275M Canvas Users Hit , Vercel Deepsec AI scanner , Meta dro

Three weeks, three different shapes of the same problem: the security model of the last decade is being rewritten in real time.

What You Need to Know: ShinyHunters breached Instructure's Canvas LMS and exfiltrated 3.65TB of data tied to 275 million users across nearly 9,000 institutions, defacing login portals with a ransom note. Instructure paid the ransom and shut down Free-for-Teacher accounts. Vercel open-sourced deepsec, a coding-agent-driven security harness that uses Claude Opus 4.7 and GPT-5.5 to find vulnerabilities at scale. And Meta quietly removed end-to-end encryption from Instagram DMs after low opt-in, steering users toward WhatsApp.

Why It Matters

• The Canvas breach hit 9,000 institutions and 275M users in the same week schools were running finals. The attacker chain was XSS bugs in user-generated content, used to hijack authenticated admin sessions. The vulnerability class is not exotic — it is a textbook content-trust failure at massive scale. If you ship any product where end users can author HTML, the Canvas chain is the new reference design for how you get owned.
• deepsec is the first open-source security scanner that treats "find bugs" as an agentic loop, not a regex pattern. Vercel reports a 10–20% false positive rate after a second-pass revalidate step. That is roughly the accuracy of a senior human, but the harness runs at parallel scale across 1,000+ sandboxes. The economics of "should we run a security review" just changed.
• Meta dropped E2E for IG DMs after low opt-in. That sounds like a product decision. It is also a child-safety decision, a regulatory decision, and a precursor to using Instagram message content for ad targeting — Meta has not ruled that out. The encrypted-messaging default is no longer the direction of travel; it's a feature you have to opt into.
• For builders: the threat model for "user-generated content" and "end-to-end encryption" both shifted this week. If you ship a SaaS with a content editor, you have a Canvas-shaped risk. If you ship a messaging product, you have an IG-shaped regulatory fight coming.

What Actually Happened

Canvas / Instructure: 275M records, ransom paid

KrebsOnSecurity reported that ShinyHunters defaced Canvas login pages at nearly 330 institutions with a ransom note threatening to leak 3.65TB of stolen data tied to 275 million users at roughly 9,000 schools, colleges, and universities. BleepingComputer later confirmed the attack chain: Instructure said the attackers chained multiple XSS bugs in Canvas LMS user-generated content features to hijack authenticated admin sessions and replace the login portal with the ransom demand. The exfiltrated data contains usernames, email addresses, course names, enrollment information, and messages. Course content, submissions, and credentials were not compromised, per Instructure.

Instructure's May 12 update: the company "reached an agreement with the unauthorized actor" — paid a ransom — and received confirmation of data destruction. Free-for-Teacher accounts were temporarily shut down. Instructure revoked privileged credentials and access tokens for affected systems, rotated internal keys, restricted token creation pathways, and deployed additional security controls. The vulnerability was in a Free-for-Teacher support-tickets flow. Halcyon, the incident response firm, warned that the leaked data is "enough personal context to conduct targeted phishing campaigns against staff, students, and parents" and recommended phishing advisories and direct communications to affected institutions immediately.

Vercel open-sources deepsec

Vercel published deepsec on GitHub as a coding-agent-driven security harness for finding vulnerabilities in large codebases. The tool runs locally or fans out across 1,000+ Vercel Sandboxes for parallelism, and chains scan → investigate → revalidate → enrich → export. Under the hood it uses Claude Opus 4.7 at max effort and GPT-5.5 at xhigh reasoning, routing through the user's existing Claude or Codex subscription via Vercel's AI Gateway. Vercel reports a 10–20% false positive rate after the second-pass revalidate step. The tool is best suited for applications and services rather than libraries.

The architecture is the interesting part. The first pass uses regex-based static analysis to flag security-sensitive files (auth, secrets, payments, data layer). The second pass uses coding agents to trace data flows and check mitigations. The third pass revalidates findings to cull false positives. The fourth pass enriches each finding with context. A plugin system lets teams add custom regex matchers tuned to their auth model or data layer. The economic shift: a security review that used to require a senior human is now a CI job that runs against a parallel sandbox fleet.

Meta removes Instagram DM E2E

The Register reported on May 8 that Meta removed the option for end-to-end encrypted Instagram DMs, citing low opt-in rates. Users are being steered toward WhatsApp, which remains fully E2E-encrypted. Child protection groups had opposed wider encryption; privacy groups and Proton warned users now face greater exposure and unclear handling of past encrypted chats. Meta already uses private AI interactions for ad targeting, and has not ruled out similar use of Instagram message content. The change rolled out on May 8, 2026, and existing encrypted chats are being moved to non-encrypted status with limited notice.

The Take

Three weeks, three different threats, one conclusion: the perimeter of "what we trust" is shrinking in real time. Canvas shows that even institutions running the same LMS for a decade can be toppled by a chain of XSS bugs nobody audited at the time. Vercel's deepsec is the response — a tool that doesn't pretend a single human can review 1M lines of code, and instead wraps the audit loop in agents. Meta's encryption reversal is the third signal: encryption is no longer a default the industry is racing toward. It is a feature with a political price tag, and Meta has decided the price is too high.

The Canvas ransom payment is the part the security community will debate for months. Instructure paid, got the data back (allegedly), and avoided a leak that would have hit 275M people including minors. The argument for paying: damage control. The argument against: it funds the next attack. There is no clean answer. There is only the lesson that content-trust boundaries in multi-tenant SaaS need to be re-evaluated now, not after a 3.65TB leak.

Vercel's deepsec is the most actionable item here. If you run a SaaS with auth, payments, or a content editor, the harness is free, the FP rate is in the same range as a senior human, and the parallelism means a 1M-line codebase review is now a weekend job, not a quarter-long engagement. Run it before someone else does.

The Instagram E2E reversal is the quiet story with the loudest long-term consequences. Meta has now publicly said that low opt-in is a valid reason to remove E2E. That gives every other messaging product permission to make the same call. Don't be surprised when Slack, Discord, or your vendor of choice decides their DMs aren't worth the regulatory friction.

Quick Summary

ShinyHunters stole 3.65TB of Canvas LMS data covering 275M users at 9,000 institutions; Instructure paid the ransom. Vercel open-sourced deepsec, an agentic security harness with a 10–20% FP rate. Meta removed E2E encryption from Instagram DMs after low opt-in.

Sources

• Canvas Breach Disrupts Schools & Colleges Nationwide (KrebsOnSecurity)
• Instructure confirms hackers used Canvas flaw to deface portals (BleepingComputer)
• Instructure Reaches Ransom Agreement with ShinyHunters (The Hacker News)
• Introducing deepsec: The security harness for finding vulnerabilities in your codebase (Vercel)
• Meta U-turns on encryption push for Instagram as DMs go plaintext (The Register)