Jul. 8, 2026

When the Classroom Goes Dark: Lessons From the Canvas Breach for Corporate Cyber Preparedness

A single design decision can turn a widely trusted platform into an enterprise-wide liability. When students logged into Canvas in May 2026 expecting coursework, they instead encountered a ransom message from ShinyHunters revealing an attack that disrupted thousands of institutions during finals week and forced the platform’s owner to pay under threat of data release. The breach was not driven by technical sophistication, but by a structural flaw. In this guest article, Finnegan partner Lynn Parker Dupree, associate LaQuan Bates and law clerk Nico Prentosito examine how the breach unfolded, the threat model behind it and what it reveals about the evolving cyber risk environment. They also outline how organizations should strengthen incident response planning, cross-functional governance and technical controls across SaaS and identity architectures. See “Considerations for Improving Defenses to AI-Enabled Ransomware Attacks” (Jan. 14, 2026).

Breaking Down the Trump AI Executive Order and Its Implications for the Private Sector

President Trump’s recent executive order on AI and cybersecurity (AI EO) directs the federal government to prioritize strengthening cyber defenses across government information systems and critical infrastructure. The AI EO calls for the creation of forums for AI developers to share information to better understand and respond to emerging threats, while signaling a heightened law enforcement focus on threat actors who use AI to carry out cyberattacks. This article, with expert insight from Jenner & Block, Mayer Brown and Pillsbury, provides an overview of the AI EO’s provisions, discusses its potential implications for private companies and offers key considerations for participation in the programs it aims to create. See “Staying Compliant After Trump AI Executive Order Introduces Regulatory Uncertainty” (Jan. 14, 2026).

AlixPartners Survey Finds Companies’ Risk Readiness Lags Awareness

Although compliance teams recognize key business risks, many U.S. companies remain unprepared to address them, according to AlixPartners’ 2026 U.S. Risk Survey (Survey). The Survey found that the absence of prescriptive federal rules on AI is exacerbating risks, and that cybersecurity and data privacy rank high among worries. Lisa Osofsky, a partner with the firm who was among the Survey’s authors, spoke to the Cybersecurity Law Report about the Survey results and what lessons companies should take away from the findings. This article distills insights from the Survey along with her comments. See our two-part series on the AI laws in Colorado and Connecticut: “Mapping Scope and Core Provisions” (Jun. 10, 2026), and “Preparing to Comply” (Jun. 17, 2026).