Description: The Hindu reported that vulnerabilities in the OnMark exam-marking portal used by India's Central Board of Secondary Education (CBSE) allegedly exposed sensitive student data, including answer-sheet images. Ethical hacker Nisarga Adhikary also alleged that COEMPT Eduteck quality-assurance scripts processed students' personal information through Google Gemini. CBSE said the vulnerabilities had been contained.
Editor Notes: Classified as an incident because the reporting alleges a specific student-data exposure and near-harm episode involving CBSE's OnMark evaluation ecosystem, and separately alleges that student personal information was processed through Google Gemini in vendor automation scripts. The record should not be read as establishing that Gemini caused the portal vulnerabilities or that student marks were altered.
Entities
View all entitiesAlleged: Large language model developers and Google developed an AI system deployed by Government of India , COEMPT Eduteck and Central Board of Secondary Education, which harmed Students in India , Students , Privacy , Minors in India , Minors , Educational communities and Central Board of Secondary Education students.
Alleged implicated AI systems: Student answer-sheet databases , OnMark On-Screen Marking portal , Gemini and COEMPT automation scripts
Incident Stats
Risk Subdomain
A further 23 subdomains create an accessible and understandable classification of hazards and harms associated with AI
2.2. AI system security vulnerabilities and attacks
Risk Domain
The Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental harms, and (7) AI system safety, failures & limitations.
- Privacy & Security
Entity
Which, if any, entity is presented as the main cause of the risk
Human
Timing
The stage in the AI lifecycle at which the risk is presented as occurring
Post-deployment
Intent
Whether the risk is presented as occurring as an expected or unexpected outcome from pursuing a goal
Unintentional
Incident Reports
Reports Timeline
Loading...
After public posts by ethical hackers exposed vulnerabilities in the Central Board of Secondary Education's On-Screen Marking platform OnMark, the board on Sunday (May 31, 2026) stated that the identified vulnerabilities "have been containe…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?
