BharatMorningNews
Fast mobile article powered by Nexiamath-SEO AMP.
AMP Article

When students audit the system

Published जून 1, 2026 · Updated जून 1, 2026 · By John Brown

When Students Audit the System

When students audit the system - Recent revelations from young innovators have brought attention to the security and transparency of the Central Board of Secondary Education’s (CBSE) digital evaluation platform, On-Screen Marking (OSM). Two students, Sarthak Sidhant and Nisarga Adhikary, uncovered significant vulnerabilities in the system, prompting the board to acknowledge the issues and take corrective measures. Their findings, shared through public reports and investigative analysis, have sparked a broader conversation about the role of student-led audits in modern governance.

Science For All

The weekly science newsletter, *Science For All*, bridges the gap between complex research and everyday understanding. Crafted by science writers, it demystifies technical terms and highlights discoveries that resonate with the general public. From cutting-edge innovations to the science behind daily phenomena, the publication ensures that knowledge is accessible to all, fostering a curiosity-driven approach to learning.

Health Matters

Health Matters, another feature in the newsletter, focuses on wellness strategies and preventive care. Ramya Kannan, a health writer, guides readers through actionable steps to maintain physical and mental well-being. The column emphasizes the importance of routine, balanced diets, and stress management, offering practical insights for individuals striving to lead healthier lives.

The Leak of Vulnerabilities

Following public disclosures by ethical hackers, the CBSE revealed that its OSM platform had been compromised. These individuals identified weaknesses that could allow unauthorized access to student data and manipulation of evaluation outcomes. In a statement dated May 31, 2026, the board confirmed that the vulnerabilities had been addressed and that additional safeguards are being implemented to prevent future breaches.

The response included the deployment of a specialized team of cybersecurity experts from government departments and institutions like the IITs. This team aims to reinforce the system’s infrastructure and ensure the integrity of the digital evaluation process. The board expressed gratitude for the students’ vigilance, acknowledging that their efforts highlighted critical gaps in the system’s design.

Students as System Auditors

At the heart of the controversy are two young students who took it upon themselves to scrutinize the CBSE’s digital processes. Sarthak Sidhant, a 17-year-old from Jharkhand, published an investigative blog titled *How CBSE Rewrote Rules to Favor Coempt EduTeck*. His work delved into how the tender process for the OSM platform was modified to benefit a specific vendor, Coempt EduTeck, potentially undermining competition.

Nisarga Adhikary, a 19-year-old ethical hacker, demonstrated the system’s susceptibility by infiltrating the OSM portal. He revealed that the platform allowed him to access, modify, and even alter answer sheets. Adhikary’s findings suggest a broader issue: the CBSE’s digital ecosystem is not as secure as it appears. He further explained that student data was being processed by Google’s Gemini AI, with automation scripts developed by Coempt’s quality assurance engineers.

Implications of the Audit

Adhikary’s discovery raised concerns about data sovereignty. By sharing student information with an AI model hosted outside India, the CBSE may be compromising the privacy of millions of learners. This highlights a critical vulnerability in how sensitive data is handled, especially in a system that impacts academic performance and future opportunities.

Sidhakant’s blog, meanwhile, exposed how the tender process was manipulated. He outlined 15 key points demonstrating how the procurement criteria were adjusted to favor Coempt EduTeck. His analysis underscores the importance of transparency in public procurement, as decisions made in the name of efficiency can inadvertently create bias in the evaluation system.

Interview Insights

John Xavier, Technology Editor at *The Hindu*, interviewed both students and reflected on their findings. “The students’ work is a wake-up call for institutions that rely on digital platforms for critical functions,” Xavier noted. He emphasized that the CBSE’s response to the audit is a positive step, but more needs to be done to ensure long-term security and accountability.

“Nisarga’s finding about the Gemini API being embedded in the CBSE portal is particularly alarming. It shows how easily data can be exposed to external systems, raising questions about who controls the flow of information,” Xavier explained.

Xavier also highlighted the need for proactive measures. “Students should be equipped with the tools to understand and engage with the systems they use. This requires not just technical audits but also educational efforts to empower the next generation of digital citizens.”

Recommendations for a Secure System

Based on the students’ analysis, Xavier proposed several reforms. First, the CBSE should adopt an audit-and-review framework to ensure accountability. This could involve partnering with reputable firms like KPMG, Deloitte, or EY to conduct independent assessments of its digital infrastructure. Such audits would provide an objective evaluation of the system’s robustness and identify areas for improvement.

Secondly, transparency is key. Xavier stressed that students must be informed of system changes well in advance, enabling them to question processes that affect their grades. Large-scale modifications, particularly those involving AI or data-sharing protocols, should be tested through regional pilots before nationwide implementation. This approach allows for real-world feedback and minimizes the risk of widespread errors or biases.

The students’ efforts also underscore a broader trend: the growing role of youth in scrutinizing institutional practices. “Their actions reflect a new era of citizen-led accountability,” Xavier added. “When young people take up the mantle of auditors, it forces organizations to be more vigilant and responsive.”

Broader Lessons for Government Tech

The case of the CBSE’s OSM platform serves as a case study for government tech systems across India. Xavier questioned whether the board’s internal architecture is representative of larger bureaucratic digital initiatives. “While we don’t know if CBSE’s systems are typical, the scale of the issue is concerning,” he said. “Such platforms handle sensitive data for millions, and their vulnerabilities can have cascading effects on education and public trust.”

He called for a culture of continuous improvement in government IT operations. “The CBSE must set a precedent by integrating feedback loops and fostering collaboration between students, experts, and policymakers. Only then can we ensure that technology serves the people it’s designed for.”

Copyright © 2026, THG PUBLISHING PVT LTD. or its affiliated companies. All rights reserved.

Comments must be in English and written in full sentences. They cannot contain abusive language or personal attacks. Readers are encouraged to adhere to the community guidelines when posting their views.

The Hindu has transitioned to a new commenting platform. Registered users can continue participating, while new users must create an account and log in to contribute. Existing comments can be accessed by logging into the Vuukle system.