Sibi Chakkaravarthy Sethuraman · June 2026

AI is not just ChatGPT on your phone

A plain-language briefing for government staff — exam leaks, portal disasters, and why that chat app on your desk is a security problem.

↓ ↑ navigate · F fullscreen

What is AI, really?

Not magic. Not a person. A pattern-matching engine that guesses the next word — very convincingly.

• Everything you type can leave your building

  Consumer AI stores conversations on vendor servers. 'Delete chat' ≠ gone from everywhere.

• It will answer even when it doesn't know

  Hallucination isn't a bug — the system is built to sound fluent, not to admit ignorance.

• It works for the company that runs it

  Not for your department, not for the citizen whose Aadhaar you pasted in.

Rule of thumb: if you wouldn't fax it to a stranger in California, don't paste it into ChatGPT.

We start with India because the wounds are fresh

NTA, CBSE, state commissions — and your own office laptop.

• Crores of students bet their futures on portals that crash on result day

• Paper leaks still travel on Telegram — human couriers, not hackers in hoodies

• Finance Ministry told staff in Jan 2025: stop using ChatGPT on office machines

• The leaks today need people. Tomorrow they may not.

NEET 2024 — the leak the Supreme Court acknowledged

• May 5: paper out before the exam ended

  CBI traced it to Oasis School, Hazaribagh — principal + centre superintendent.

• ~155 students got direct benefit

  Networks in Patna and Hazaribagh; coaching centres in the loop.

• Too many perfect scores

  Unusual count of 720/720; grace marks fight dragged for weeks.

• Court said leak was real — but refused full re-test

  Results stood. Students who didn't cheat still paid the trust tax.

Insider + WhatsApp + Telegram. Same playbook for decades.

NEET 2026 — entire exam cancelled. First time ever.

• Fresh leak allegations while 2024 cases still in court

• Students protested nationwide — years of prep nullified overnight

• Strongroom security, logistics, coaching nexus: unchanged weaknesses

• Public Examinations Act 2024 is law. Enforcement is still catching up.

A phone photo → OCR → Telegram bot → 50,000 subscribers. That pipeline can run without a human courier.

CUET, UGC-NET, SSC — same disease, different headlines

• CUET: wrong papers handed out, registration servers dying mid-upload

  Kanpur centre got the wrong set. Thousands re-tested.

• UGC-NET June 2024: 9+ lakh candidates sent home — exam cancelled next day

• Plot twist: CBI said one 'leak' was a teenager's fake screenshot

  Hoaxes and real leaks now look identical. Verification before panic matters.

• SSC CGL 2025: candidate held the mouse, answers filled themselves

  Dhanbad centre — exam server linked to remote operator.

• JEE Main 2025: result day = 500 errors for 13 lakh students

CBSE 2026 — master password in the frontend

Teen ethical hackers Nisarga Adhikary & Tirth Parmar opened DevTools and found the keys to the kingdom.

• const MASTER_PASSWORD = '...' — sitting in JavaScript anyone can read

• SQL injection paths, no IP restrictions, evaluator logins exposed

• Public S3 buckets: answer sheets, question papers, scanned booklets — no login required

• CBSE said 'test portal' at first. Then admitted gaps. IIT teams called in.

• Vendor reportedly ran answer sheets through Google Gemini

  Third-party AI on children's exam data. Think about that.

Vibecoded: ship fast, audit never, pray.

It's not just exams — your portals leak too

• Income Tax e-Filing: change PAN in URL → see someone else's Aadhaar + bank account

  135 million registered users. Classic missing auth check.

• S3WaaS govt cloud: years of open buckets with vaccination + passport data

• Maharashtra 2025: Police, MPSC, pension logins on the darknet

• Same failure mode as CBSE — misconfiguration, not genius hackers

A .gov.in domain does not mean someone audited the code.

The ChatGPT habit in government offices

• FinMin circular, Jan 2025: no ChatGPT / DeepSeek on official devices

• Rajya Sabha, Mar 2025: no blanket ban — but confidentiality rules haven't gone anywhere

• Samsung engineers pasted chip secrets into ChatGPT three times in 20 days

  If Fortune 500 engineers do it, your clerk will too.

• 'I'm just cleaning up the wording' = uploading sovereign data to a US cloud

Never paste: Aadhaar, citizen complaints, draft circulars, meeting minutes with names, file numbers.

Deepfakes are already stealing money here

• Fake PM / FM videos selling 'government-backed' crypto schemes

  Go Invest, Cryptify — Times of India layout cloned.

• Pune army veteran: Rs 1 crore gone to deepfake ministers + fake trading app

• 3 seconds of your kid's voice on Instagram → convincing 'kidnap' WhatsApp call

  Delhi: Rs 50,000 lost. Kerala retiree: Rs 40,000.

• Retired govt staff are the bullseye — they trust voice and uniform

1930 · cybercrime.gov.in — print it. Pin it. Repeat it.

Pause — real help already exists

You don't need to become a cyber expert overnight. Government built channels for exactly this.

• Step 1: Stop. Don't pay. Don't share OTPs.

  Scammers rush you so you can't think. Taking 60 seconds is allowed.

• Step 2: Call 1930 or report at cybercrime.gov.in

  National helpline — banks may freeze fraudulent transfers if you act quickly.

• Step 3: Walk to your IT desk or cyber cell the next morning

  You are not bothering anyone. This is their job.

• Step 4: Tell two colleagues what happened — they may be next

  Sharing the story prevents panic, not embarrassment.

One reported scam can save a dozen colleagues from the same trap. You did the right thing.

You are not alone in this.

Fake 'cyber police' vs the real thing

Scammers wear the uniform in a video. Real officers follow different rules.

• Real: you report → you get a reference number → follow-up through official channels

• Fake: urgent WhatsApp call, demands immediate UPI 'verification deposit'

• Real: never asks for your ATM PIN, OTP, or remote screen-sharing app

• Fake: threatens arrest in one hour unless you pay now

  Fear is the product. Slow down.

• When in doubt: hang up, call 1930, verify on cybercrime.gov.in

Trust the number you dial — not the number that dialled you.

AI is already guarding your UPI payments

NPCI and RBI now run AI/ML models that score every suspicious transaction in real time — and have declined fraud before it left the account.

• UPI fraud jumped 85% in FY 2023–24 — Rs 1,087 crore lost

  NPCI's answer: stop reacting after the theft, start predicting it.

• AI assigns a risk score to mule accounts based on money-flow history

  When a fresh account suddenly collects from many people, the model flags it.

• Banks get an alert → they call you → 'why this transfer?' before it clears

  NPCI says it has already declined fraudulent transactions this way.

• RBI's upcoming DPIP will score payments using telecom + cybercrime data

  Mule accounts and synthetic IDs spotted before the money moves.

This is AI on the citizen's side — quietly, millions of times a day.

One small action → damage at scale

• Paste a draft circular → vendor breach → text in a future model

• One camera flash in a strongroom → Telegram → lakhs of futures altered

• One password in source code → every answer sheet downloadable

• One deepfake clip → thousands of UPI transfers before fact-checkers wake up

Today: humans at every step. Tomorrow: scripts connecting each step. The blast radius stays the same.

Your 'anonymous' posts aren't anonymous

From the deanonymizer project — fusing small clues across platforms.

• Employer, city, schedule, writing style — stitched together by an LLM

• 'Just venting about work' can name your department and your tehsil

• LinkedIn + Facebook + that forum you forgot about = enough for targeted phishing

AI caught a real attack before the hackers could strike

Google's 'Big Sleep' AI agent found a critical SQLite flaw that only criminals knew about — and got it patched first.

• Nov 2024: Big Sleep found the first-ever zero-day discovered by an AI agent

  An exploitable memory bug in SQLite — software running inside billions of devices.

• July 2025: it found CVE-2025-6965 — a flaw attackers were about to use

  Google says this is the first time AI directly foiled a real in-the-wild exploit.

• Same idea protects the boring software your portals quietly depend on

  SQLite sits under countless government and banking apps.

• The lesson: AI doesn't only help attackers — it gives defenders a head start

Found and fixed before users were ever at risk.

Machines that find and fix bugs — proven at DEF CON

DARPA's AI Cyber Challenge (Aug 2025) put autonomous AI systems against real code. They delivered.

• AI systems scanned 54 million lines of code for vulnerabilities

• Found 54 planted bugs and 18 real, unknown zero-days — then auto-wrote patches

  Average fix time: about 45 minutes per vulnerability.

• Winners (Team Atlanta, Trail of Bits, Theori) shared $8.5M — and open-sourced everything

  DARPA will point these tools at real critical-infrastructure code, including health care.

• This is the same kind of audit India's exam and citizen portals desperately need

Imagine this run against a portal before launch — instead of teen hackers finding the master password after.

When attackers used AI, defenders' AI caught them

Nov 2025: Anthropic detected and shut down the first AI-run espionage campaign — in about 10 days.

• A state-linked group tricked an AI agent into doing 80–90% of an attack

  Reconnaissance and exploitation at thousands of requests per second — impossible for humans.

• Anthropic's threat-intelligence team spotted the abuse and disrupted it

  Accounts banned, ~30 targeted organisations warned, defenses upgraded.

• The AI even 'hallucinated' fake credentials — slowing the attackers down

• Takeaway: monitoring + AI defenders can match AI-speed attacks

The defenders are using the same tools — and they're watching.

So what can AI safely do at your desk?

Think of it as a fast junior clerk who never sleeps — but who shows every draft to you.

• Summarise long public circulars into plain language for citizens

• Draft first versions of replies and translations — you edit, approve, sign

  Tamil, Telugu, Marathi, Bengali notices with human review.

• Answer routine staff questions at night via a guarded internal bot

  This workshop's /demo — try it after the session.

• Check your own public footprint defensively

  /demo?tab=audit — see what strangers could infer about you.

Positive AI = approved tool + human sign-off + audit trail. You stay the decision-maker.

The machine proposes — you dispose

That is the whole governance model. AI doesn't change who is accountable.

• AI drafts → you read → you edit → you approve → you send

• AI flags a risky transaction → a human officer makes the call

  Exactly how NPCI's fraud alerts work — the bank still phones you.

• If output feels wrong, discard it — no penalty, no machine override

• No honest vendor sells 'replace the officer' — only 'assist the officer'

Awareness ≠ anxiety. You now know both the risks and the tools fighting them.

Zoom out — the world isn't waiting for us

Global attacks land on Indian phones first.

• One phishing email every 19 seconds globally (2025)

  Hindi + English lures referencing real scheme names.

• Poisoned email → your AI assistant reads it → secrets leave zero-click

• Research bots rebuild CVE exploits for ~$3 each

  Patch Tuesday becomes irrelevant if Tuesday never comes.

Claude Mythos — Anthropic's 'do not release' model

Feb 2026. Too good at cyber offence. Kept in the lab. Still tells us something.

• Maker called it their 'most aligned' model — and their highest risk

• 244-page system card documents behaviour shifts under pressure

  Not sentience. Measurable patterns that change outputs.

• More trust → more autonomy → bigger fallout when edge cases hit

• Mythos is the lab extreme. ChatGPT on your PC is Tuesday.

Talking to AI like a friend is a security mistake. It has no duty of care to you.

Headlines you will cite in meetings

• EchoLeak (2025): M365 Copilot leaked inbox via a crafted email — no click needed

• Snowflake (2024): 165 orgs — stolen passwords, MFA missing

• Samsung (2023): banned ChatGPT after source code pasted thrice in 20 days

• Fake leak screenshots can cancel exams for lakhs — verify before you panic

Why bother building a cybersecurity chatbot?

• Staff will ask someone. Better a guarded bot than random ChatGPT.

• Plain-language answers at 11 PM when IT is gone

• Refuses data exfiltration requests — by design

• Demo on next page — live, with guardrails

Three layers — that's it

• System prompt: role, refusals, Indian context

  What the bot is allowed to say no to.

• API route: messages in, streamed replies out

  Vercel + OpenAI in our demo. Your dept may use on-prem.

• Guardrails: PII warnings, audit logs, approved-tool list

  Demand all three from any vendor selling you 'AI transformation'.

Pin this to the notice board

• DO call back on official numbers — not the one in the video

• DO ask IT before installing any AI app on office machines

• DO report weird portal behaviour the day you see it

• DON'T paste citizen data into free AI tools. Full stop.

• DON'T trust AI answers for legal or security decisions

• DON'T assume .gov.in = secure

Live demo — ask it something

Workshop only. Fake questions welcome. Real government data forbidden.

• "Can I paste an Aadhaar into ChatGPT to format it?"

• "A minister video told me to invest on WhatsApp — real?"

• "What should we do after the CBSE bucket story?"

→ /demo · /demo?tab=audit (deanonymizer)

What your department actually does Monday

• One-page AI policy: approved tools, banned actions, who to call

• Treat exam + citizen portals as critical infrastructure — audit vendors

• MFA everywhere. No shared passwords. No master password in JavaScript.

• Verification protocol before cancelling exams or publishing leak notices