Moonshot AI Raises $2B While the Biggest Ed-Tech Breach Ever Hits 275 Million Users

The week started with a giant funding round and ended with the largest education data breach in history. Neither story is what you'd expect.

Moonshot AI raises $2B at $20B valuation

Beijing-based Moonshot AI closed a $2 billion round at a $20 billion valuation, according to advisor Huafeng Capital. The round was led by Meituan's VC arm, Long-Z Investment, with participation from Tsinghua Capital and China Mobile.

Moonshot is the company behind the Kimi series of open-weight large language models. Not open source, not closed—open-weight, meaning you can download the parameters but not necessarily the training code or data recipe. The distinction matters because it signals a middle path between Meta's Llama strategy and OpenAI's closed approach.

Demand for models you can run yourself is real. Developers want control over inference cost, data residency, and fine-tuning without waiting for API keys or hitting rate limits. Moonshot's valuation suggests the market believes open-weight is a wedge, not a footnote.

The round also shows that Chinese AI labs are still landing massive capital even as the US tightens export controls on chips. If you can't buy the latest Nvidia hardware, you build around what you have—and apparently investors will pay for that resilience.

The Canvas breach: 275 million users, private messages included

ShinyHunters, the group behind a string of high-profile breaches, claims to have pulled 3.65 terabytes of data from Instructure's Canvas learning management system. The breach affects 275 million users across 9,000 institutions worldwide, including private messages between students and teachers.

This is the second Canvas breach in eight months. Forty-four Dutch universities and schools are confirmed affected so far, but the footprint is global—Canvas is used by K-12 districts, community colleges, and research universities from California to Singapore.

The headline calls it the largest education data breach in history, and the detail that matters is vendor concentration. Schools don't get breached one by one anymore. They share infrastructure, and when that infrastructure fails, the blast radius is enormous.

Private messages are the worst part. Course grades and email addresses are bad enough, but direct messages between students and instructors are a different category of sensitive. Mental health disclosures, accommodations requests, grade disputes—all potentially exposed.

Instructure hasn't confirmed the full scope yet, but ShinyHunters doesn't usually exaggerate the scale of their claims. If you're a Canvas user, assume your data is out there and start rotating credentials.

Anthropic books compute from SpaceX

Anthropic announced a deal with SpaceX to secure additional compute capacity. The move comes as Anthropic struggles with rate limits and recently switched to usage-based pricing to manage demand.

The partnership is odd on paper—Elon Musk has his own AI company (xAI) and has been vocal about Anthropic's direction. But SpaceX has infrastructure, and Anthropic needs compute yesterday. The deal likely reflects simple supply-and-demand mechanics more than any strategic alignment.

It's also a reminder that inference capacity is still a bottleneck even for well-funded labs. Anthropic's Claude models are popular enough that developers hit rate limits constantly, and scaling up fast enough to meet demand is harder than it sounds when every GPU is spoken for.

The subtext is that securing compute in 2026 requires creative deals. If you can't get data center slots from the usual suspects, you call SpaceX.

Cloudflare patches "Copy Fail" and ships CSV exports

Cloudflare's security team published a postmortem on CVE-2026-31431, a local privilege escalation bug in the Linux kernel disclosed April 29. The vulnerability, nicknamed Copy Fail, was assessed and mitigated across Cloudflare's infrastructure within days.

The post is a useful read if you manage Linux fleets—it walks through the exploit technique, exposure assessment, and rollout timeline without corporate hedging. Cloudflare's usual transparency on security incidents is one reason people trust them to sit in front of so much traffic.

Separately, Cloudflare added CSV exports to its RFI dashboard and adjustable page density for power users managing high volumes of requests. These are quality-of-life updates, but they matter—data portability and dashboard performance are the difference between a tool you tolerate and one you actually use.

The changelog also mentions that the new CSV export allows teams to move RFI data into external tools for custom reporting without manual data entry. If you're cross-referencing security data across multiple dashboards, that's a time saver.

What this week says about infrastructure

Three different stories about infrastructure: compute, data custody, and kernel patches. None of them are about new models or product launches.

The Moonshot round is a bet that open-weight models will capture enterprise demand that closed APIs can't satisfy. The Canvas breach is a reminder that vendor concentration creates systemic risk. The Anthropic-SpaceX deal shows that compute scarcity is still real even for billion-dollar labs.

We're past the phase where every week is about a new frontier model. Now it's about who can scale, who can secure their stack, and who can actually deliver the infrastructure that makes any of this usable.