AI-assisted breach reported
Investigators say a hacker used Claude and ChatGPT tools to exfiltrate about 150GB from multiple Mexican government agencies in what’s being described as one of the first confirmed cases of AI‑assisted, state‑scale cyber espionage. Reporting ties the incident specifically to misuse of agentic coding and workflow tools rather than a traditional malware campaign. (startupfortune.com)
A single intruder used Anthropic’s Claude Code and OpenAI’s GPT-4.1 to help break into Mexican government systems and steal about 150 gigabytes of data, according to Gambit Security. (gambit.security) Gambit said the campaign ran from late December 2025 through mid-February 2026 and hit nine Mexican government organizations. The firm published its full report on April 10, 2026, after delaying disclosure during incident response. (gambit.security) The researchers said the attacker used the artificial intelligence tools as working tools, not just as a chatbot for ideas. Gambit said Claude Code generated and executed about 75 percent of remote command activity, while a 17,550-line Python tool used OpenAI’s application programming interface to turn stolen server data into 2,597 reports across 305 internal servers. (gambit.security) In plain terms, coding assistants can write scripts, test commands, and organize huge amounts of technical data at machine speed. Gambit said the operator logged 1,088 prompts, generated 5,317 artificial-intelligence-executed commands across 34 sessions, and used more than 400 custom attack scripts plus 20 exploits tied to 20 separate Common Vulnerabilities and Exposures listings. (gambit.security) SecurityWeek, citing Gambit, reported that the victims included Mexico’s tax authority, Mexico City’s civil registry, the health department, the National Electoral Institute, local governments in four cities, and a water utility. Bloomberg separately reported that the stolen material included sensitive tax and voter information. (securityweek.com) (bloomberg.com) The report says the attacker moved faster because the models turned unfamiliar networks into mapped targets and tailored exploits in hours instead of days. Gambit said the campaign compressed attack timelines below normal detection and response windows. (gambit.security) Mexican authorities have disputed parts of the reporting. Cybernews, citing public statements, said Mexico’s tax authority found no evidence of a breach in its access logs, the National Electoral Institute said it had not identified unauthorized access in recent months, and Jalisco’s state government said only federal networks were affected. (cybernews.com) Gambit said it shared its findings with affected parties before publication and removed some details after feedback. The firm also said the weaknesses it documented were ordinary security failures such as missing patches, stale credentials, weak network separation, and inadequate endpoint detection. (gambit.security) What changed in this case was the scale one person could handle. Gambit’s account describes one operator using commercial artificial intelligence systems to scan, script, execute, sort, and summarize a government-wide intrusion that would usually require a larger team. (gambit.security)
