A cybersecurity line just got crossed. Google has now confirmed the first known case of hackers using artificial intelligence to build a working zero-day exploit that bypasses two-factor authentication. At the same time, Instructure the company behind Canvas, used by over 9,000 schools worldwide appears to have quietly paid a ransom after ShinyHunters stole 275 million student and teacher records and defaced hundreds of school login pages. And if you think these attacks are rare, new data from BlackFog says otherwise: 90% of ransomware attacks this quarter were never publicly disclosed. Most breaches never make headlines. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three stories that reveal where cybercrime is heading next and why most organizations are less prepared than they think. This Week’s Cybersecurity Breakdown 1. Canvas / Instructure Data Breach & Apparent Ransom Payment One of the largest education-sector breaches in recent memory: 275 million records allegedly stolen 3.65 TB of data taken from roughly 8,800+ schools Harvard, Stanford, Columbia, Duke, UNC, and other institutions impacted ~330 Canvas login portals defaced with ransomware messages Instructure later announced it had “reached an agreement” with attackers 2. AI Builds the First Confirmed Zero-Day Exploit Google’s Threat Intelligence Group confirmed a major escalation: AI used to create a working zero-day exploit Attack specifically targeted two-factor authentication protections Signals a shift in offensive cyber capabilities previously associated with nation-state actors AI is no longer just assisting attackers it’s helping build the attacks themselves 3. BlackFog Q1 2026 Report The Hidden Ransomware Crisis The public only sees a fraction of what’s happening: 2,160 undisclosed ransomware attacks vs. 264 disclosed Only 1 in 9 attacks becomes public Average ransom demands surpassed $1 million Data stolen in 96% of incidents before encryption Backups alone are no longer enough The Bottom Line Cybersecurity is entering a new phase. AI is accelerating offensive capabilities Ransomware groups are operating in the shadows And organizations are quietly paying attackers to keep breaches out of public view This isn’t just a technology problem anymore. It’s an operational reality every business leader needs to understand. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of ransomware, cybercrime, AI threats, and executive-level cybersecurity strategy.
