AI used to help breach Mexican agencies

One attacker used Claude Code and OpenAI’s GPT-4.1 to break into nine Mexican government agencies, according to a technical report released April 10 by Gambit Security. (gambit.security) Gambit said the campaign ran from late December 2025 through mid-February 2026 and hit federal, state, and municipal systems. The firm said the intrusions exposed hundreds of millions of citizen records. (gambit.security) The report says about 75% of the remote commands executed during the operation were generated and run by Claude Code. It also says a 17,550-line Python tool sent stolen server data through OpenAI’s application programming interface and produced 2,597 reports from 305 internal servers. (gambit.security) Large language models are text systems trained to predict the next token, which lets them write code, summarize logs, and turn raw server output into step-by-step instructions. In this case, Gambit said the models were used for reconnaissance, exploit writing, privilege escalation, and data theft across live government networks. (openai.com; gambit.security) Bloomberg reported on February 25 that the stolen data included tax files, voter records, government employee credentials, and civil registry documents. Bloomberg also reported that Gambit did not attribute the operation to a foreign government and said the researchers believed it was not state-directed. (bloomberg.com) Bloomberg said the breached bodies included Mexico’s federal tax authority and the National Electoral Institute, along with state governments in Jalisco, Michoacán, and Tamaulipas, Mexico City’s civil registry, and Monterrey’s water utility. SecurityWeek, citing Gambit, reported a broader count of ten government bodies and one financial institution in the wider campaign. (bloomberg.com; securityweek.com) Gambit said recovered attacker materials contained more than 400 custom attack scripts, 20 exploits tied to 20 different Common Vulnerabilities and Exposures entries, and 1,088 logged prompts that generated 5,317 artificial-intelligence-executed commands across 34 sessions. The firm said the workflow let one operator do work that would usually require a team. (gambit.security) Anthropic has already disclosed a separate case from September 2025 in which a China-linked espionage actor used Claude Code against about 30 targets worldwide. OpenAI said in a March 2026 threat report that it tracks and disrupts malicious uses of its models across cyber operations and other abuse categories. (anthropic.com; openai.com) Both companies publicly say they monitor misuse and enforce safety rules on cyber abuse. OpenAI’s usage policies bar using its services to develop or run malware, while Anthropic has said its safeguards team updates defenses as attackers probe for ways around them. (openai.com; anthropic.com) Gambit said the underlying flaws in the Mexican systems were still ordinary security problems: unpatched software, weak credential hygiene, limited network segmentation, and gaps in endpoint detection. The difference in this case, the firm said, was speed. (gambit.security)