Rylen Anil, a 16-year-old Indian student based in Dubai, has sparked a national conversation on cybersecurity after ethically exposing major backend vulnerabilities in India’s high-stakes national exam portals.
Within a span of just two weeks, the teenage researcher successfully bypassed administrative dashboards for both the National Testing Agency (NTA) and the JEE Advanced results system, prompting urgent security patches by government agencies.
In late May, Anil turned his attention to the NTA’s re-examination portal for the NEET-UG medical entrance test. Using basic penetration testing techniques, he bypassed the "super-admin" dashboard in just three hours.
The security flaw exposed the highly sensitive contact data of roughly 13k exam officials, including 7.9k exam observers, 670+ city coordinators, and 5.4k test centre heads.
Realising the gravity of the leak, Anil immediately filed a report with India’s national cyber agency, CERT-In.
The NTA took the portal offline to fix the vulnerability, and NTA Director General Abhishek Singh personally reached out to the teenager to thank him for his responsible disclosure.
Days after the NTA incident, Anil discovered another massive data exposure, this time within the JEE Advanced 2026 portal managed by IIT Roorkee.
He found an unsecured cloud storage bucket that left the result records of nearly 180k engineering candidates completely visible to the public. Anyone with the URL could access 179.6k exam results and 187.3k candidate admit cards, exposing full names, dates of birth, and phone numbers. Following Anil's alert, IIT Roorkee patched the server and confirmed that no data had been maliciously extracted.
Anil is part of an emerging cohort of teenage ethical hackers, including fellow student Nisarga Adhikary, who recently exposed security gaps in the CBSE evaluation portal.
While their findings drew mixed reactions online, Anil strongly defended their work as a service to national security. "We are being more nationalist by raising these issues," Anil stated, emphasizing that finding these loopholes responsibly keeps citizen data safe from malicious foreign actors.
Copyright © © 2022 Copyright. All Rights Reserved with Arth Parkash