Canvas Is Down — and So Are Thousands of Classrooms

by

For many teachers, Canvas isn’t just a platform — it’s where an entire year’s worth of lesson plans lives. Assignments, curricula, discussion threads, grade books. All of it. Which makes what happened this week particularly devastating: a cybercrime group held one of American education’s most critical platforms hostage, and thousands of schools found out mid-semester that their digital backbone was gone.

Canvas parent company Instructure is reeling from an ongoing data extortion attack that disrupted classes and coursework at school districts and universities across the country, after the cybercrime group ShinyHunters defaced the platform’s login page with a ransom demand threatening to leak data on 275 million students and faculty across nearly 9,000 institutions. Instructure’s response was to take Canvas offline entirely.

How we got here:

  • ShinyHunters first claimed a breach on May 1. Instructure’s Chief Information Security Officer declared the incident contained the very next day. It wasn’t.
  • By May 6, Instructure acknowledged stolen data that included names, email addresses, student ID numbers, and messages between users — though the company said no passwords, dates of birth, government IDs, or financial information were compromised.
  • On May 7, students and faculty across dozens of schools logged in to find a ransom demand where the Canvas homepage used to be. ShinyHunters claims the haul includes several billion private messages between students and teachers. Instructure pulled the plug and replaced the login portal with a message calling it “scheduled maintenance” — a characterization that drew immediate criticism from security researchers.
  • The ransom deadline started at May 6, was pushed to May 12, and the extortion message directed affected schools to negotiate their own payments directly with the hackers — independent of whatever Instructure decides to do.

The pattern security experts are pointing to: This wasn’t a one-off. Cloudskope CEO Dipan Mann says this is at least the third time in eight months that ShinyHunters has breached Instructure’s environment. In September 2025, thousands of internal University of Pennsylvania files — donor records, internal memos, confidential materials — leaked through what investigators later determined was partly a Canvas-mediated access path. Penn was named as the victim; Instructure was framed as a bystander. Mann argues that framing was wrong then and looks catastrophically wrong now.

“The September 2025 Penn breach was the proof of concept,” Mann wrote. “The May 1 incident was the production run. The May 7 recompromise was ShinyHunters demonstrating publicly that the May 2 ‘containment’ did not happen.”

A source close to the investigation confirmed that several universities have already approached the group about paying. Notably, ShinyHunters quietly removed Instructure from its public leak site — a move these groups typically only make after receiving payment or entering active negotiations.

The timing couldn’t be worse. Countless schools are in the middle of final exams. ShinyHunters is not a single-target operation — Google-owned Mandiant’s CTO Charles Carmakal confirmed that “multiple concurrent and discrete ShinyHunters intrusion and extortion campaigns” are active right now. Recent victims include ADT, Medtronic, Rockstar Games, McGraw Hill, 7-Eleven, and Carnival.

Canvas is back online as of May 8, with Instructure saying hackers exploited a vulnerability tied to Free-for-Teacher accounts — the same entry point used in the prior week’s breach. The company has temporarily shut down those accounts while it works to resolve the underlying issue, and says it is directly contacting affected organizations.

For the teachers who built an entire school year inside Canvas, “we’re working on it” is a hard thing to hear in May.

Canvas stores an enormous amount of sensitive behavioral and academic data — exactly the kind of structured, large-scale dataset that makes education platforms an increasingly attractive target for threat actors looking to train or fine-tune AI models on real human interaction patterns.

OpenAI accelerates “AI agent phone”

by

OpenAI is reportedly moving up its AI phone timeline by a full year, now targeting mass production in the first half of 2027 — a significant acceleration that supply chain analyst Ming-Chi Kuo attributes to IPO pressure and an increasingly crowded AI hardware market.

What we know:

  • Kuo believes the faster timeline is driven by two forces: OpenAI’s desire to show investors a compelling hardware story ahead of a public offering, and mounting competition in the AI phone space.
  • MediaTek is expected to be the sole chip supplier, with the phone running two AI processors in parallel to handle vision and language tasks simultaneously.
  • The device’s headline feature won’t be raw processing power — it’ll be the image signal processor, equipped with an enhanced HDR pipeline designed to sharpen AI agents’ ability to interpret the physical world in real time.
  • If development stays on track, Kuo estimates OpenAI’s combined 2027–28 shipments could reach 30 million units.

Owning both the hardware and the OS is increasingly looking like the endgame for anyone serious about building a true agentic experience — and OpenAI clearly doesn’t want to cede that ground. But the accelerated timeline raises an awkward question: what does this mean for the device OpenAI is building with Jony Ive’s io? The acquisition came with considerable fanfare around going “beyond screens,” yet has produced little beyond a handful of rumors. If the AI phone is now the priority, io’s vision may be getting quietly sidelined — or the two products are on a collision course with each other.

Anthropic’s Washington Relationship Just Got Messy

by

The White House is pushing back on Anthropic’s bid to more than double private-sector access to its Mythos AI, citing compute constraints that could eat into the government’s own use — even as a national security memo quietly moves to defuse parts of the broader Pentagon standoff.

What’s going on:

  • Anthropic wanted Mythos access expanded from roughly 50 companies to nearly 120. U.S. officials balked, warning the wider rollout could strain compute resources the government depends on for its own operations.
  • A forthcoming White House AI memo is expected to push agencies toward multi-vendor AI adoption — and to address some of the underlying grievances that sparked Anthropic’s original feud with the Pentagon.
  • Axios reported the action would give agencies a workaround on the supply chain risk designation — even with the legal fight still ongoing.
  • GPT-5.5 has reached comparable cyber capabilities to Mythos, with former AI czar David Sacks predicting every frontier model will hit that bar within six months.

Summary: The White House’s posture toward Anthropic is shifting — but not cleanly. The administration clearly wants more of its own access to Mythos, which explains the sudden willingness to find middle ground. But with Secretary of Defense Pete Hegseth calling Anthropic “run by an ideological lunatic” just this week, the internal signals are pulling in opposite directions. It’s less a détente and more a tug-of-war between factions that want to bury the hatchet and those still looking for a fight.

Beijing stops Meta’s $2B Manus deal

by


China has blocked Meta’s $2 billion acquisition of Manus, ordering both companies to unwind the deal — and turning a Singapore-based AI startup with Chinese roots into a pointed message for any founder thinking about moving talent or technology beyond Beijing’s reach.

What happened:

  • Meta announced the deal in December. Chinese officials launched a probe in January examining export-control and foreign-investment regulations.
  • The National Development and Reform Commission formally stepped in, declaring the deal off-limits to foreign investment and directing both parties to reverse it.
  • By the time the order came down, the two organizations were already “deeply integrated” at Meta’s Singapore office — and Manus’s website had already been updated to read “now part of Meta.”
  • The ruling lands just weeks before Trump’s scheduled May summit with Xi in Beijing. Manus executives are reportedly barred from leaving China while the investigation continues.

Why is this important: Beijing just classified AI talent as a national security asset — applying the same export-control logic to people and startups that Washington uses on chips. The move raises a question that neither side has answered: with the companies already operationally merged and Meta maintaining the deal “complied fully with applicable law,” what does an actual unwind even look like? And more pointedly — will Meta comply? For founders eyeing exits to Western acquirers, Beijing just made the off-ramp a lot narrower.

DeepSeek’s Back, and It’s Bringing a Price War

by

Chinese AI lab DeepSeek has unveiled preview builds of its long-awaited V4, a new family of open-source models boasting 1M-token context windows, Huawei chip support, and pricing that puts serious pressure on U.S. competitors.

What’s in it:

  • Early third-party benchmarks rank V4 Pro near the top of the open-source field, and DeepSeek’s own evals put it in the same tier as GPT-5.4 and Gemini 3.1-Pro on reasoning tasks.
  • It leads Vals AI’s Vibe Code Bench, though it lands in the fourth tier on AA’s Intelligence Index, alongside Meta’s Muse Spark.
  • At $1.74/$3.48 per million input/output tokens, V4 Pro costs a fraction of GPT-5.5 ($5/$30) and Opus 4.7 ($5/$25) — a price gap that’s hard to ignore.
  • Huawei confirmed its Ascend chips can run V4, offering the clearest proof yet of a functional AI infrastructure stack built entirely outside of Nvidia.

DeepSeek is back — and while markets aren’t in freefall this time, V4 reframes the AI competition around cost as much as raw capability. The Huawei angle may ultimately be the bigger story, though. A domestic Chinese chip stack demonstrating real-world viability suggests that U.S. export restrictions, long seen as a hard ceiling on China’s AI ambitions, may be a more porous barrier than assumed.

OpenAI retakes the frontier with GPT 5.5

by

OpenAI has unveiled GPT-5.5, internally codenamed “Spud,” marking a significant step forward in its model lineup. The release is being framed as a new class of intelligence, with performance gains that place it at or near the top of industry benchmarks—reportedly edging past Anthropic in several key areas.

Key Highlights

  • GPT-5.5 achieves top-tier results across reasoning, agent-based tasks, coding, and computer-use benchmarks, with some metrics approaching those seen in leading models like Claude Mythos.
  • Despite the performance gains, the model maintains similar speed to GPT-5.4 while improving efficiency. OpenAI notes that both Codex and GPT-5.5 were used to help optimize its own GPU infrastructure.
  • API pricing is set at $5 per million input tokens and $30 per million output tokens, with OpenAI positioning it as roughly half the cost of competing frontier coding models.
  • The rollout includes availability across ChatGPT plans and within Codex, including specialized Thinking and Provariants, alongside continued emphasis on generous usage tiers.

Why It Matters

After a stretch where Anthropic held much of the momentum, the competitive landscape appears to be shifting again. OpenAI is moving quickly with high-impact releases, signaling a renewed push to lead at the frontier. At the same time, Anthropic has been facing user concerns around rate limits and output quality, making this a notable moment in the broader AI race.

U.S. flags Chinese labs ‘industrial-scale’ AI theft

by

The White House has released a memo formally accusing Chinese AI companies of running “industrial-scale” distillation operations against American frontier labs — a significant escalation arriving just weeks before Trump’s planned summit with Xi Jinping in Beijing.

What’s going on:

  • Distillation means training smaller models on the outputs of mor powerful ones. The memo, authored by Kratsios, alleges China is doing this systematically through thousands of fraudulent API accounts and jailbreak exploits.
  • Anthropic had already privately called out DeepSeek, Moonshot, and MiniMax for distillation back in February. This memo takes those allegations public and enshrines them as federal policy.
  • The Chinese embassy pushed back hard, branding the accusations as baseless — a response that sets an awkward tone ahead of the May 14–15 Beijing summit.
  • A House Foreign Affairs bill that passed its first vote this week would pressure the administration to place distillation offenders on the U.S. export blacklist.

Why it matters: Dario Amodei has publicly positioned China as roughly 6–12 months behind leading U.S. labs. The Kratsios memo challenges the narrative around how that gap is being closed — framing Chinese AI progress less as homegrown innovation and more as a product of systematic data extraction. The real question is how much of DeepSeek’s and Kimi’s trajectory actually traces back to distillation, versus genuine research breakthroughs. That distinction carries enormous implications for how the U.S. responds — and how seriously to take the threat.