UIDAI has launched its first structured Bug Bounty Programme to strengthen the security of the Aadhaar ecosystem. The initiative invites selected cybersecurity experts and ethical hackers to identify vulnerabilities in key digital platforms and report them responsibly in exchange for rewards based on severity. The move adds an external security layer to UIDAI’s existing protection framework for its digital services.
Purpose of the Programme
The programme is designed to detect hidden security weaknesses before they can be misused. It supports the broader goal of protecting Aadhaar-related digital infrastructure, which is used by millions of residents and institutions across India. Bug bounty models are widely used by technology organisations to improve cyber resilience through controlled public testing.
Platforms Under Review
A panel of 20 experienced security researchers has been selected for the initiative. They will examine selected UIDAI digital assets, including:
- UIDAI official website
- myAadhaar portal
- Secure QR Code application
These platforms are important access points for identity-related services and therefore require strong security safeguards.
Vulnerability Categories and Rewards
The researchers will test for vulnerabilities classified as Critical, High, Medium, and Low risk. Rewards will be linked to the seriousness of the flaw discovered. This severity-based model encourages responsible disclosure and helps prioritise the most serious threats first.
Security Framework and Implementation
UIDAI already uses multiple security measures, including regular security audits, vulnerability assessments, penetration testing, and continuous monitoring. The new programme is being run in partnership with M/s ComOlho IT Private Limited, a cybersecurity solution provider. The initiative reflects the growing importance of proactive cyber defence in public digital systems.
Last Modified: April 28, 2026