Author: IBL News

IBL News | New York

SUNY leaders outlined a framework to scale AI use across the system’s 64 campuses. During a Board of Trustees meeting this month. Their goal was to establish a policy to expand the use of AI tools while setting guardrails on how they shape students’ learning, support services, and academic outcomes.

This framework requires training AI in responsible use, embedding literacy into the general education curriculum, and expanding student access to research and learning opportunities.

Some of those efforts are already underway. Twenty SUNY faculty and staff members participating in a cohort for the Public Good Fellows plan to work with colleagues to integrate AI into coursework and help students build skills to evaluate and use the technology responsibly.

At the same time, initiatives like the Empire AI consortium and a new independent AI research center at State University of New York at Binghamton aim to connect students to advanced computing resources, research experiences, and workforce pathways tied to AI.

The policy also calls for institutions to evaluate AI tools for bias, strengthen data-privacy protections and apply greater oversight to AI systems used in processes affecting students, such as tracking their academic progress or accessing campus resources.

“We’re not seeking to replace faculty, but to augment what they’re able to do and give students more academic assistance tools, and to better understand over time where interventions may be necessary or where a student may be struggling,” said Jesse Sloman, SUNY’s Chief Information Security Officer.

“One of our major concerns is making sure that SUNY data—including students’ personal information and academic records—is protected,” he said. “We don’t want a SUNY student using a SUNY AI tool and have that data used to train external models outside of narrow, contractually defined terms.”

SUNY chancellor John B. King Jr. said in a statement that the framework is designed to expand the use of AI in ways that support students while maintaining oversight.

Instructure, the maker of Canvas LMS, used by half of all colleges and universities in North America, struck a deal on Monday with the hacking criminal group ShinyHunters to return the stolen data and destroy any copies, although the company didn’t say what it had given in exchange, not disclosing the monetary value.

The company announced made the announcement this way:

“Instructure reached an agreement with the unauthorized actor involved in this incident. As part of that agreement:

• The data was returned to us.
• We received digital confirmation of data destruction (shred logs).
• We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.
• This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor.

While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved. We will continue to provide updates as that work progresses.”

We are currently organizing a webinar with Instructure leadership to detail information about the cyber attack and our activities to harden the system. We currently believe it will be on May 13 and will be done in multiple time zones.”

Canvas has more than 30 million active users worldwide, according to Instructure. The platform is used by teachers and students for coursework management and communications. Instructure said the data compromised in the hack included usernames, email addresses, course names, enrollment information, and messages.

ShinyHunters warned that it would leak an unspecified amount of data on May 12 if it did not receive a response from Instructure. In its May 3 ransom note, the group had threatened to leak “several billions of private messages among students and teachers.”

Not much is known about ShinyHunters, which is believed to have been formed around 2020. Its goal appears to be to obtain and sell personal records. One of its high-profile attacks was against Ticketmaster in 2024, when the hackers said they had stolen the user information of more than 500 million customers.

Instructure did not immediately respond to questions about whether any law enforcement agencies were involved in its dealings with the hackers. The F.B.I. advises against paying ransom to hackers, saying it does not guarantee data security and encourages attackers to target more victims.