Major Security Vulnerabilities Discovered in AI-Powered Coal Mine Monitoring System
Key Takeaways
- ▸DeepSight AI Labs' coal mine monitoring platform exposed user credentials in plaintext via an unauthenticated API endpoint, with many accounts sharing identical weak passwords
- ▸Access controls relied entirely on client-side local storage, allowing unauthorized access to camera feeds and security alerts across seven Indian coal mines
- ▸The vulnerability affected critical energy infrastructure and could have been exploited to access real-time surveillance data and operational security violations
Summary
Security researcher EatonZ disclosed critical vulnerabilities in DeepSight AI Labs' RPI Dashboard, an AI vision platform used to monitor coal mines across India's Project DigiCoal modernization initiative. The system, which integrates with CCTV networks to detect anomalies using computer vision, exposed plaintext passwords through an unauthenticated API endpoint along with weak and duplicated credentials that failed even Chrome's password security checks.
The vulnerabilities extended far beyond weak password storage. Multiple APIs lacked authentication entirely, allowing unauthenticated access to live camera feeds and alert data across seven coal mines. Access controls were implemented only in client-side local storage, enabling trivial spoofing by modifying browser state. This exposed sensitive security surveillance data from India's coal mining operations, a critical energy infrastructure sector.
The researcher responsibly disclosed the vulnerability to India's CERT-IN (Computer Emergency Response Team) on August 22, 2025. After a three-month remediation process coordinating Coal India, Accenture (the implementation partner), and DeepSight AI Labs, the vulnerability was confirmed fixed on November 18, 2025. The incident underscores persistent security gaps in AI infrastructure deployment in critical industries.
- Three-month remediation timeline from August to November 2025 demonstrates the ongoing need for security-first practices in AI infrastructure deployment



