Did Students Use AI to Change Final Grades?

TORONTO — ODTN News

Thousands of high school students across Ontario are facing uncertainty after an investigation into a popular educational platform uncovered what officials describe as “unauthorized modifications” to a small number of student records during final exam week.

The affected platform, LearnSphere, is used by schools across the province to manage coursework, assignments, grades, attendance, and communication between students and educators.

While the total number of impacted records remains under investigation, officials confirmed that several student grades were flagged after discrepancies were discovered between teacher-submitted marks and information displayed within the platform.

At this time, there is no indication that the issue is widespread.

But the timing could not be worse.

For Grade 12 students, final grades are used to confirm university and college admissions, determine scholarship eligibility, and validate graduation requirements.

Several post-secondary institutions have reportedly been notified of the investigation as education officials work to determine whether any admissions decisions may have been impacted.

“We are treating this as a matter of record integrity,” said a spokesperson for the Ontario Academic Network, which supports digital learning services for schools across the province.

“Our priority is ensuring that all student records accurately reflect approved academic results.”

Investigators have not identified those responsible, and authorities have not confirmed whether the incident resulted from a compromised account, misuse of legitimate access, a software vulnerability, or another method entirely.

But for cybersecurity professionals, a different question is already generating concern.

Did the attackers need to be hackers at all?

Over the past two years, publicly available AI tools have dramatically changed the accessibility of cyber knowledge. Tasks that once required advanced technical expertise can now be explained, researched, automated, and refined with assistance from widely available artificial intelligence systems.

Security experts caution that AI does not magically transform someone into an elite cybercriminal.

However, they warn that it can lower the barrier to entry.

“The concern isn’t that AI suddenly creates expert hackers,” said one cyber resilience advisor.

“The concern is that someone who couldn’t perform a task yesterday may be able to accomplish part of it tomorrow.”

While investigators have found no evidence that artificial intelligence was used in the incident, the possibility has become part of a growing conversation throughout the cybersecurity community.

For years, organizations largely focused on defending against sophisticated criminal groups, nation-state actors, and highly skilled attackers. Now, some experts are questioning whether the pool of potential threat actors is expanding.

“If a student, an insider, or someone with limited technical experience can leverage publicly available tools to identify weaknesses or abuse existing access, that changes the risk calculation for every organization,” said another consultant.

The implications extend far beyond education. Unlike a traditional outage, which can often be resolved by restoring systems, questions surrounding record integrity can be significantly more difficult to address.

Universities need confidence that transcripts are accurate. Scholarship committees need confidence that final grades are legitimate. Schools need confidence that records have not been manipulated.

And if discrepancies are discovered, investigators must determine not only what changed, but whether they can prove every other record remains trustworthy.

“Availability problems are disruptive,” said one education-sector advisor.

“Integrity problems are different. Once people start questioning whether information can be trusted, restoring confidence becomes much harder.”

The incident is also drawing attention to a sector that many cybersecurity professionals believe is routinely overlooked.

Schools collectively store vast amounts of sensitive information, including student records, health information, financial aid documentation, disciplinary records, and employee data. Yet educational institutions are rarely discussed alongside banks, hospitals, or critical infrastructure providers when cyber preparedness is debated. Experts say that needs to change.

The investigation has renewed calls for educational organizations to conduct more frequent tabletop exercises, incident response simulations, and continuity planning activities focused not only on outages, but also on data integrity events.

Many organizations routinely test how they would respond if systems became unavailable. Far fewer practice what happens if the information inside those systems can no longer be trusted.

As investigators continue their work, students, parents, educators, and university admissions teams are waiting for answers. However, cybersecurity professionals say the most important lesson may have little to do with schools.

Whether the incident involved experienced attackers, compromised credentials, insider activity, or individuals leveraging publicly available AI tools, it highlights a reality organizations across every sector are beginning to confront.

The question is no longer whether attackers have become more sophisticated.

The question is whether attacking has become easier.

And if it has, organizations may need to rethink who they consider capable of causing the next major cyber incident. Now, It doesn’t have to be a sophisticated actor, it can now be a unhappy student or client.

Watching the perimeter — and what slips past it. — Ayaan Chowdhury