New Delhi: A high-level panel of experts from Indian Institute of Technology (IIT) Kanpur and Madras has found that artificial intelligence (AI) tools, particularly Claude AI, were used to gain access to the Central Board of Secondary Examination’s (CBSE) On-Screen Marking (OSM) system, reported the Economic Times (ET). The report of system vulnerability and AI usage comes as thousands of Grade XII students struggle to log into the re-evaluation portal and address their grievances.According to the New Indian Express, persisting technical glitches prevented students from accessing the OSM portal and submitting applications on Wednesday (June 3), even as CBSE claimed that thousands of requests had been successfully processed.Hundreds of students report technical glitchesKrishna, a student, wrote on X, “Facing a major issue with the revaluation portal. I spent four hours trying to apply, carefully filling in all the reasons. However, every time I hit submit, it shows an error and fails.I have already tried twice. Please help! Who should I contact to resolve ?” To this, CBSE’s X account replied, “Please check your direct message. CBSE team will assist you.”Krishna is one of the hundreds of students who have taken to social media to complain of the technical irregularities in the newly implemented digital evaluation system. Another student Ankush said on X, “I’m able to login and can even select the question and flag the issue, but whenever it comes to the payment page, it [the system] keeps getting refreshed or shows an error. What should I do?”Also read: CBSE Faces Fresh Scrutiny Over Ignoring OSM Tender Warnings, Dry Run FlagsAdvocate Vineet Jindal, voicing student complaints, said, “A mother recently shared her grievance with me. Her son was placed in the re-test category in three subjects and applied for copies of his answer sheets on May 20. However, even till today, he has not received the answer sheets.”In another post on X, he wrote, ” I have received many emails with proof of irregularities in CBSE’s OSM process. Two more cases of wrong answer sheets being provided to the students have also come to light.” He added that anyone facing issues with the OSM portal should contact him with evidence of the same.CBSE’s responseDespite continuous and unmitigated complaints against technical glitches and system irregularities, the board said 43,980 applications, including 4,924 verification requests and 39,056 applications for re-evaluation, had been accepted by Wednesday (June 3) noon. CBSE added, “Our teams remain on constant watch to ensure a secure, reliable and student-friendly platform.”The board on Tuesday (June 2) also reported a ‘denial of service’ attack to overwhelm the portal, with “1.5 million hits within two minutes and more than 100,000 unauthorised file access,” said ET. Interestingly, the report added that the Ministry of Electronics and Information Technology (MeitY) did not deem the CBSE case an instance of ‘cyberattack,’ instead treating it more as a “case of ethical hackers probing for gaps as soon as the portal was attempting to go live – gaps that were finally addressed,” said ET.In an update posted a few hours later, the board claimed that more than 56,000 re-evaluation and verification requests had been submitted by 9:30 pm on Wednesday (June 3) and the “3.8 million packet denial of service attack on the website was successfully thwarted.” It further claimed that technical teams were “proactively monitoring performance and introducing refinements to deliver a smoother, faster and more seamless experience.”CBSE Verification & Re-evaluation Portal update:The portal has accepted more than 56000 applications for verification and re-evaluation as of 9: 30PM today.This afternoon a 3.8 Million packet Denial of service attack on the website was successfully thwarted.Our technical…— CBSE HQ (@cbseindia29) June 3, 2026Portals breached using AIThe IIT Kanpur and Madras experts panel revealing that AI was used in detecting security vulnerabilities and breaching the CBSE portals further intensified the ongoing controversy surrounding the OSM system.The panel, which has been in place for a week, played a vital role in making certain the re-evaluation and verification portal went live on June 2. Beyond CBSE platforms, the panel also examined and addressed inconsistencies in the JEE Advanced portal, reported ET.Acting on its recommendations, and backed by strong support from MeitY, the CBSE-OSM data has been shifted from the private vendor to a government-managed segment of the Amazon Web Services (AWS) India, reported ET.Alongside the deployments of AI tools like Claude, the panel also found that the vendor used by the board for the digital evaluation platform, Coempt Eduteck Private Limited, did not possess the requisite capabilities or conceptual frameworks to facilitate portal security mechanisms, said ET.The panel’s judgement regarding Coempt Eduteck’s shortcomings as a service provider have been backed by claims made by Sarthak Sidhant, a 17-year-old ethical hacker, who highlighted how multiple changes in CBSE’s Request for Proposal (RFP) documents enabled the company to qualify when it otherwise would not have done so.Coempt qualified due to changes in RFP termsSidhant, speaking to The Wire, emphasised multiple major differences between the May 2025 RFP, August 2025 RFP and September 20 corrigendum. Referring in particular to the alterations made after the second round of tender requests, he argued that as opposed to the second proposal which empowered CBSE to disqualify a service provider in case they made ‘other mistakes’ such as data breach and technical problems, the final document took this power away from the board.The September 20 corrigendum also altered the condition specifying required experience for eligible service providers by stating that providers with 25 lakh ‘cumulative’ answer sheets could apply. Sidhant said this change benefited smaller and fragmented service providers like Coempt Eduteck as they could submit an aggregated record of examinations conducted under the new rules. Under the revised proposal, the condition pertaining to the company having at least 100 experienced professionals was drastically reduced to merely 15 professionals, again systematically benefiting Coempt Eduteck by taking monitoring and accountability powers away from the board.Sidhant also talked about the significant impact of removing past records of poor performance made for Coempt Eduteck. The company, formerly known as Globarena Technologies, was involved in the 2019 Telangana intermediate examination results controversy that led to multiple students dying by suicide. Leader of Opposition Rahul Gandhi invoked the company’s past indiscretions in an X post, asking, “Why was there no background check of the firm despite its controversial past.”Sidhant asserted that if the contentious changes to the final RFP document had not been made, Coempt Eduteck would never have qualified for handling millions of students’ crucially sensitive data.Next stepsAccording to ET, following the recent developments the expert panel has directed Computer Emergency Response Team (CERT-In) to conduct a security audit of the CBSE portal, while MeitY will coordinate with the National Testing Agency and CBSE “to check against any further incidents.”Also read: Govt Orders Inquiry Into CBSE’s OSM Procurement Process, Transfers Top Board OfficialsDepartments have reportedly been advised to exercise caution during procurement processes and ascertain the capability of private vendors well in advance, following recent failures of national testing authorities. The developments emphasise the far-reaching consequences of awarding important public infrastructure to a vendor that is not equipped to handle it.