In a recent news, a hacker exploited Anthropic PBC’s artificial intelligence chatbot to carry out a series of attacks against Mexican government agencies.
How Did This Happen?
This has resulted in the theft of a huge trove of sensitive tax and voter information, as per the information provided by the cybersecurity researchers.
It appears that this was a doing of an unknown Claude user, who wrote Spanish-language prompts for the chatbot to act as an elite hacker.
Moving ahead, it find vulnerabilities in government networks, written computer scripts to exploit them and determined ways to automate data theft, said the Israeli cybersecurity startup Gambit Security in research published Wednesday.
All these activities started in December and continued for roughly a month in which, 150 gigabytes of Mexican government data was stolen, including documents related to 195 million taxpayer records as well as voter records, government employee credentials and civil registry files, the reachersers informed.
AI – A Key Enabler Of Digital Crimes
It won’t be an exaggeration to say that AI has become a key enabler of digital crimes as hackers are using the tools to augment their efforts.
This is not the first incident as researchers at Amazon.com Inc. said a small group of hackers broke into more than 600 firewall devices across dozens of countries with the help of widely available AI tools, last week.
So far, this attack hasn’t attributed to a specific group but researchers have a belief that they are not tied to a foreign government.
Mexico – Cybersecurity Is A Priority
Moving ahead, Gambit said that the hacker breached Mexico’s federal tax authority and the national electoral institute,.
Besides this, State governments in Mexico, Jalisco, Michoacan and Tamaulipas as well as Mexico City’s civil registry and Monterrey’s water utility were also compromised during this attack.
When it commenced, Claude warned the unknown user of malicious intent during their conversation about the Mexican government.
However, it eventually complied with the attacker’s requests and executed thousands of commands on government computer networks, according to the the researchers.
In response to this, Anthropic investigated Gambit’s claims, disrupted the activity and banned the accounts involved as informed by a representative.
Moving further, the company feeds examples of malicious activity back into Claude to learn from it. It appears that one of its latest AI models, Claude Opus 4.6, includes probes that can disrupt misuse, according to the representative.
Here it is noteworthy that the hacker continuously probed Claude until they were able to “jailbreak” it.
As a result, it finally bypassed guardrails, But even as the hacking campaign got underway, Claude occasionally refused the hacker’s demands, the representative said.
In the meantime, the Mexico’s tax authority had reviewed its access logs and couldn’t find evidence of a breach.
According to the country’s national electoral institute, it hadn’t identified any breaches or unauthorized access in recent months and that it had bolstered its cybersecurity strategy.
Similarly, the state government of Jalisco also denied the breach, saying only federal networks were impacted.
Contrary to this, Mexico’s national digital agency didn’t comment on the breaches but added that cybersecurity was a priority.
Monterrey Water and Drainage Services representative said, the agency didn’t detect any intrusions or major vulnerabilities in the second half of 2025.
Earlier during December, Mexican officials released a brief statement saying they were investigating breaches from various public institutions, although it’s not clear if that was related to the Claude attack.
But one thing is clear that the attacker was seeking to obtain a large number of government employee identities, according to Gambit.
It’s not yet clear what — if anything — they did with them, although researchers said they found evidence of at least 20 specific vulnerabilities being exploited as part of the attack.
Interestingly during this event, when Claude encountered problems or required additional information then the hacker turned to OpenAI’s ChatGPT to provide additional insights.
These insights included information such as how to move laterally through computer networks, determine which credentials were needed to access certain systems and calculate how likely the hacking operation would be detected, Gambit said.
Gambit Security’s chief strategy officer, Curtis Simpson said, “In total, it produced thousands of detailed reports that included ready-to-execute plans, telling the human operator exactly which internal targets to attack next and what credentials to use.”
It’s not the first time as OpenAI earlier said it had identified attempts by the hacker to use its models for activities that violate its usage policies, adding that its tools refused to comply with these attempts.
Adding, “We have banned the accounts used by this adversary and value the outreach from Gambit Security,” in an emailed statement.
Here mentioned the Mexican government breaches are the latest example of an alarming trend used by hackers.
In the meantime Anthropic and OpenAI are betting on building more sophisticated AI coding tools and cybersecurity companies are tying their futures to AI-enabled defenses.
On the other hand, cybercriminals and cyberspies are finding novel ways to use the technology to enable attacks.
