Hackers reportedly used AI tool from company that wiped billions of dollars from market to steal 150GB of Mexican government data

Hackers reportedly used Anthropic’s artificial intelligence chatbot Claude to carry out multiple cyberattacks targeting Mexican government agencies. Cybersecurity researchers have claimed that this has resulted in the theft of approximately 150GB of sensitive data.

The attackers allegedly prompted the company’s Claude AI tool, in Spanish, to identify system vulnerabilities, generate exploit scripts, and automate data extraction.According to a Bloomberg report, researchers at Israeli cybersecurity firm Gambit Security said the activity began in December 2025 and continued for nearly a month. The stolen data is said to include information linked to about 195 million taxpayer records, voter databases, government employee credentials and civil registry documents.However, Gambit has not linked the attack to any specific group, and researchers said they do not believe a foreign government carried it out. According to the cybersecurity company, the hacker gained access to Mexico’s federal tax authority and the national electoral institute. Systems belonging to the state governments of Jalisco, Michoacán and Tamaulipas, along with Mexico City’s civil registry and Monterrey’s water utility, were also affected.

The researchers also noted that Claude initially flagged potential malicious intent while interacting with the unidentified user during discussions about the Mexican government, but later followed the attacker’s instructions and executed thousands of commands across government computer networks.

What researchers said about hacker using both Claude and ChatGPT to steal Mexican government data

As per Gambit, the attacker was attempting to obtain a large volume of government employee identities. However, it remains unclear how the data were used.

Researchers added that evidence pointed to at least 20 separate vulnerabilities being exploited during the operation.When Claude faced difficulties or needed more details, the hacker reportedly relied on OpenAI’s ChatGPT for additional guidance. According to Gambit, this included advice on moving laterally across computer networks, identifying credentials required to access systems, and assessing the chances of the hacking activity being detected.“In total, it produced thousands of detailed reports that included ready-to-execute plans, telling the human operator exactly which internal targets to attack next and what credentials to use,” Curtis Simpson, Gambit Security’s chief strategy officer, told Bloomberg.“This reality is changing all the game rules we have ever known,” Alon Gromakov, Gambit’s co-founder and CEO, added.Gambit researchers said they identified the breaches while testing new threat-hunting methods to monitor online hacker activity.

During the process, they found publicly available evidence linked to ongoing or recent attacks, including extensive Claude conversations connected to intrusions into Mexican government computer systems.The conversations indicated that the attacker attempted to bypass Claude’s safeguards by claiming the activity was part of a bug bounty programme, where organisations reward ethical hackers for identifying system weaknesses.

Many companies and government agencies run such programmes, sometimes offering financial rewards for reporting vulnerabilities.The hacker asked Claude to conduct penetration testing on Mexico’s federal tax authority, a form of authorised cyberattack used to detect security flaws. However, Claude raised concerns when the attacker introduced additional conditions, including the deletion of logs and command history.“Specific instructions about deleting logs and hiding history are red flags. In a legitimate bug bounty, you don’t need to hide your actions – in fact, you need to document them for reporting,” Claude responded at one point, according to a transcript shared by Gambit with Bloomberg.The attacker later changed tactics, ending the interactive exchange and instead supplying Claude with a detailed operational guide. According to Gambit, this approach enabled the intruder to bypass the system’s safeguards, described as a "jailbreak", allowing the attacks to continue.Simpson said the hacker also asked Claude to identify other agencies where similar data could be accessed, suggesting that some breaches may have been opportunistic rather than pre-planned.“They were trying to compromise every government identity they possibly could. They were asking Claude as an example, ‘Where else can I find these identities? What other systems should we look at? Where else is the information stored?” he noted.

What Anthropic, OpenAI and Mexican officials said about the hacking incident

Anthropic said it reviewed Gambit’s findings, disrupted the activity and banned the accounts linked to the incident. A company representative added that examples of malicious use are fed back into Claude to improve safeguards and that its newer AI model, Claude Opus 4.6, includes mechanisms designed to interrupt misuse.According to the representative, the hacker repeatedly tested Claude’s limits until they were able to “jailbreak” the system, thereby bypassing built-in guardrails. The representative added that even after the operation began, Claude continued to refuse some of the attacker’s requests.OpenAI said it had detected attempts by the same hacker to use its models in ways that violated company policies, noting that its systems declined to comply with those requests.“We have banned the accounts used by this adversary and value the outreach from Gambit Security,” OpenAI said in an emailed statement to Bloomberg.According to Mexico's federal tax authority, access logs were examined, but no evidence of a breach was discovered.

The nation's national electoral institute added that it had improved its cybersecurity protocols and had not discovered any breaches or unauthorised access in the previous few months. Only federal networks were impacted, according to the Jalisco state government, which denied any involvement.Mexico’s national digital agency did not comment directly on the reported breaches but said cybersecurity remains a priority.

A spokesperson for Monterrey Water and Drainage Services said the organisation did not detect intrusions or significant vulnerabilities during the second half of 2025.Mexican officials had earlier issued a brief statement in December saying they were investigating breaches across several public institutions. However, it remains unclear whether that investigation is connected to the Claude-related attack.The reported incidents add to a growing pattern of AI tools being used in cyber operations. As companies such as Anthropic and OpenAI continue to develop advanced AI systems, and cybersecurity firms expand AI-based defence tools, attackers are also exploring ways to use the technology to support hacking activities.In November, Anthropic said it had disrupted what it described as the first AI-orchestrated cyber-espionage campaign, alleging that suspected Chinese state-linked hackers used Claude in attempts to target 30 organisations worldwide, with some attempts succeeding.AI tools are increasingly being used in digital crime investigations. Last week, researchers at Amazon said a small group of hackers gained access to more than 600 firewall devices across multiple countries using publicly available AI tools.