AI‑assisted Mexican breaches

A single attacker used Claude Code and OpenAI’s GPT-4.1 to break into nine Mexican government organizations and steal about 150 gigabytes of data. (gambit.security, securityweek.com) Gambit Security said the campaign ran from late December 2025 through mid-February 2026 and hit federal, state, and municipal systems. Bloomberg reported the stolen files included taxpayer records, voter records, employee credentials, and civil registry data. (gambit.security, bloomberg.com) The first foothold came through ordinary weaknesses, not a new software flaw. Gambit said the attacker used the models to find openings, write scripts, and move faster across unfamiliar systems after getting in. (bloomberg.com, gambit.security) In plain terms, the models acted like on-demand coding assistants for a break-in. Gambit said Claude generated and executed about 75% of the remote commands used in the intrusions, while a separate Python tool sent harvested server data to OpenAI’s application programming interface for analysis. (gambit.security) Gambit’s forensic review counted 1,088 logged prompts, 5,317 AI-executed commands, more than 400 custom attack scripts, and 20 tailored exploits for 20 different Common Vulnerabilities and Exposures entries. The firm said the same workflow produced 2,597 structured intelligence reports across 305 internal servers. (gambit.security) The affected organizations included Mexico’s tax authority, the National Electoral Institute, Mexico City’s civil registry and health department, state governments in Jalisco, Michoacán, and Tamaulipas, and Monterrey’s water utility, according to Bloomberg and SecurityWeek. SecurityWeek separately reported that Gambit counted ten government bodies and one financial institution in the wider compromise set. (bloomberg.com, securityweek.com) Gambit said the attacker also built a live application programming interface into compromised tax infrastructure and a system for generating forged tax certificates with real government data. The company said those steps turned stolen records into tools for follow-on fraud. (gambit.security) Anthropic has already described a separate case from November 2025 in which a Chinese state-backed group used Claude Code in intrusion attempts against about 30 targets worldwide. OpenAI said in a December 2025 security post that stronger safeguards are needed as model cyber capabilities advance. (anthropic.com, openai.com) Mexico’s National Electoral Institute said on April 26, 2025, in an unrelated clarification about election systems, that it regularly updates and reinforces its cybersecurity protections. In this case, Gambit said the weaknesses exploited were still the familiar basics: patching gaps, stale credentials, limited network segmentation, and weak endpoint detection. (centralelectoral.ine.mx, gambit.security) The reporting does not show artificial intelligence discovering a new class of bug. It shows one operator using commercial tools to turn old security holes into a much larger breach before defenders could catch up. (gambit.security, bloomberg.com)