Educational large language models (eLLMs) face escalating cybersecurity threats, yet lack a systematic threat taxonomy and risk assessment framework tailored to educational contexts. Method: This study proposes the first domain-specific, general-purpose attack classification framework for eLLMs, encompassing 50 distinct attack types; it extends the DREAD model to conduct both qualitative and quantitative risk assessments, enabling the first structured, quantitative analysis of LLM threats in education. Contribution/Results: The framework identifies token smuggling, adversarial prompting, direct injection, and multi-step jailbreaking as the four highest-risk attack categories. It delivers a reusable, extensible methodology for eLLM security hardening, bridging critical research gaps in threat modeling and risk prioritization for AI in education.

Due to perceptions of efficiency and significant productivity gains, various organisations, including in education, are adopting Large Language Models (LLMs) into their workflows. Educator-facing, learner-facing, and institution-facing LLMs, collectively, Educational Large Language Models (eLLMs), complement and enhance the effectiveness of teaching, learning, and academic operations. However, their integration into an educational setting raises significant cybersecurity concerns. A comprehensive landscape of contemporary attacks on LLMs and their impact on the educational environment is missing. This study presents a generalised taxonomy of fifty attacks on LLMs, which are categorized as attacks targeting either models or their infrastructure. The severity of these attacks is evaluated in the educational sector using the DREAD risk assessment framework. Our risk assessment indicates that token smuggling, adversarial prompts, direct injection, and multi-step jailbreak are critical attacks on eLLMs. The proposed taxonomy, its application in the educational environment, and our risk assessment will help academic and industrial practitioners to build resilient solutions that protect learners and institutions.