'Are you going to jail?': Dubai teen who exposed India's NEET, JEE flaws recalls parents' shock

A 16-year-old student from Dubai, Rylen Anil, recently uncovered security flaws in India’s National Testing Agency (NTA) portals for the NEET and JEE Advanced entrance exams. The vulnerabilities included weak credentials on the NTA portal and a misconfigured cloud server on the JEE portal, potentially exposing applicants’ phone numbers, parents’ names, and dates of birth. Rylen discovered the issues after learning about a separate breach in the CBSE’s educational portal. He spent just two or three hours identifying the flaws, which he described as surprisingly easy to exploit. Instead of exploiting them, he reported the vulnerabilities to India’s Computer Emergency Response Team (CERT-In) and shared details on Twitter, triggering widespread attention. The teenager’s responsible disclosure led to immediate action from NTA’s Director General, Abhishek Singh, who thanked him for bringing the issues to light. Rylen later explained that his parents initially feared legal consequences due to sensationalized media coverage, but he reassured them by clarifying his ethical approach. His interest in cybersecurity began in Grade 8, fueled by a passion for programming and technology. Rylen now aims to pursue a degree in cybersecurity and aspires to become a chief information security officer, with plans to study in the U.S. He also credits gaming with sparking his early fascination with technology and problem-solving. The incident has highlighted broader concerns about cybersecurity in India’s education sector, where student data remains at risk. Rylen’s case serves as an example of how ethical hacking can protect millions while inspiring others to follow a similar path.