After responsibly reporting vulnerabilities in India’s two largest entrance exam systems, 16-year-old Rylen Anil unexpectedly found himself at the centre of a viral storm.
A 16-year-old Dubai-based student, Rylen Anil, recently highlighted vulnerabilities in the systems supporting India’s highly competitive NEET and JEE Advanced examinations. However, sensational media coverage in India led to an unexpected reaction at home.
“When I got home from school, my parents asked if I was going to jail because the first headline we saw said ‘16-year-old hacked into NTA’s (National Testing Agency) website.’ I explained what really happened, and they were proud of me for responsibly bringing the issue to light,” he told on Thursday.
The Grade 12 CBSE student’s discovery attracted widespread attention after he identified security vulnerabilities in portals linked to two of India’s most important entrance examinations. What began as curiosity soon evolved into a lesson in responsible disclosure and ethical hacking.
Curiosity sparked the investigation
Rylen said the idea emerged after a separate security breach involving Central Board of Secondary Education’s on-screen marking portal. He is among a small but growing group of young ethical hackers, alongside peers such as Nisarga and Sarthak.
“When I spoke to those who had accessed the CBSE gateway, I realised many portals have security gaps. That’s how I got the idea to test the JEE and NEET systems,” he said.
According to Rylen, the vulnerabilities were unexpectedly easy to uncover.
“It took me two or three hours to access both portals. I did it out of curiosity.”
Sensitive student data at risk
The teenager said he identified serious weaknesses in the systems.
“The issues I noticed were that the NTA portal used extremely weak credentials, while the JEE portal had a misconfigured cloud server,” he explained.
He added that the flaws could have exposed sensitive personal information belonging to applicants.
“All applicants’ phone numbers, parents’ full names, students’ dates of birth and more. These details could affect performance outcomes.”
Rather than exploiting the vulnerabilities, Rylen chose to report them through official channels.
“First I reported the vulnerabilities to CERT-In, then posted about it on Twitter. That’s how people learned about it,” he said.
“The response was far greater than I expected. When I woke up the next morning, I saw the post had gone viral. At first, I was scared. I never expected such a massive following.”
Authorities respond
His efforts were acknowledged by officials.
“The NTA Director General, Abhishek Singh, contacted me and thanked me for identifying the vulnerabilities and bringing them to the agency’s attention. After my report, the issue was addressed promptly.”
A passion nurtured since Grade 8
Rylen’s interest in technology began early.
“Since Grade 8, I have explored computer systems and have always been interested in programming,” he said.
That passion has now developed into clear career goals.
“I want to pursue cybersecurity as a degree, and I dream of becoming a chief information security officer one day. I also want to study in the US,” he added.
Gaming, guidance and a bigger purpose
He credits gaming as an early gateway into technology.
“I used to play games like Minecraft and Fortnite. That’s how I got inspired. It helped me develop an interest in computer science,” he said.
Rylen also acknowledged the role of his teachers in shaping his journey, saying they encouraged him to take part in competitions and supported his interest in technology.
He believes ethical hacking can play an important role in strengthening digital systems.
“Ethical hacking can expose vulnerabilities in organisations’ systems, ultimately making them more secure.”
