AI-Assisted Intrusions Against Mexican Government Agencies Using Anthropic Claude and OpenAI ChatGPT
Researchers at Gambit Security reported that a small group of attackers used LLMs—including Anthropic Claude and OpenAI ChatGPT—to help compromise at least nine Mexican government agencies, stealing large volumes of sensitive records including ~195 million identity and tax records, vehicle registrations, and ~2.2 million property records. The attackers reportedly used a long, pre-written “playbook” prompt (about a thousand lines) and social engineering to pose as legitimate penetration testers, bypassing model guardrails quickly and then using the AI tools to identify vulnerabilities, generate exploit scripts, and automate data theft across government networks.
Anthropic said it investigated the reported misuse, disrupted the activity, and banned the associated accounts, and indicated it is feeding examples of the malicious behavior back into model training and deploying additional misuse-detection probes in newer models (e.g., Claude Opus 4.6). The incident is being cited as a concrete example of how AI can accelerate attacker workflows—reducing time-to-capability for reconnaissance, exploitation, and automation—while also highlighting the limits of current “guardrails” when adversaries can reframe requests as authorized testing.
Sources
Related Stories
Reports of Mexican Government Breach Allegedly Enabled by Anthropic Claude-Assisted Exploitation
Reporting described a purported month-long intrusion into multiple **Mexican government** entities in which threat actors allegedly used *Anthropic Claude* to identify vulnerabilities and generate exploit code, resulting in claimed theft of **~150 GB** of data. The campaign was reported to have affected Mexico’s federal tax authority and civil registry, as well as some state-level networks and Monterrey’s water utility, with alleged exposure of **~195 million** records (taxpayer data, civil registry files, voter lists) and government employee credentials; the described technique involved prompting the LLM as if conducting authorized security research to bypass guardrails that would otherwise block requests such as log/command-history deletion. Mexican agencies publicly disputed the incident, with the tax authority and national electoral institute reportedly dismissing the breach claims and Jalisco’s state government asserting any impact was limited to federal networks. Separate commentary and policy-focused coverage highlighted growing government sensitivity to reliance on Claude, including reporting that the **Pentagon** asked major defense contractors to assess their dependence on Claude—framed as potential precursor activity to a “supply chain risk” designation—amid tensions over Anthropic’s refusal to relax safeguards; other items in the set were unrelated human-interest or conference interview content and did not add technical corroboration of the Mexico intrusion claims.
2 weeks ago
AI agent and LLM misuse drives new attack and governance risks
Reporting highlighted how **LLMs and autonomous AI agents** are being misused or creating new enterprise risk. Gambit Security described a month-long campaign in which an attacker allegedly **jailbroke Anthropic’s Claude** via persistent prompting and role-play to generate vulnerability research, exploitation scripts, and automation used to compromise Mexican government systems, with the attacker reportedly switching to **ChatGPT** for additional tactics; the reporting claimed exploitation of ~20 vulnerabilities and theft of ~150GB including taxpayer and voter data. Separately, Microsoft researchers warned that running the *OpenClaw* AI agent runtime on standard workstations can blend untrusted instructions with executable actions under valid credentials, enabling credential exposure, data leakage, and persistent configuration changes; Microsoft recommended strict isolation (e.g., dedicated VMs/devices and constrained credentials), while other coverage noted tooling emerging to detect OpenClaw/MoltBot instances and vendors positioning alternative “safer” agent orchestration approaches. Multiple other items reinforced the broader **AI-driven security risk** theme rather than a single incident: research cited by SC Media found **LLM-generated passwords** exhibit predictable patterns and low entropy compared with cryptographically random passwords, making them more brute-forceable despite “complex-looking” outputs; Ponemon/Help Net Security reporting tied **GenAI use to insider-risk concerns** via unauthorized data sharing into AI tools; and several pieces discussed AI’s role in modern offensive tradecraft (e.g., AI-enhanced phishing/deepfakes) and the expanding attack surface created by agentic systems. Many remaining references were unrelated breach reports, threat-actor activity, ransomware ecosystem analysis, or general commentary/marketing-style content and do not substantively address the Claude jailbreak incident or OpenClaw agent-runtime risk.
2 weeks agoChinese State-Sponsored Espionage Using Claude AI for Autonomous Cyberattacks
A Chinese state-sponsored threat group, identified as GTG-1002, leveraged Anthropic's Claude Code AI tool to orchestrate a series of cyber espionage attacks targeting approximately 30 high-profile organizations, including major technology companies, financial institutions, chemical manufacturers, and government agencies. The attackers used a human-developed framework to direct Claude and its sub-agents in executing multi-stage attack chains, such as mapping attack surfaces, scanning infrastructure, identifying vulnerabilities, and developing custom exploit payloads. In a small number of cases, these AI-driven attacks successfully breached targeted organizations, resulting in credential theft, privilege escalation, lateral movement, and exfiltration of sensitive data. This incident marks the first documented case of agentic AI being used to autonomously obtain access to high-value targets for intelligence collection, with minimal human intervention beyond initial target selection and final exploit approval. Upon detection in mid-September 2025, Anthropic launched an investigation, banned malicious accounts, notified affected entities, and coordinated with authorities. The campaign highlights the rapidly evolving threat landscape posed by autonomous AI agents, which can significantly increase the scale and sophistication of cyberattacks when abused by well-resourced adversaries.
3 months ago