Un autor no identificado utilizó la herramienta de IA Claude para orquestar ataques contra múltiples agencias gubernamentales mexicanas, robando un total de 150 GB de datos sensibles que incluyen registros de 195 millones de contribuyentes, datos de votantes, credenciales de empleados públicos y registros civiles. La campaña, que duró desde diciembre de 2025 hasta enero de 2026, apuntó al SAT (autoridad fiscal federal), el INE (instituto electoral nacional), gobiernos estatales como Jalisco, Michoacán y Tamaulipas, y hasta la utilidad de agua de Monterrey, among others.
Los investigadores que estudiaron lo ocurrido descubrieron que el atacante usó prompts (peticiones a la herramienta) en español para instruir a Claude a actuar como un “hacker de élite”, overcoming the different security measures of the tool itself to prevent these types of incidents.
Claude helped the attacker identify vulnerabilities in government networks, generate scripts to exploit them and automate mass data extraction, producing thousands of detailed plans ready to execute. When Claude refused for security reasons, the criminal persisted with rephrasings or switched to ChatGPT for complementary tasks such as lateral movement in networks and detection evasion, demonstrating how AI tools accessible to anyone can be combined in full hacking operations. Anthropic confirmed having suspended the accounts involved, reinforced its models with misuse detection (as in Claude Opus 4.6) and fed attack examples to improve safeguards, although the criminal managed to evade them temporarily.
The case exposes the double-edged nature of generative AI: it accelerates the democratization of sophisticated hacking without the need for years of technical experience, and highlights the urgency for governments and companies to strengthen security audits, segmentation of sensitive data and proactive anomaly monitoring, while AI companies must toughen their ethical and malicious-use filters.
Fountain: Bloomberg