UIDAI selects 20 bug bounty hunters to bolster India’s digital ID security

The Unique Identification Authority of India (UIDAI) has launched a structured bug bounty program.

The authority will open its core digital platforms to scrutiny from vetted cybersecurity researchers in an effort to further strengthen the security of the Aadhaar digital identity ecosystem.

A selection of 20 security researchers and ethical hackers have been chosen based on their experience for the digital ID security initiative. They will probe key UIDAI assets for vulnerabilities across critical, high, medium and low‑risk categories.

The assets include the official UIDAI website, the myAadhaar portal and the Secure QR Code application. The agency will reward valid security findings based on the severity of the vulnerability.

UIDAI is running the bug bounty program in partnership with Com Olho IT Private Limited, a cybersecurity solutions provider. The authority said the initiative adds an additional layer of defense to its existing security posture which already includes regular audits, vulnerability assessments, penetration testing and continuous monitoring.

The bug bounty program is designed to identify hidden risks by inviting independent experts to test UIDAI’s systems under controlled conditions. UIDAI said it reflects its commitment to maintaining strong information security standards and ensuring that Aadhaar‑related platforms remain secure for residents and stakeholders.

The IMF recently singled out India as a world leader in digital infrastructure, but Aadhaar has been plagued by cybersecurity challenges and vulnerabilities since its launch.

Earlier this year, neighboring Pakistan and its National Database and Registration Authority (NADRA) launched its first ever Bug Bounty Challenge 2026. The national competition is designed to strengthen the country’s digital identity infrastructure against cyber threats.

NADRA aimed to reinforce trust in its national identity systems while nurturing emerging talent by inviting ethical hackers, students and cybersecurity professionals to identify vulnerabilities responsibly. The Bug Bounty Challenge was structured as a team-based competition, emphasizing advanced security assessment and ethical practices.

In other bug bounties, OpenAI launched one focused on safety and “identifying AI abuse and safety risks” across the start-up’s products. The Safety Bug Bounty complements OpenAI’s Security Bug Bounty, which focuses on issues that pose meaningful abuse and safety risks even if they don’t appear to be a security vulnerability.

Specific issues include agentic risks like third-party prompt injection and data exfiltration, or an agentic OpenAI product performing disallowed or harmful actions.

Article Topics

Aadhaar  |  biometrics  |  bug bounty  |  cybersecurity  |  digital ID  |  digital ID infrastructure  |  India  |  UIDAI