UIDAI Launches Bug Bounty Programme to Enhance Aadhaar Security

Bug bounty programs have become a cornerstone of modern cybersecurity, allowing organizations to tap into a global pool of talent that thinks like attackers. For a platform as pervasive as Aadhaar—used for banking, welfare distribution and countless online services—the stakes are exceptionally high. Leveraging external expertise helps uncover subtle attack vectors that automated scans and internal teams might overlook, aligning India with leading tech firms that have embraced crowdsourced vulnerability discovery.

UIDAI’s pilot targets three high‑traffic assets: the main UIDAI website, the myAadhaar portal and the Secure QR Code application. A curated panel of twenty ethical hackers will conduct non‑disruptive testing, focusing on authentication bypasses, API misconfigurations and potential data leaks. Reports are funneled through a partnership with ComOlho IT Private Limited, which validates claims and coordinates remediation. Financial incentives are tiered—critical, high, medium and low—encouraging researchers to prioritize the most dangerous flaws while ensuring a structured payout system.

The broader impact extends beyond immediate risk reduction. Demonstrating a commitment to transparent, proactive security can bolster user confidence in Aadhaar, a prerequisite for its continued role in digital finance and government services. If the pilot yields substantive findings, UIDAI is likely to expand the program, mirroring the evolution seen at major tech companies. This move also signals to regulators and industry peers that safeguarding national identity infrastructure now includes community‑driven testing as a standard practice.