There’s a photo somewhere on your school website of children laughing in the playground. Maybe a Year 6 production. Sports day. The look on a child’s face when something finally clicks after a week of hard work.

Those photos matter. They tell the story of your school in a way no amount of carefully written copy ever could. They show prospective families what life is really like. They celebrate your pupils and your community. We’ve always believed that, and we still do.

But something has changed, and it’s changed quickly enough that schools are right to be worried.

The threat is real, and it’s closer than most people realise

Earlier this month, The Guardian reported that a UK secondary school had been targeted in a blackmail attempt. Criminals had taken photographs of pupils from the school’s website, used freely available AI tools to create sexually explicit images of those children, and then sent them to the school demanding payment. The Internet Watch Foundation confirmed the incident and classified 150 of the resulting images as child sexual abuse material under UK law.

This wasn’t a sophisticated attack. The tools used are free, widely available, and require no technical knowledge. Anyone can access them. The images came from a school website, the kind every school has, because they’re good for community, for communication, and for showing families who you are.

When we started hearing from our own schools after that report, asking whether their websites were vulnerable and whether anything could be done, we already had an answer in development. But it brought home just how urgently it was needed.

What we’ve built and why

We want to be clear about what we’re not saying here. We’re not saying schools should take every photo down and go dark. Removing all imagery hands a victory to exactly the kind of threat we’re trying to address, and it takes away something genuinely valuable from school communities.

What we’ve built instead is a layer of technical protection that sits between your published photographs and anyone who would misuse them. It doesn’t change how your website looks or how it performs. But it makes casual image theft significantly harder, leaves a traceable mark on every photo, and deters the kind of automated bulk harvesting that feeds AI manipulation tools.

Here’s what it actually does.

Images are never delivered with a direct web address

On a standard school website, every photo has a URL. Anyone can view the page source, copy that address, and download the full-resolution image in seconds. Automated tools can scrape every image from a school website in under a minute using those addresses.

On a protected iTCHYROBOT site, that URL never reaches the browser. Each image is assigned a unique, time-limited token instead. That token is only valid for 15 minutes, is tied to the specific page load, and is checked server-side before a single pixel is served. If anything doesn’t match, the image simply doesn’t load. There’s nothing to copy or scrape because there’s no address to find.

Right-click saving is blocked

On a standard webpage, right-clicking a photo and choosing ‘Save image as’ is all it takes. On a protected page, that option doesn’t exist. Images are rendered inside a canvas element rather than as standard image tags, so the browser doesn’t recognise them as saveable files. The photo looks identical to a visitor. It just can’t be saved the usual way.

Every image carries a forensic watermark

Invisibly woven into every protected image, across the entire surface, is a repeating pattern of the school’s QR code. At normal viewing it’s not distracting. But it’s there, and it covers the whole image deliberately.

A watermark in one corner can be cropped out in seconds. A watermark distributed randomly across thousands of points on the image surface can’t be removed without visibly damaging the photograph. Any attempt to edit it out leaves evidence. That’s what makes it forensic rather than decorative. If an image ever turns up somewhere it shouldn’t, it can be traced directly back to its source.

A visible QR code that acts as a quiet deterrent

In the corner of every protected image sits the school’s QR code at full visibility. If someone photographs their screen to try to capture an image, that QR code comes with it. When anyone points a camera at it, it links to a page that explains clearly and calmly that school images are protected, that they belong to the school, and that their origin can be traced. It’s not alarming. It’s just honest.

Cryptographic security, not just hidden addresses

The tokens protecting each image are generated using HMAC, a Hash-based Message Authentication Code. In plain terms, the server uses a secret key unique to the school’s installation to produce a mathematical signature for each token. That signature can’t be guessed, forged, or reverse-engineered without access to the server itself.

This matters because it means the protection is mathematically verifiable, not just obscured. The same kind of security used in online banking, applied quietly to the photos on your school website.

No impact on performance

The token is generated in microseconds. There’s no database involved, no additional server load, and the image is served at exactly the same speed as it would be without protection. For visitors to your website, nothing feels different. The protection is entirely behind the scenes.

You’re in control

Not every page needs the same level of protection, and schools should be able to make that call themselves. The Image Protection Tool is a single toggle in the WordPress admin dashboard under Media, switchable on or off at any time. No external service, no third-party subscription, no data leaving your school’s hosting. Everything runs on your own infrastructure.

iTCHYROBOT image protection is being rolled out as standard with all iTCHYROBOT school websites, at no additional cost.

What this sits alongside, not replaces

Technical protection is one layer of a broader approach. It works best when it sits alongside the things the DfE, the ICO, and the UK Safer Internet Centre already recommend:

  • Keeping photo consent up to date, renewed annually and specific enough to be meaningful
  • Following the names-no-images, images-no-names principle for identifiable pupils
  • Having a clear, published image use policy
  • Making sure staff understand the risks and know how to respond if something goes wrong
  • Teaching pupils, as the updated RSE statutory guidance now requires, about deepfakes and why creating or sharing them is a criminal offence

Policy matters. Culture matters. Conversation matters. But when policy alone isn’t enough, it’s good to know the technical layer is there too.

Why we think schools should still share photos

Showing children enjoying school, learning, growing, and belonging together is one of the most powerful things a school website can do. A 550% increase in AI-generated exploitative imagery over five years is a real and serious statistic, but it represents a threat to be managed, not a reason to go dark.

What schools should feel, and what we want to give them, is the confidence that when they publish those moments, they’ve done everything reasonably possible to protect the children in them. The barrier won’t be absolute. Nothing is. But it can be high enough to make casual, automated harvesting significantly harder, slower, and less rewarding.

That’s what safeguarding in the digital age looks like in practice. Not a policy document. Not a removed gallery. A working technical layer that says: we thought about this, we did something about it, and your child’s photo on our website is protected as well as it reasonably can be.

The Guardian report referenced in this post: https://www.theguardian.com/technology/2026/may/08/uk-schools-remove-pupils-photos-online-ai-blackmail-threat-grows

If you want to speak to the team about adding protection in your school, get in touch, we’d love to help