School IT bosses are worried. Not about the tech itself. It’s the money. The staff. The sheer lack of expertise. A new report says progress is being made on guidelines for artificial intelligence and vetting tools. But the foundation is shaky.

The annual State of EdTech report polled roughly 600 CTOs. The result? AI adoption is exploding. Nearly 80 percent of districts have AI guidelines. Up from 57 percent in 2025. That jump is wild. Especially when you consider how many tiny, rural schools exist. Keith Krueger, CEO of CoSN, calls it “shocking.” At least the guidance is moving fast. It is a foundational step.

“We’re seeing movement,” Krueger notes.

But movement hits a wall. The wall is called resources. Or rather. The absence of them. Schools can’t train everyone. Not enough money. Not enough time. It’s not just about learning how to click a button. It is about changing how administrators think. How they use the tools. Training needs to be quality. Or it means nothing.

Do districts want mandates? No. They like guidelines. Set by the district or the state. But federal or state mandates? Forget it. Board approval takes forever. AI changes overnight. You don’t lock policy into stone when the technology shifts daily.

“Things are moving rapidly,” Krueger warns.

So what are schools doing? Mostly training staff on generative AI for instruction. 70 percent of them do. Productivity tools for teachers? Around half. But operational AI is the big jump. From 37 percent last year to 64 percent now. Admin stuff works easier than teaching stuff. Less than half the initiatives actually touch student learning. Krueger calls this “low hanging fruit.” Operational ease before instructional revolution. It takes time to get right in the classroom. Don’t rush it.

Cybersecurity is a nightmare

98 percent of respondents are scared of AI-driven cyberattacks. Scared. Two percent aren’t concerned at all. Same number worries about student data privacy.

Here is the kicker. Two-thirds of them say they lack the budget or staff to fight it.

The Instructure hack in May was brutal. Ransoms paid. Platforms shut down. One of the world’s largest education systems went dark. The cost of not investing? High visibility. Real damage. Krueger has been yelling for 17 years that security is a problem. Superintendents finally hear him. Boards finally hear him. Maybe. It’s a tipping point. Maybe they’ll stop treating broadband networks as optional safety risks. Maybe not. There aren’t enough humans in schools to guard the digital gates.

Vetting is broken

There is a bubbling issue underneath all this hype. Who checks the software? Screen time backlash is real. States are asking for better vetting. But who does it?

Schools usually rely on vendors to tell them if their product is safe. That’s absurd. Kim Whitman of Smartphone Free Childhood puts it plainly. It is like nicotine companies vetting cigarettes. The IT director can’t do it alone. It’s impossible. Nobody confirms if products are safe. Legal. Effective.

“There is nobody right now,” Whitman said.

Most schools have a process. Free tools get checked. Approved lists exist. But gaps remain. Only 29 percent ask if products are accessible. That’s a red flag. Accessibility advocates are furious. Blanket rules ignore disabled students. They ignore fundamental differences.

Sambhavi Chandrashekar of D2L is right. Parents of disabled children need a seat at the table.

And safety? Only 55 percent require vendor info on security. Roughly half leave that door wide open. That’s a warning sign. Massive amounts of work lie ahead.

Krueger suggests focusing on five quality indicators. Benchmark where you are. Push forward. Procurement is power. Control what you buy. Control when you buy it. It all depends on one thing. Will we prioritize it? Will we get serious?