Who Finds the Flaws First
Phil Hill
June 16, 2026
For years, EdTech’s relative obscurity was part of its security model. Not formally, of course. Vendors still ran penetration tests, security reviews, code scans, and audits. But there was a practical reality: compared with banks, cloud infrastructure, crypto exchanges, or major consumer platforms, most EdTech systems were not worth the same level of attacker effort at least on the core products themselves.
AI may be changing that calculation.
The May Canvas breach should be read in that context. This was not simply a repeat of the September 2025 Salesforce incident, which appears to have been primarily a social-engineering attack against Instructure’s business environment. The May 2026 Canvas incident appears to have been quite different in nature: attackers found product-level vulnerabilities, then built the social engineering around those vulnerabilities.
