Here is the heart of the problem: Just as educators have turned to generative AI tools to craft emails, conduct research, and analyze large amounts of data, so too have cyber criminals, who are using the technology to optimize attacks, said Don Ringelestein, the executive director of technology for Yorkville 115, a school district near Chicago.
"AI is billed as something that's going to save us time. It's going to be an assistant for us," he said. "Well, that same thing applies to hackers. It's going make their jobs easier."
Even before the use of AI expanded rapidly over the past few years, schools were already frequently the target of cyber attacks. Schools possess reams of sensitive data on children, which can fetch a high price on the dark web, and they often lack the resources to properly protect themselves. They also manage large amounts of money and personal data, such as employees' social security numbers.
When they are hacked, schools can face enormous public pressure to give in to cyber criminals' demands. All of that makes schools prime targets for data theft and ransomware attacks.
AI is now complicating an already difficult calculation for schools: How do school district technology leaders — and by extension, all district employees — protect themselves against cyber criminals who are leveraging AI to supercharge attacks?
HOW AI IS MAKING SCHOOL CYBER ATTACKS WORSE
There are several ways that cyber criminals can deploy readily available generative AI tools.
To begin with, AI can write more sophisticated phishing emails. Spelling and grammatical errors used to be telltale signs that an email was written by a hacker who was likely not based in the United States. Now, that's no longer the case, said Randy Rose, the vice president of security, operations, and intelligence for the nonprofit Center for Internet Security.
"The one thing that those [large language models] are really good at is predicting the next word in a sentence," he said. "If you're saying, create an email that says this in American English, it'll create a really convincing one."
AI chatbots can also replicate the writing style of a particular person, such as a district's superintendent, making it easier for cyber criminals to fool their victims into downloading malware or giving away sensitive information, said Rose.
AI can go even further by mimicking a person's voice or appearance. A phone call that seems to be from a superintendent directing an immediate payment to a vendor could actually be someone using an AI deepfake of the superintendent's voice to route the money to their own account, said Pete Just, the AI project director for the Consortium for School Networking, or CoSN, which represents school district chief technology officers. He is a former teacher and district chief technology officer.
"I always joke that 'deepfakes' used to take a team of CIA agents with $1.5 million dollars-worth of equipment five months to create the deepfake," he said. "But today, you can have high school students in five minutes on their phones, do a deepfake. That rolls over into cybersecurity."
What's more, AI can comb through massive amounts of information online, allowing cyber criminals to quickly gather detailed information on their targets — such as what vendors the district has contracts with and who in the business office writes the checks, Just said. Plus, unlike private businesses, everything from school district budgets to staff emails are often publicly available, which is part of what made them prime targets for cyber criminals even before the use of AI took off in recent years, said Rose.
As AI continues to evolve, so too will cyber attacks against schools, said Michael Klein, the senior director for preparedness and response at the Institute for Security and Technology, a think tank focusing on technology policy. He is a former teacher, district technology director, and senior advisor for cybersecurity at the U.S. Department of Education.
Not long ago, cyber criminals were limited to prompting a generative AI tool for help composing a targeted email or for directions on how to do a particular task. Today, some AI assistant tools incorporate agentic AI, which can perform tasks autonomously and very fast.
"Now, it's like, type in a couple of lines and then it goes off onto the Internet and does the things for you," Klein said. "It lowers the barrier for sophisticated cyber crime. You have potentially one individual who is not very skilled being able to do what would've taken an entire ransomware gang to effectively do before."
There's no sign that cyber criminals will stop targeting schools in the near future, say experts. Due to a lack of resources, schools remain relatively easy targets compared with hospitals and banks. Most cybersecurity services and products are focused on serving businesses rather than public institutions like schools because businesses can pay more for their services, experts say.
In terms of data theft, personal data belonging to kids, such as social security numbers, can be sold for a higher price on the dark web because children have clean credit slates and there's no system in place to alert parents or guardians if their children's data is being illegally used.
CUTS TO FEDERAL FUNDING FOR CYBERSECURITY COME AT A VERY BAD TIME
The rise in AI-driven cyber attacks has happened as the federal government has cut support for school cybersecurity — in particular, information-sharing networks that schools previously used to stay one step ahead of cyber criminals.
"With AI starting to ramp up the increased threats, and the fact that some of our resources like MS-IEC [cybersecurity funding] are going away, it's a significant concern for those of us in K-12 cybersecurity and IT," said Just.
MS-ISAC, or Multi-State Information Sharing and Analysis Center, is a cybersecurity resource hub and was a major provider of free cybersecurity support for schools. The Trump administration first cut funding last spring to the federally-supported program, which was run through a partnership between the nonprofit Center for Internet Security and the federal Cybersecurity and Infrastructure Security Agency. The federal government officially ended the cooperative agreement in October.
The nonprofit Center for Internet Security is continuing to operate MS-ISAC, but schools or districts must pay a membership fee now to join.
The Trump administration effectively suspended another information sharing network, its K-12 Cybersecurity Government Coordinating Council, which brought together representatives from federal agencies, state education departments, school districts, and education technology companies to formulate guidance for schools and coordinate responses to cyber threats and attacks. That group has now moved to the Institute for Security and Technology.
Last spring, the U.S. Department of Education shuttered its office of educational technology, which had helped states and districts navigate emerging technology-related challenges, including those related to the use of artificial intelligence and the threat of cyber attacks.
One initiative that remains is a three-year pilot launched by the Federal Communications Commission that initially aimed to provide up to $200 million in competitive grants to help schools and libraries purchase cybersecurity products and services through the E-rate program. What will happen with that program after the first round of grants is used is unclear, say experts. School cybersecurity experts had hoped the FCC would make the pilot permanent once there was data showing that the program improved school cybersecurity.
The FCC was unavailable to comment about these developments.
Even though some of these initiatives, such as MS-ISAC, continue to operate without federal support, the U.S. government has an important role to play in supporting school cybersecurity, said Klein.
"The federal government has visibility into threats that state and local governments, and certainly K-12 institutions, don't have," Klein said. The U.S. intelligence community, he said, is "doing great research to understand what are adversaries trying to do to us and why? And what mechanisms will be most helpful to stop those things. That's just a tremendously important perspective to have."
HOW SCHOOLS CAN PROTECT THEMSELVES AGAINST AI-POWERED CYBER ATTACKS
Many district technology leaders are worried about AI and cyber attacks. Sixty percent of them said in a CoSN survey published last fall that AI will lead to new forms of cyber attacks and 34 percent said they were moderately concerned.
So, how can school districts possibly keep up the fight against more sophisticated cyber attacks?
"I would never say it's unwinnable," said Just. "I would say that it's daunting. I would say that many school technology leaders are up to the task. The challenge is, as budgets get cut, what is going to not be funded anymore? Sometimes, these are seen as, 'well, we haven't had a cyber attack, so do we really need that software to do the phishing campaign? It's really pricey.'"
But losing that sense of vigilance can leave schools exposed, Just said.
There are resources and steps schools can take to protect themselves from hackers who are increasingly weaponizing AI to attack schools.
Rose said the Center for Internet Security offers memberships to MS-ISAC on a sliding scale based on budget size, with additional small organizations eligible for additional assistance. Several states — Alaska, Connecticut, Kansas, Maine, Mississippi, New Jersey, Oregon, Texas, and Vermont — have joined the MS-ISAC, which means districts in those states can use the organization's services without additional cost, said Rose.
Districts can band together with other local school systems to create their own networks to share information, resources, and best practices, said Ringelestein, the technology director in Yorkville, Ill.
"Our statewide sector of CoSN has a lot of collaboration between districts, so that's been really beneficial," he said. "It is great for sharing information, for sharing best practices."
Tabletop exercises, where district leadership teams game out what to do to prevent or respond to cyber attacks, are also a valuable, low-cost preparation tool, said Klein.
As it is, districts should invest in outlining cybersecurity protocols and training for employees, said Just. That should include educating district and school staff that even if it sounds like the superintendent is on the phone demanding a payment is made to a vendor, there is no financial transaction that needs to happen immediately, and that staff should always pause and check with a manager, no matter how urgent the email or phone message they received sounds. Schools should also begin to put processes in place to create code words to verify identities in phone or video calls.
Experts emphasize that schools should have software programs that send fake phishing emails, said Just. Teachers and other employees who take the cyber bait should then be directed to watch an instructional video on how to recognize a phishing attempt. That kind of professional development can be built into a teacher's busy schedule relatively easily, said Just.
The good news is that committing to the cybersecurity basics can still do a lot to fortify a school's defenses, even in the era of AI, experts point out. That includes using multi-factor authentication, creating strong passwords, and keeping software up to date.
"It's just like if I was coaching a football team," said Just. "When everything's falling apart, you go back to the basics: blocking and tackling, so to speak. This is the blocking and tackling of cybersecurity."
© 2026 Education Week (Bethesda, Md.). Distributed by Tribune Content Agency, LLC.
