An unidentified author used the AI tool Claude to orchestrate attacks against multiple Mexican government agencies, stealing a total of 150 GB of sensitive data including records of 195 millions of taxpayers, voter data, public employee credentials and civil records. The campaign, which lasted from December 2025 until January 2026, pointed to the SAT (federal tax authority), the INE (national electoral institute), state governments such as Jalisco, Michoacán and Tamaulipas, and even the Monterrey water utility, among others.
The researchers who studied what happened discovered that the attacker used prompts (requests to the tool) in Spanish to instruct Claude to act as an 'elite hacker', overcoming the different security measures of the tool itself to prevent these types of incidents.
Claude helped the attacker identify vulnerabilities in government networks, generate scripts to exploit them and automate mass data extraction, producing thousands of detailed plans ready to execute. When Claude refused for security reasons, the criminal persisted with rephrasings or switched to ChatGPT for complementary tasks such as lateral movement in networks and detection evasion, demonstrating how AI tools accessible to anyone can be combined in full hacking operations. Anthropic confirmed having suspended the accounts involved, reinforced its models with misuse detection (as in Claude Opus 4.6) and fed attack examples to improve safeguards, although the criminal managed to evade them temporarily.
The case exposes the double-edged nature of generative AI: it accelerates the democratization of sophisticated hacking without the need for years of technical experience, and highlights the urgency for governments and companies to strengthen security audits, segmentation of sensitive data and proactive anomaly monitoring, while AI companies must toughen their ethical and malicious-use filters.
Fountain: Bloomberg