Product Bulletin - Explorance Response to Canvas Security Incident

Date: May 8, 2026

We are actively monitoring the Canvas security incident in close coordination with Instructure and are providing the following guidance.

Current status

Based on Instructure’s latest update, Canvas is operational and they have not reported ongoing unauthorized activity. Instructure is recommending standard precautionary steps, including reviewing privileged access and rotating API tokens where appropriate.

How Explorance is responding

We are reviewing our Canvas integrations and authentication methods to determine whether any customer-specific follow-up is needed. At this time, we are not aware of any broader changes required beyond standard precautions.

What this means for your team

We are not requiring immediate configuration changes as a result of this incident. However, if your security team decides to rotate manually configured Canvas API keys, please contact Explorance Support and we can support updating the related integration settings. You may also refer to our FAQ page for steps to make the changes here: Update Canvas Access Token in Blue Connector.

Accessing Blue independently of Canvas

Depending on how authentication is configured in your environment, users may also be able to access our platform directly without going through Canvas, either through email links or through Blue Home to find surveys, tasks, and reports. More information is available here: Customize Blue Home.

Most recent exchange with Instructure on Canvas security incident

For reference, Instructure also communicated the following with Explorance on May 8, 2026: “Instructure is not recommending additional actions for customers specific to your integration with Explorance Blue at this time. If your organization or integration requires specific key rotation or updates, we will notify Explorance directly.”