An Open Letter to School Directors

Dear School Directors,

There are moments when technology changes so quickly that society fails to fully understand the consequences until the damage has already begun. We are now living through one of those moments.

Recently, reports from the United Kingdom raised alarm after child protection experts and authorities warned that schools were increasingly being targeted using AI-generated sexualized deepfakes of pupils. Criminals were reportedly taking ordinary photos of children and using artificial intelligence tools to manipulate them into fake explicit content, which was then used for blackmail, intimidation, and extortion.

At first glance, many people dismissed the story. Some assumed it had to be fake. Others believed the children involved must have shared inappropriate material online themselves. But that is precisely what makes this situation so frightening.

The original images do not need to be explicit.

A normal school photo is enough.

A classroom picture. A sports day photo. A graduation portrait. A child appearing in a TikTok dance challenge. A smiling student featured proudly on a school Facebook page. These ordinary moments — the same ones schools and parents have shared online for years without concern — can now be manipulated using AI tools capable of generating realistic fake content within minutes.

This is not traditional hacking. No passwords need to be stolen. No systems need to be breached. No malware needs to be installed. The attack surface is visibility itself.

And that changes everything.

For years, schools have embraced social media as a way of building community, celebrating achievement, marketing themselves to prospective parents, and showcasing student life. Schools proudly upload annual galleries, debate competitions, music festivals, science fairs, sports victories, and classroom activities. Parents share these moments enthusiastically because they represent pride, joy, and memories worth preserving.

None of this looked dangerous before.

But artificial intelligence has fundamentally changed the meaning of digital exposure.

Today, a publicly accessible image of a child can be harvested, manipulated, weaponized, sexualized, cloned, redistributed, or attached to false narratives by someone sitting thousands of kilometers away. The emotional harm can be devastating even when the content is completely fake, because online reputational damage spreads faster than truth ever does.

By the time a school explains that an image was AI-generated, screenshots may already have circulated across WhatsApp groups, Telegram channels, and social media timelines. Panic spreads quickly when children are involved. Parents panic. Students panic. Schools panic. And criminals understand this perfectly.

That emotional urgency is exactly what they exploit.

Many victims pay simply because they want the situation to disappear immediately. The fear of humiliation, shame, public exposure, or long-term reputational damage becomes overwhelming long before facts can catch up.

This is why schools need to understand something urgently: safeguarding children today no longer ends at the school gate.

We are now also safeguarding their digital identity.

And unfortunately, many schools are still operating with cybersecurity policies built for a completely different era. Most digital safety conversations within schools still focus heavily on passwords, cyberbullying, phishing, and responsible internet use. While those issues still matter, the threat landscape has evolved far beyond them.

Very few institutions are actively discussing AI-generated abuse, deepfake manipulation, facial data exposure, image harvesting, synthetic identity attacks, or online extortion targeting minors. Yet these are rapidly becoming some of the most serious risks facing children in the digital age.

Before we assume this is only a “Western problem,” we need to pause and look honestly at our own environments.

Across many schools, especially within Africa, digital exposure levels are extremely high. School Facebook pages are filled with identifiable children. TikTok accounts feature students in uniform. Instagram pages document student life daily. School websites host downloadable high-resolution galleries. Event albums contain student names, faces, and school branding publicly accessible online. WhatsApp groups circulate images endlessly without control or visibility over where those images eventually end up.

What once felt harmless now carries a very different risk profile.

Cybercriminals do not care whether a school is located in London, Kampala, Nairobi, Lagos, or Johannesburg. They care about opportunity, emotional leverage, and accessibility. Schools now hold one of the most emotionally valuable forms of digital exposure available online: children’s identities.

This means cybersecurity can no longer be treated as merely an “IT department issue.” It is now a safeguarding issue. A governance issue. A reputational issue. A leadership issue. And above all else, a human issue.

The difficult truth is that many educational institutions are unprepared for the speed at which these threats are evolving.

So where do schools begin?

First, schools need to rethink the culture of public sharing. Not every activity needs to be uploaded online in real time. Not every child’s face needs to appear publicly online. Not every school moment needs to become permanent internet content. Visibility should no longer be treated as harmless by default.

Schools should begin reviewing how student images are collected, stored, shared, archived, and published. They should reconsider whether student names need to appear alongside photos, whether old galleries should remain publicly accessible indefinitely, and whether uniforms and branding unintentionally increase student traceability online.

Second, schools urgently need AI-era safeguarding policies. Staff members, communications teams, and administrators need to understand how deepfakes work, how AI manipulation works, how online extortion campaigns operate, and how reputational cyber incidents escalate. Cybersecurity awareness can no longer stop at presentations about suspicious emails and weak passwords.

Third, schools must help educate parents calmly and honestly. Many parents still believe online risk only exists when children intentionally share inappropriate content themselves. That assumption is now outdated. In today’s AI-driven environment, even carefully curated family or school photos can be manipulated maliciously. Parents deserve awareness without panic, and schools are uniquely positioned to guide that conversation responsibly.

Fourth, schools need incident response plans specifically designed for digital abuse scenarios. If manipulated content targeting a student surfaced tomorrow, who would respond? Who would communicate with parents? Who would preserve evidence? Who would contact law enforcement? Who would provide psychological support to the affected child? Who would manage reputational communication?

Many schools already conduct fire drills and physical emergency exercises. Very few conduct digital trauma preparedness exercises. Yet the emotional and psychological consequences can be just as severe.

Ultimately, school leadership must recognize a reality that many organizations across the world are only beginning to understand: cybersecurity is no longer only about protecting systems.

It is about protecting people.

Especially children.

The schools that adapt early will not only reduce risk; they will build trust in a world where parents are increasingly beginning to ask a new question:

“Is this school protecting my child online as seriously as it protects them physically?”

That question will only grow louder in the AI era.

To every school director reading this: do not dismiss this conversation because the incident happened somewhere else. Do not assume your institution is too small to be targeted. Do not wait for crisis to force change upon you. The threat landscape has already changed.

And safeguarding children today now includes safeguarding their image, their identity, their reputation, and their psychological safety online.

The AI era is already here.

The only question left is whether our schools are ready for it.

The reality is that many schools are now navigating risks that did not even exist a few years ago. And while the technology behind these threats may be complex, the response does not have to begin with fear. It begins with awareness, preparedness, and intentional digital safeguarding.

At TheCyberMamushka, we work with communities, families, institutions, and organizations to simplify cyber safety conversations and make them practical, human, and actionable. We believe protecting children online should not only happen after an incident. It should become part of how schools educate, communicate, and safeguard daily life in the digital age.

If you are a school director, administrator, or education leader looking to strengthen digital safety awareness within your institution, review your exposure risks, or begin conversations around AI-era safeguarding, we would be honored to support your journey.

Because in today’s world, protecting learners also means protecting their digital future.