The Learning Lab experience is supported by both asynchronous and synchronous components. Each Learning Lab sequence includes a set of resources, an asynchronous discussion, and an interactive live session, all of which culminate in the development of a project or application to apply learning to local and specific contexts in support of the learning objectives.
Schedule
Part 1: Evolving Attacks: Highlights and Trends
May 6, 2026, 12:00–1:30 p.m. ET
This session examines the latest trends shaping the modern threat landscape, with a focus on how attackers are evolving their delivery methods and social engineering tactics. We’ll break down emerging credential phishing techniques, highlight new approaches to account takeover that exploit identity signals and trusted platforms, and trace the rapid evolution of scam campaigns targeting students, faculty, and administrative staff. The session also explores the growing prevalence of vendor fraud—where compromised or impersonated third-party partners are used to initiate financial theft—and outlines why these attacks are uniquely effective in distributed campus environments. Attendees will walk away with a clear understanding of current threats and actionable insights for strengthening institutional resilience using advanced behavioral AI.
Learning Objectives:
- Advance understanding of credential phishing delivery methods
- Broaden awareness of modern Account Takeover (ATO) techniques
- Learn historical background of email-based scam evolution
- Understand the challenges and importance of detecting vendor fraud
Part 2: The Modern Email Attack Landscape
May 13, 2026, 12:00–1:30 p.m. ET
This session unpacks the rise of Phishing-as-a-Service (PhaaS) and how turnkey kits now deliver polished, evasive phishing workflows at scale. We’ll examine the surge in identity-based attacks that exploit trusted users, federated authentication, and compromised accounts to move silently across campus ecosystems. The discussion also explores the darker side of AI—specifically how malicious large language models are enabling adversaries to craft adaptive lures, automate reconnaissance, and personalize social engineering at unprecedented speed. Attendees will gain a clear understanding of these emerging threats and what they mean for modern email defense strategies.
Learning Objectives:
- Develop basic knowledge of how Phishing-as-a-Service (PhaaS) works
- Advance understanding of how attackers launch Identity-Based Attacks
- Develop knowledge and awareness of the darker side of AI and LLMs
Part 3: The Rise of Phishing as a Service
May 18, 2026, 12:00–1:30 p.m. ET
This session explores the rise of Phishing-as-a-Service (PhaaS) platforms, which have lowered the barrier to entry for cybercriminals and enabled highly resilient, continuously improving campaigns. We’ll examine the growing class of identity-based attacks that exploit trusted relationships, compromised credentials, and federated authentication to evade legacy controls. The discussion also highlights the darker side of AI—how malicious large language models and AI-driven automation are empowering adversaries to craft hyperrealistic messages, generate adaptive lures, and accelerate exploitation. Attendees will gain a clear view of how these forces are reshaping risk and what security leaders must do to stay ahead of rapidly evolving threats.
Learning Objectives:
- Advance the understanding of Phishing-as-a-Service (PhaaS)
- Develop the ability to spot PhaaS in the wild
- Understand how attackers evade detection/threat research
- Identify how MFA is bypassed
- Learn how attackers bypass identity verification and deep fakes using social engineering
- Develop a basic understanding of passkeys and their importance
Part 4: Fundamentals of a Behavior Science-Based Solution
May 21, 2026, 12:00–1:30 p.m. ET
This session traces the limitations of historical methods—signature matching, rule-based logic, and static reputation systems—and examines why they struggle against today’s fast-changing, identity-driven attacks. We’ll explore how the rise of AI has transformed both attacker capabilities and defender expectations, creating a need for systems that can learn continuously and adapt at machine speed. The discussion then focuses on behavior science-based detection, highlighting how modeling identity, communication patterns, and relationship baselines enables precise identification of anomalous and high-risk activity. Participants will leave with a practical understanding of why behavioral analysis is the foundation of modern threat defense and how it improves outcomes for higher education environments.
Learning Objectives:
- Develop an understanding historical detection methods
- Learn about that rise in good AI
- Learn how modern threat detection leverages the advances in behavior analysis
Lab Implementation Project
In this hands-on capstone, each participant will apply concepts from the full EDUCAUSE series to design, evaluate, and detect a modern AI-driven email attack. Working individually, participants begin by creating a realistic phishing or business email compromise scenario using generative AI prompts. The attack must incorporate subtle behavioral anomalies—such as unfamiliar relationships, tone shifts, unusual requests, or contextual inconsistencies—designed to evade traditional detection methods while reflecting real higher-education threats like vendor fraud, credential harvesting, or MFA bypass campaigns.
After designing their scenario, each participant conducts a structured behavioral-risk assessment of their own attack using a provided rubric. This includes scoring identity trust signals, communication-pattern deviations, intent and content cues, and contextual risk factors. The exercise reinforces how modern threats reveal themselves not through malicious payloads or obvious indicators but through deviations from expected behavior and communication patterns.
Participants then evaluate their scenario through a dual-lens comparison of legacy detection versus behavioral analysis. They identify why traditional tools—such as signature matching, URL reputation, or keyword filtering—would likely fail to recognize their AI-polished social engineering attempt, and articulate how behavioral science would expose the underlying anomalies.
The capstone concludes with a short, executive-style summary outlining the designed attack chain, key behavioral indicators, and recommended defensive strategies tailored to higher education environments.
By creating an attack, analyzing its behavioral signals, and comparing detection approaches, participants gain a practical, end-to-end understanding of how AI is reshaping both offensive tactics and defensive capabilities—and why behavior-based detection is essential to stopping today’s most sophisticated email threats.