From Bloomberg, February 25:
A hacker exploited Anthropic PBC’s artificial intelligence chatbot to carry out a series of attacks against Mexican government agencies, resulting in the theft of a huge trove of sensitive tax and voter information, according to cybersecurity researchers.
The unknown Claude user wrote Spanish-language prompts for the chatbot to act as an elite hacker, finding vulnerabilities in government networks, writing computer scripts to exploit them and determining ways to automate data theft, Israeli cybersecurity startup Gambit Security said in research published Wednesday.
The activity started in December and continued for roughly a month. In all, 150 gigabytes of Mexican government data was stolen, including documents related to 195 million taxpayer records as well as voter records, government employee credentials and civil registry files, according to the researchers.
AI has become a key enabler of digital crimes, with hackers using the tools to augment their efforts. Last week, researchers at Amazon.com Inc. said a small group of hackers broke into more than 600 firewall devices across dozens of countries with the help of widely available AI tools.
Read More: Hackers Used AI to Breach 600 Firewalls in Weeks, Amazon Says
Gambit hasn’t attributed the attack to a specific group, though researchers said they don’t believe they are tied to a foreign government.
The hacker breached Mexico’s federal tax authority and the national electoral institute, Gambit said. State governments in Mexico, Jalisco, Michoacán and Tamaulipas as well as Mexico City’s civil registry and Monterrey’s water utility were also compromised.
Claude initially warned the unknown user of malicious intent during their conversation about the Mexican government, but eventually complied with the attacker’s requests and executed thousands of commands on government computer networks, the researchers said.
Anthropic investigated Gambit’s claims, disrupted the activity and banned the accounts involved, a representative said. The company feeds examples of malicious activity back into Claude to learn from it, and one of its latest AI models, Claude Opus 4.6, includes probes that can disrupt misuse, the representative said.
In this instance, the hacker continuously probed Claude until they were able to “jailbreak” it — meaning it finally bypassed guardrails, the representative said. But even as the hacking campaign got underway, Claude occasionally refused the hacker’s demands, they added.
Mexico’s tax authority said it had reviewed its access logs and couldn’t find evidence of a breach. The country’s national electoral institute said it hadn’t identified any breaches or unauthorized access in recent months and that it had bolstered its cybersecurity strategy. The state government of Jalisco also denied that it was breached, saying only federal networks were impacted.
Mexico’s national digital agency didn’t comment on the breaches but said cybersecurity was a priority. A representative for Monterrey Water and Drainage Services said the agency didn’t detect any intrusions or major vulnerabilities in the second half of 2025.
The local governments of Mexico, Michoacán and Tamaulipas didn’t respond to requests for comment, nor did representatives of Mexico City’s civil registry.
Mexican officials released a brief statement in December saying they were investigating breaches from various public institutions, though it’s not clear if that was related to the Claude attack.
The attacker was seeking to obtain a large number of government employee identities, Gambit said, though it’s not yet clear what — if anything — they did with them. Researchers said they found evidence of at least 20 specific vulnerabilities being exploited as part of the attack.
When Claude encountered problems or required additional information, the hacker turned to OpenAI’s ChatGPT to provide additional insights. That included how to move laterally through computer networks, determine which credentials were needed to access certain systems and calculate how likely the hacking operation would be detected, according to Gambit.
“In total, it produced thousands of detailed reports that included ready-to-execute plans, telling the human operator exactly which internal targets to attack next and what credentials to use,” said Curtis Simpson, Gambit Security’s chief strategy officer....
....MUCH MORE
