BotBeat
...
← Back

> ▌

DeepSight AI LabsDeepSight AI Labs
POLICY & REGULATIONDeepSight AI Labs2026-07-08

Major Security Vulnerabilities Discovered in AI-Powered Coal Mine Monitoring System

Key Takeaways

  • ▸DeepSight AI Labs' coal mine monitoring platform exposed user credentials in plaintext via an unauthenticated API endpoint, with many accounts sharing identical weak passwords
  • ▸Access controls relied entirely on client-side local storage, allowing unauthorized access to camera feeds and security alerts across seven Indian coal mines
  • ▸The vulnerability affected critical energy infrastructure and could have been exploited to access real-time surveillance data and operational security violations
Source:
Hacker Newshttps://eaton-works.com/2026/07/08/coal-india-camera-hack/↗

Summary

Security researcher EatonZ disclosed critical vulnerabilities in DeepSight AI Labs' RPI Dashboard, an AI vision platform used to monitor coal mines across India's Project DigiCoal modernization initiative. The system, which integrates with CCTV networks to detect anomalies using computer vision, exposed plaintext passwords through an unauthenticated API endpoint along with weak and duplicated credentials that failed even Chrome's password security checks.

The vulnerabilities extended far beyond weak password storage. Multiple APIs lacked authentication entirely, allowing unauthenticated access to live camera feeds and alert data across seven coal mines. Access controls were implemented only in client-side local storage, enabling trivial spoofing by modifying browser state. This exposed sensitive security surveillance data from India's coal mining operations, a critical energy infrastructure sector.

The researcher responsibly disclosed the vulnerability to India's CERT-IN (Computer Emergency Response Team) on August 22, 2025. After a three-month remediation process coordinating Coal India, Accenture (the implementation partner), and DeepSight AI Labs, the vulnerability was confirmed fixed on November 18, 2025. The incident underscores persistent security gaps in AI infrastructure deployment in critical industries.

  • Three-month remediation timeline from August to November 2025 demonstrates the ongoing need for security-first practices in AI infrastructure deployment
Computer VisionMLOps & InfrastructureCybersecurityPrivacy & Data

Comments

Suggested

Alphabet / GoogleAlphabet / Google
POLICY & REGULATION

Waymo Remotely Stops Driverless Car After Detecting Teens With Toy Gun, Sparking Privacy Debate

2026-07-08
RadixArkRadixArk
OPEN SOURCE

RadixArk Launches Miles: Open-Source Framework for Production-Scale LLM Reinforcement Learning

2026-07-08
DiscordDiscord
UPDATE

Discord's AI Moderation Bug Wrongfully Bans 8,000+ Users Over Harmless Images

2026-07-08
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us