Recently, 19-year-old Nisarga Adhikary highlighted alleged security weaknesses in CBSE’s online marking portal. Impressed by his work, IIT Kanpur offered him a position at its cybersecurity innovation hub. Here’s the complete story.
New Delhi: It is often said that securing a job at a prestigious institution requires years of experience, a strong professional background, and an impressive résumé. However, IIT Kanpur has surprised many by hiring a 19-year-old for one of its most important technology-focused divisions.
At an age when most students are concerned about college admissions, exams, and career planning, a young man from Siliguri, West Bengal, was busy examining the digital security of one of India’s largest education boards.
This is the story of Nisarga Adhikary, who claimed to have identified serious security vulnerabilities in the Central Board of Secondary Education’s (CBSE) On-Screen Marking (OSM) system. His findings sparked a nationwide debate, and within days, he was offered a role at IIT Kanpur’s Cyber Security Innovation Hub.
Who Is Nisarga Adhikary?
Nisarga Adhikary is a resident of Siliguri, West Bengal. He developed an interest in computers, coding, and cybersecurity at the age of six. While most children spent their time playing games, Nisarga was fascinated by understanding how websites and digital systems functioned.
In the cybersecurity community, he is often described as an “ethical hacker” — someone who identifies security flaws and responsibly reports them to organizations instead of exploiting them.
His parents work in the finance sector. Over the years, Nisarga conducted security research across various digital platforms and gradually built a reputation within the technology community. However, he gained national attention after raising concerns about CBSE’s OSM platform.
What Was the Controversy About?
In 2026, CBSE expanded the use of its On-Screen Marking (OSM) system to make the evaluation process more digital and efficient. Under this system, answer sheets are scanned and assessed online, reducing human error and accelerating the result-processing timeline.
Nisarga claimed that while examining the system in February 2026, he discovered several significant security weaknesses. According to him, certain technical vulnerabilities could potentially affect the integrity and reliability of the evaluation process if misused.
He stated that he responsibly disclosed these issues to the relevant agencies and India’s national cybersecurity response team, CERT-In. Later, he publicly released a technical report detailing his findings, bringing the issue into the national spotlight.
Social Media Erupts Into Debate
As soon as Nisarga’s claims became public, cybersecurity experts, developers, and technology professionals began analyzing the reported vulnerabilities.
Many argued that if the issues described in the report were genuine, they deserved serious attention and investigation.
Within days, the matter spread across technology forums, social media platforms, and national news outlets. Nisarga’s name quickly became a topic of discussion across the country.
CBSE’s Response
CBSE did not fully accept Nisarga’s claims.
The board clarified that the URL and platform referenced in his report were part of a testing environment and not the actual live evaluation system. According to CBSE, the real OSM platform remained secure and no security breach had been confirmed.
However, the debate did not end there.
Nisarga maintained that his findings were made in good faith and in the public interest. A section of the cybersecurity community also continued discussing the issue and examining the technical details involved.
Education Minister and IIT Experts Step In
The controversy grew large enough to attract the attention of India’s Education Minister, Dharmendra Pradhan.
He directed experts from IIT Kanpur and IIT Madras to conduct a technical review of the matter. Following these instructions, a team of four specialists visited CBSE’s headquarters in New Delhi to evaluate the security architecture and investigate the claims.
During this process, IIT Kanpur Director Manindra Agrawal met Nisarga personally. The interaction reportedly left a strong impression on him and marked a turning point in the young researcher’s journey.
IIT Kanpur Extends a Job Offer
The same young man who had recently been known as “the student who exposed CBSE’s vulnerabilities” soon received an offer from one of India’s most prestigious technical institutions.
According to reports, Nisarga Adhikary has been associated with IIT Kanpur’s Cyber Security Innovation Hub, where he will contribute to cybersecurity research and innovation projects.
The appointment represents much more than a job opportunity. It is recognition of the idea that responsible security researchers should be viewed as part of the solution rather than a threat.
No Immediate Plans for College Education
When asked about his future academic plans, Nisarga stated that he currently has no intention of enrolling in a college program.
According to him, traditional classroom education does not particularly interest him at this stage. Instead, he wants to build startups and products that can solve real-world problems and help people.
Why Is This Appointment Significant?
In India, the word “hacking” is often associated with negative activities.
However, globally, ethical hackers are regarded as an essential part of the cybersecurity ecosystem. Major technology companies such as Google, Microsoft, and Meta actively reward researchers who identify and report security vulnerabilities in their systems.
Nisarga’s case stands out because a student who raised security concerns was later recognized and hired for the very skills that enabled him to identify those issues.
It serves as a reminder that talent is not limited by age.
Also Read: Not Cristiano Ronaldo! Meet the Oldest Player to play in FIFA World Cup 2026
A New Lesson for Digital India?
Beyond the CBSE-OSM controversy, the incident offers an important lesson.
India is rapidly moving toward a digital future. Education, banking, healthcare, governance, and examination systems are becoming increasingly dependent on online platforms.
In such an environment, cybersecurity is no longer just a technical subject—it has become a matter of public trust.
Young researchers like Nisarga Adhikary highlight the fact that building strong digital infrastructure requires more than new technology. It also depends on continuous security testing, responsible disclosure practices, and a culture that values independent research.
His journey demonstrates how curiosity, technical skill, and responsible action can create opportunities that many people spend years trying to achieve.
