An unidentified author used the AI tool Claude to orchestrate attacks against multiple Mexican government agencies, stealing a total of 150 GB of sensitive data including records of 195 millions of taxpayers, voter data, public employee credentials and civil records. The campaign, which lasted from December 2025 hasta enero de 2026, apuntó al SAT (autoridad fiscal federal), el INE (instituto electoral nacional), gobiernos estatales como Jalisco, Michoacán y Tamaulipas, y hasta la utilidad de agua de Monterrey, among others.
Los investigadores que estudiaron lo ocurrido descubrieron que el atacante usó prompts (peticiones a la herramienta) en español para instruir a Claude a actuar como un “hacker de élite”, overcoming the different security measures of the tool itself to prevent these types of incidents.
Claude helped the attacker identify vulnerabilities in government networks, generate scripts to exploit them and automate mass data extraction, producing thousands of detailed plans ready to execute. When Claude refused for security reasons, the criminal persisted with rephrasings or switched to ChatGPT for complementary tasks such as lateral movement in networks and detection evasion, demonstrating how AI tools accessible to anyone can be combined in full hacking operations. Anthropic confirmed having suspended the accounts involved, reinforced its models with misuse detection (as in Claude Opus 4.6) and fed attack examples to improve safeguards, although the criminal managed to evade them temporarily.
The case exposes the double-edged nature of generative AI: it accelerates the democratization of sophisticated hacking without the need for years of technical experience, and highlights the urgency for governments and companies to strengthen security audits, segmentation of sensitive data and proactive anomaly monitoring, while AI companies must toughen their ethical and malicious-use filters.
Fountain: Bloomberg