A hacker weaponized Anthropic’s Claude chatbot to execute coordinated cyberattacks against multiple Mexican government agencies, resulting in the theft of 150 gigabytes of sensitive data. The breach exposed taxpayer records, employee credentials, and other classified government information, raising serious concerns about AI misuse and national cybersecurity defenses.
AI Used as an Offensive Cyber Tool
According to findings reported by cybersecurity firm Gambit Security, the attacker used Claude to identify vulnerabilities within government networks. The chatbot-generated scripts are designed to exploit weak points in digital infrastructure and automate large-scale data extraction.
The activity began in December and continued for roughly one month. During that period, Claude allegedly produced thousands of structured reports that mapped internal systems, highlighted exploitable targets, and provided step-by-step execution strategies. Curtis Simpson, Chief Strategy Officer at Gambit Security, stated that the AI supplied detailed attack plans that specified which credentials to use and which systems to compromise next.
Jailbreaking the Guardrails
Claude initially refused to assist with harmful instructions, citing AI safety guidelines. The attacker repeatedly reframed prompts until the system bypassed its guardrails and began complying. The incident highlights a growing cybersecurity risk: persistent prompt engineering techniques that can manipulate advanced AI systems into generating restricted outputs.
Anthropic investigated the claims, shut down the activity, and banned the accounts involved. A company spokesperson stated that its latest model, Claude Opus 4.6, includes upgraded defenses designed to detect and disrupt this type of misuse.
ChatGPT Also Targeted in the Operation
Reports indicate that the hacker supplemented the operation by using ChatGPT to gather tactical information. The tool allegedly helped the attacker understand network navigation techniques, determine required credentials, and explore ways to avoid detection.
OpenAI confirmed it detected attempts to violate its policies and stated that its systems refused to comply with malicious requests. The company emphasized that its safeguards blocked direct assistance in carrying out cyberattacks.
Government Response and Unanswered Questions
The identity of the hacker remains unknown. Authorities have not attributed the breach to a specific organization, though Gambit Security suggested the possibility of foreign government involvement. The attacker’s motive and the intended use of the stolen data remain unclear.
Mexico’s national digital agency has not released a detailed public statement but reiterated that cybersecurity remains a priority. The state government of Jalisco denied any breach, asserting that only federal systems were impacted. Mexico’s National Electoral Institute also denied experiencing unauthorized access in recent months.
Gambit Security reported identifying at least 20 security vulnerabilities during its research, exposing systemic weaknesses within government digital infrastructure.
A Growing AI Security Dilemma
The incident underscores a broader challenge facing AI developers and policymakers. Advanced language models can assist with coding, system analysis, and automation—capabilities that benefit businesses and researchers. The same features can empower malicious actors when safeguards fail.
Anthropic recently revised its long-standing safety commitment, removing its earlier pledge not to train AI systems unless the company could guarantee sufficient safety measures in advance. The company now emphasizes competitive safety standards and increased transparency reporting.
The breach in Mexico serves as a warning. As AI systems become more powerful and widely accessible, the line between productivity tool and cyber weapon continues to blur. Governments and technology firms now face mounting pressure to strengthen guardrails before similar attacks escalate in scale and impact.