In April 2026, [cloud-hosting platform Vercel disclosed that hackers had breached its internal systems and stolen customer data](https://techcrunch.com/2026/04/20/app-host-vercel-confirms-security-incident-says-customer-data-was-stolen-via-breach-at-context-ai/). The breach occurred because a Vercel employee had signed up for a third-party [AI](https://www.fastcompany.com/section/artificial-intelligence) [productivity](https://www.fastcompany.com/section/productivity) tool using their corporate Google account and granted it full-access permissions. When that AI tool’s own systems were compromised, the attackers used the trust relationship as a bridge straight into Vercel’s internal environment. The stolen database [was listed for sale on a hacker forum for $2 million](https://www.darkreading.com/application-security/vercel-employees-ai-tool-access-data-breach). Note that the breach did not directly attack a software vulnerability. Rather, it exploited an architectural gap. The technology worked as designed, but the architecture was not fit for purpose in the brave new world of artificial intelligence. This is a common pattern. Organizations across industries are deploying AI tools, building AI-powered workflows, and experimenting with autonomous AI agents—all on top of enterprise architectures that were designed for a different era.  Faisal Hoque’s books, podcast, and his companies give leaders the frameworks and platforms to align purpose, people, process, and tech—turning disruption into meaningful, lasting progress. [Learn More](https://faisalhoque.com/) That pattern should concern every leadership team. The success of AI deployments—both whether they work and whether they scale—depends on the technical systems they are embedded in. There is no point trying to build cutting-edge AI systems on top of legacy infrastructure that is fundamentally incompatible with the new technology. The 90-day plan below gives you a step-by-step playbook for jump-starting the process of bringing your technical architecture up to date for the AI era. The contemporary AI technology stack comprises five interdependent layers. Each one places specific demands on the enterprise, and weakness at any layer limits what the other layers can accomplish. * **Data and storage:** AI systems are only as good as the data they operate on, and in most enterprises, that data is fragmented, inconsistently governed, and riddled with quality problems nobody has had reason to fix until now. * **Compute and acceleration:** AI workloads are GPU-intensive, arrive in unpredictable spikes, and are sensitive to where data physically resides—fundamentally different from the steady-state transactional computing most enterprise infrastructure [was built for](https://finance.yahoo.com/sectors/technology/articles/ubers-anthropic-ai-push-hits-223109852.html). * **Model and algorithm:** Most enterprises treat model selection as an ad hoc decision made by individual teams, producing redundant spending, inconsistent risk profiles, and no organizational view of what models are in use or what they are being asked to do. * **Orchestration and tooling:** The APIs, middleware, and automation frameworks that connect models to business workflows are also where architectural brittleness does the most damage—if your integrations are undocumented or ungoverned, AI will amplify that fragility at speed. * **Application and governance:** This is where AI meets users, policies, and oversight—the interfaces, guardrails, monitoring, and audit trails that determine whether the organization can actually explain what happened when something goes wrong. The 90-day plan that follows addresses all five layers concurrently rather than sequentially, because architectural weaknesses in any one layer constrain what every other layer can accomplish. _Technology architecture is one component of the broader strategic enterprise architecture of any business. For a fuller treatment of how these layers connect, see my article on_ [_strategic enterprise architecture for AI_](https://www.imd.org/ibyimd/artificial-intelligence/from-ideas-to-execution-using-strategic-enterprise-architecture-for-ai-value-creation/)_._ Expand to continue reading ↓

 The online education platform Canvas went offline after a data breach on Thursday, temporarily leaving students and faculty at thousands of U.S. colleges — and K-12 schools — without access to course materials and communications during finals period. "I'm sure somewhere in the country when the outage happened, there probably were people actually taking final exams on the platform when it crashed," says Damon Linker, a senior lecturer in political science at the University of Pennsylvania. Thirty million users — including at half of the higher education [institutions in North America](https://www.instructure.com/higher-education) — rely on Canvas to manage courses, submit assignments, view grades and facilitate communication, according to its parent company, Instructure. But when Linker and many other users tried to do so on Thursday afternoon, they met a black screen and a warning message. "ShinyHunters has breached Instructure (again)," it read. "Instead of contacting us to resolve it they ignored us and did some 'security patches.'" ShinyHunters is the same entity that took credit for a massive [Ticketmaster data breach](https://www.npr.org/2024/06/01/nx-s1-4988602/ticketmaster-cyber-attack-million-customers) in 2024. Like many such groups, it's a cluster of young people working remotely together, "kind of like a ransomware gang," says Rachel Tobac, the CEO of SocialProof Security, which trains people and companies to defend themselves against hackers. ShinyHunters wrote on a [threat intelligence website](https://www.ransomware.live/id/SW5zdHJ1Y3R1cmUgSG9sZGluZ3MsIEluYy4gKENhbnZhIExNUywgaW5zdHJ1Y3R1cmUuY29tKUBzaGlueWh1bnRlcnM) earlier this week that the initial breach on Saturday involved data — including private messages — from 275 million students, teachers and staff at nearly 9,000 schools worldwide. The group said Thursday that affected schools can prevent the release of their data by consulting with cyber advisory firms and negotiating settlements through the encrypted chat platform Tox. "You have till the end of the day by 12 May 2026 before everything is leaked," the hackers wrote. Instructure has confirmed a series of cybersecurity breaches this week and provided status updates [on its website](https://status.instructure.com/). It said the breach only appeared to involve identifying information like names, email addresses, student ID numbers and user messages — no passwords, birth dates, government identifiers or financial information. Instructure confirmed on an [FAQ page](https://www.instructure.com/incident_update) that it started an investigation after it first detected unauthorized activity in Canvas on April 29, and took Canvas offline on Thursday after that same unauthorized actor "made changes that appeared when some students and teachers were logged in." They said the actor exploited an issue with its Free-for-Teacher accounts, which it has temporarily shut down. "This gives us the confidence to restore access to Canvas, which is now fully back online and available for use," it said in a statement to NPR. "We regret the inconvenience and concern this may have caused." It's not clear whether Instructure paid a ransom or what the return of Canvas access could mean for the hackers' May 12 deadline. Tobac says Canvas could be back online because of a successful negotiation, or because the hackers "didn't get super far in their attack." Either way, she says users should stay vigilant, especially for phishing messages — whether it's someone posing as Canvas prompting a password change, or pretending to be a professor sending course materials. "I would operate under the assumption that there's going to be some knock-on effects here," she says. ### Not everyone got back online immediately Just before midnight on Thursday, Instructure posted online that "Canvas is now available for most users," though two separate services, Canvas Beta and Canvas Test, remained in maintenance mode. Students and faculty at at least some schools were still unable to access Canvas on Friday — either because service had [not yet been restored](https://it.wisc.edu/news/2026-instructure-incident/) or because administrators warned them to stay away. Penn State University, for example, [said Friday morning](https://www.psu.edu/news/administration/story/widespread-canvas-outage-impacting-penn-state) that while the school's Canvas access had been partially restored, it was "not yet ready for use." "Technical teams at Penn State are actively working to prepare the system for our community," it added. "As access is restored, Canvas integrations and related services will be brought back online in phases." Several schools have taken similar approaches, either [temporarily disabling](https://uwm.edu/information-technology/canvas-disabled-as-part-of-national-security-breach/) Canvas access or outright [asking users](https://it.umd.edu/news/canvas-outage) to steer clear. The [University of California](https://ucnet.universityofcalifornia.edu/employee-news/nationwide-security-incident-involving-canvas/) said across its schools, "Canvas access will not be restored until we are confident the system is secure." And it's not just higher education: The Montgomery County Public School system in Maryland alerted families on Friday morning that even as service returned, it is "continuing to test and review systems before restoring access." Tobac says this could mean that schools think the attackers might still be within their systems, potentially stealing information like passwords and messages. "The attackers probably got some sensitive information and … \[schools\] don't want this information out online," she says. Many schools are urging users to be on high alert for any unsolicited emails or messages that appear to come from Canvas, especially those requesting login credentials, as [Georgetown University](https://uis.georgetown.edu/uis-announcement/canvas-outage/) warned. The [University of Amsterdam](https://www.uva.nl/en/current/safety-incident-canvas/faqs-about-the-canvas-data-breach.html?cb) — which says it's one of 44 Dutch educational institutions affected — also recommends people change their passwords on any other sites where they use the same one. Tobac also recommends using a password manager — to generate long, random passwords for each login — and turning on multi-factor authentication for all online accounts, not just Canvas. She says any student or professor who gets a suspicious call, text or email should "use another method of communication to verify what is authentic." "Even if there was no breach yesterday, I would say these are the things that I recommend you do," she adds, urging people to "be politely paranoid." ### The breach disrupts finals, highlights vulnerabilities Several schools affected by the breach have already postponed or outright scrapped some final exams, with others warning students and professors that they might need to do so. The University of Illinois is [postponing all final exams](https://massmail.illinois.edu/massmail/277104776.html) and assignments scheduled through Sunday. Penn State canceled [certain exams](https://www.psu.edu/news/administration/story/widespread-canvas-outage-impacting-penn-state) scheduled for Thursday night and Friday, saying it was working with faculty to "determine next steps for final grading" and urging students to check their emails (not Canvas) regularly in the meantime. And Baylor University [delayed Friday](https://provost.web.baylor.edu/news/story/2026/update-canvas-finals-tomorrow-friday) exams and asked all faculty to send students "whatever study materials they have on their local computers to students as soon as possible." The breach has underscored how much of academia relies on a single, centralized platform. Linker, of UPenn, told NPR that he received an influx of panicked messages from students on Thursday afternoon when they suddenly couldn't access PowerPoints, readings and previous exams as they tried to study for Monday's final. "The problem with using a platform like Canvas is that most \[students\] are not going to have the readings available printed out or on their laptops," he explains. "It all lives on the online platform, and if that platform goes down, they have no way to access them." He told students on Thursday that he would upload the course materials to another platform (like Dropbox or Google Docs) if Canvas access wasn't restored by Friday morning. Fortunately, he says, it came back online shortly before 9 a.m. ET. But Linker says he has concerns about relying fully on Canvas in the future. "Given what this has exposed, the vulnerability involved and also the concern with the data breaches, I'm starting to rethink whether this is really a wise way to proceed," he says. One example of that is grading. Linker says Canvas makes it so easy to calculate and weigh students' scores — on individual assessments and overall — that it's come to function as a digital grade book. Going forward, he says he may start keeping an analog record of students' grades just in case. While Canvas does have competitors like Blackboard, Linker says he doesn't think any would be less vulnerable to a future breach. And Tobac agrees. "The problem is not that this one website had this cyber event, right? Because nothing in this world is unhackable," she says. "The thing that we have to think about is disaster recovery: How do we continue doing business when there is a cyber event, and how do we do our very best to keep the bad actors out?" Tobac says this week has shown that many institutions did not have a clear plan for how students and professors can be in touch and access course materials without Canvas. She said those plans should vary based on schools' different circumstances and schedules — which might explain why some are proceeding with finals as usual while others are scrapping exams altogether. But she'd like them to approach the immediate aftermath with one common goal. "We have to treat people with dignity and respect," Tobac says. "And I hope that that is something that the institutions do, within their timelines and constraints."