May 2026 will be remembered for two events that sit at opposite ends of the threat spectrum but tell the same underlying story. The first is the ShinyHunters ransom of Instructure’s Canvas learning platform, in which roughly 3.65 terabytes of data belonging to nearly 9,000 schools and an estimated 275 million students, teachers and staff were exfiltrated before Instructure reportedly paid to make the leak stop. The second is the continuing fallout from Anthropic’s Project Glasswing and its Claude Mythos Preview model, which has surfaced thousands of previously unknown vulnerabilities across operating systems and browsers, prompting the Federal Reserve and Treasury Secretary to convene major bank CEOs for an urgent briefing.

Both stories describe the same shift: defenders no longer set the pace. Identity sprawl, third-party concentration risk and a frontier-AI capability curve now provably ahead of human review have collapsed the assumptions on which most enterprise security programmes were designed. May also produced a rare Microsoft Patch Tuesday with no in-the-wild zero-days, the first such month in nearly two years. What follows is the operational read for the boards and CISOs we work with.

The Canvas breach and the education sector reckoning

The Canvas incident is, in scale terms, the largest education-sector data theft on record. ShinyHunters exploited Instructure’s Free-For-Teacher programme, which permitted anyone identifying as an educator to provision Canvas accounts without institutional verification. From an exposure window running from late April through 7 May, the attacker harvested names, email addresses, student identifiers and a subset of private messages. Instructure first disclosed on 1 May, declared the platform restored on 6 May, and was hit again on 7 May with the login page replaced by a ransom note. According to Inside Higher Ed and The Hacker News, Instructure reached a settlement on 11 May, with unconfirmed reporting suggesting a payment in the region of US$10 million.

What makes Canvas instructive is the mechanism rather than the volume. Free-For-Teacher was a deliberate growth-engine design choice that became the load-bearing weakness for an entire vertical. This is third-party concentration repeating itself: one SaaS platform sits underneath the daily operations of a global sector, its compromise is everyone’s compromise, and customer organisations had no meaningful control over the access design that produced the breach.

The ShinyHunters operating tempo through May reinforces the point. The same crew is credibly linked to a 50GB vishing-led theft of Salesforce records from Cushman & Wakefield, in which an employee was social-engineered into authorising an attacker-controlled third-party application against the firm’s Salesforce tenant. After negotiations collapsed on 6 May, the data was published. Different victim, different sector, identical playbook.

Project Glasswing, Claude Mythos and the new vulnerability economy

If Canvas is about the present, Project Glasswing is about a future arriving faster than enterprise patch programmes can absorb. Anthropic confirmed in early May that Claude Mythos Preview, the unreleased frontier model behind Glasswing, has been used to identify thousands of zero-day vulnerabilities across every major operating system and every major web browser. Anthropic’s own findings note close to 300 distinct vulnerabilities in Firefox alone, where a previous model had found roughly 20. Speaking to CNBC on 5 May, Dario Amodei described this as a “moment of danger” and called on industry, government and banks to fix the disclosed flaws before the same capability is weaponised by less responsible actors.

The Federal Reserve chair and the Treasury secretary convened major US bank CEOs shortly afterwards. Anthropic has committed up to US$100 million in usage credits and US$4 million in direct grants to open-source security organisations, with Mythos access restricted to roughly 40 critical-infrastructure partners alongside Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft and Palo Alto Networks. Bloomberg has separately reported that an unauthorised party gained access to Mythos through one of Anthropic’s vendors, which underscores how thin the containment perimeter really is.

The practical implication is not to panic but to plan. Vulnerability triage queues and patch SLAs were calibrated for a world where attacker discovery and defender remediation moved at comparable speeds. That assumption no longer holds. Organisations should ask three questions this quarter: which critical dependencies are inside the Glasswing consortium and most likely to ship hardened code first; which are outside it and likely to be exposed for longer; and how do we restructure vulnerability management around AI-generated discovery rather than CVE feeds.

The vulnerability lane: a rare quiet Patch Tuesday, two loud advisories

Microsoft’s May Patch Tuesday addressed 120 vulnerabilities and shipped without an exploited or publicly disclosed zero-day for the first time in close to two years, as confirmed by BleepingComputer, Dark Reading and Computer Weekly. Seventeen flaws were rated critical, fourteen of them remote code execution. Prioritise CVE-2026-41089, a Windows Netlogon RCE rated CVSS 9.8 that allows an unauthenticated attacker to execute code on a domain controller, and CVE-2026-41096, a Windows DNS Client RCE in the authentication and name-resolution stack. Microsoft Office also received a substantial set of fixes, including several exploitable via the preview pane.

The absence of zero-days should not be read as a quiet month. CISA added Cisco’s CVE-2026-20182 to the Known Exploited Vulnerabilities catalogue on 14 May with a federal deadline of 4 June. The flaw is an authentication bypass in the Cisco Catalyst SD-WAN Controller and Manager, rated CVSS 10.0, and Cisco Talos has confirmed limited in-the-wild exploitation under the cluster it tracks as UAT-8616. Successful exploitation grants administrative access to the SD-WAN fabric, including the ability to append SSH keys for persistence. Anything running vManage or vSmart should be patched and inspected for unauthorised key material this week.

The other story in the vulnerability lane is Copy Fail, CVE-2026-31431, a Linux kernel local privilege escalation in the algif_aead module disclosed on 29 April and added to KEV with a federal mitigation deadline of 15 May. The flaw is a nine-year-old logic bug in the authencesn cryptographic template, affects virtually every major Linux distribution shipped since 2017, and has a public proof of concept. It cannot be exploited remotely on its own, but as Palo Alto Unit 42 noted, chained with any unprivileged foothold it delivers root reliably. For most organisations that means container hosts, Kubernetes nodes and CI runners. SAP’s Patch Day on 12 May added two further criticals worth attention: CVE-2026-34260, a CVSS 9.6 SQL injection in S/4HANA Enterprise Search, and CVE-2026-34263, an authentication bypass in SAP Commerce Cloud rated at the same severity.

Identity is the perimeter, and the perimeter is leaking

Sophos published its 2026 State of Identity Security report on 12 May, drawing on a survey of 5,000 IT and security leaders across 17 countries. The headline finding is that 71% of organisations suffered at least one identity-related breach in the past year, with an average of three separate incidents per affected organisation. The global mean recovery cost was US$1.64 million, the median US$750,000.

The non-human identity picture is the more alarming one. Only 34.3% of organisations rotate and audit machine and workload identities weekly or more frequently, and just 11.1% do so continuously. Those with weak NHI hygiene were 22% more likely to suffer financial theft and 24.4% more likely to face extortion, and reported recovery costs roughly US$147,000 higher on average. Sophos also notes that two-thirds of organisations hit by ransomware in the period explicitly linked the incident to their most significant identity attack.

This is the read behind the Canvas and Cushman & Wakefield stories. Both pivot on identity: Free-For-Teacher provisioning in one case, voice-phishing into a malicious OAuth grant in the other. Until non-human identity is governed with the rigour applied to privileged human accounts, and until help desks are hardened against social-engineered credential resets, the same shape of incident will keep recurring.

Geopolitical cyber remains the background hum

The Iran-Israel cyber conflict, now in its fourth month following the late-February military exchange, continued to generate noise rather than decisive incidents in May. The Israeli National Cyber Directorate identified a broad influence campaign aimed at undermining civilian morale, and the Iran-linked Handala persona ran a targeted intimidation operation against US Marines stationed at Naval Support Activity Bahrain and against Israeli civilians on the same day. The pattern is now familiar: psychological operations, doxxing claims and low-grade DDoS, punctuated by occasional more serious intrusions.

The Typhoon campaigns continue in the background. TechCrunch’s ongoing tracking puts Salt Typhoon’s victim set at more than 200 organisations across over 80 countries, and CISA continues to flag PRC-aligned positioning inside IT networks for the purpose of pre-staging access to operational technology. Boards focused exclusively on ransomware should remember that the more strategically consequential threat in 2026 is the quieter one.

Notable incidents this month

Cushman & Wakefield (ShinyHunters/Qilin). A vishing-led intrusion into the firm’s Salesforce tenant resulted in the exfiltration and subsequent leak of approximately 50GB of customer PII and internal records after ransom negotiations failed on 6 May. Qilin separately listed the firm on its leak site, suggesting parallel access or initial access broker reuse.

NVIDIA GeForce NOW Alliance partner (Armenia). A regional partner was breached by a ShinyHunters-linked actor, exposing the user database including email addresses, dates of birth and 2FA status. A reminder of the contagion risk through licensee ecosystems.

SAP S/4HANA and Commerce Cloud. Two CVSS 9.6 flaws in SAP’s 12 May Patch Day release, CVE-2026-34260 and CVE-2026-34263, are not yet known to be exploited but warrant urgent patching given S/4HANA’s criticality in regulated environments.

Strategic imperatives for June

Audit your SaaS trust-path design, not just your SaaS configuration.Canvas and Cushman & Wakefield were trust-path abuses, not vulnerability exploits. Map every onboarding flow, OAuth grant and third-party connector against the assumption that the human or onboarding control will be defeated.

Patch the Cisco SD-WAN and Copy Fail flaws this week.CVE-2026-20182 (CVSS 10.0, actively exploited) and CVE-2026-31431 should top every change-board agenda. Inspect vManage and vSmart hosts for unauthorised SSH key material, and confirm kernel updates have landed on container hosts, Kubernetes nodes and CI runners.

Treat non-human identity as a programme, not a project.Sophos’ finding that fewer than 12% of organisations rotate machine identities continuously is the most damning data point of the month. Establish a baseline rotation cadence and federate service-to-service authentication where you can.

Build an AI-disclosure response capability.Glasswing will continue producing waves of disclosed vulnerabilities through the back half of 2026. Stand up a small named team to triage AI-discovered CVEs against your software inventory, with an SLA distinct from your routine patch programme.

Stress-test help desk authentication.Vishing remains the single most reliable initial-access technique against well-defended enterprises in 2026. Run unannounced social-engineering exercises, mandate out-of-band verification for any credential reset or MFA re-enrolment, and remove the option for a single agent to approve high-impact account changes.

Looking ahead

June will bring two things worth watching. The first is the second wave of Glasswing disclosures, which Anthropic has indicated will continue through the summer. Expect a steady cadence of patches from consortium members and a widening gap between vendors inside the programme and those outside it. The second is the next phase of NIS2 enforcement across the European Union; German registration data suggests only around a third of in-scope entities have filed, setting up a likely enforcement push.

The deeper signal in May is the convergence of three trends the industry has tracked separately for too long. Identity compromise, third-party concentration and AI-accelerated vulnerability discovery are now operating as a single attack economy. ShinyHunters did not need a zero-day for Canvas because the trust-path gave them everything they needed. Mythos does not need a human researcher because it can run the discovery itself. The defender who treats these as discrete workstreams is preparing for last year’s incident.

Boards should ask management a single question this quarter: what is our concentration risk in identity, in SaaS and in AI-discoverable code, and what is the plan to reduce it before the next ShinyHunters or the next Mythos finding lands on us. The organisations with a coherent answer in June will spend the second half of 2026 ahead of the threat.

Key developments – May 2026

© 2026 MustardTree Partners. This briefing is provided for the use of MustardTree clients and contacts. No part of this report constitutes legal, financial or investment advice. All factual claims have been verified against at least two independent sources at the time of writing.