.Alongside, the Cert-In 'Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure', issued on May 25, and its Guidelines for OEMs have strongly been recommended to enhance 'resilience' of digital systems against AI-enabled cyberthreats.

The blueprint has underlined the need to shift to continuous threat exposure management instead of the fortnightly/weekly sanitisation mechanism.It also asks all organisations to work on a 12-hour deadline to patch and isolate critical, internet-facing vulnerabilities. ...