A wave of sophisticated phishing attacks has exposed sensitive information at high‑profile universities and renewed scrutiny of campus cybersecurity. Recent incidents at Ivy League institutions and other large research universities involved credential theft and social‑engineering campaigns that allowed hackers to harvest internal documents and personally identifiable data. Security experts warn that generative AI has made phishing campaigns more convincing, enabling attackers to mimic institutional tone and context. Campus IT leaders say dynamic student and alumni account populations—large numbers of accounts created and deprovisioned each year—amplify exposure risks. At EDUCAUSE 2025, higher‑ed IT leaders from Notre Dame, Cornell and UVA framed the response around cross‑institution collaboration on cloud governance and AI risk management, arguing that no campus can handle these threats in isolation. Clarification: “Social engineering” refers to manipulative tactics that trick people into divulging credentials or sensitive information.