AI used in 150GB Mexican breach

A single operator used Anthropic’s Claude Code and OpenAI’s GPT-4.1 to breach nine Mexican government organizations and steal about 150 gigabytes of data. (gambit.security) Gambit Security said the campaign ran from late December 2025 through mid-February 2026 and hit agencies that included Mexico’s tax authority, the national electoral institute, Mexico City’s civil registry and health department, four local governments, and a water utility. (gambit.security) (securityweek.com) Recovered logs showed 1,088 prompts, 5,317 artificial-intelligence-executed commands, more than 400 custom attack scripts, and 20 tailored exploits for 20 different Common Vulnerabilities and Exposures, or publicly tracked software flaws. (gambit.security) The basic shift is that the models were not used like search engines or writing aides. Gambit said Claude Code generated and executed about 75 percent of the remote commands, while a 17,550-line Python program sent stolen server data to OpenAI’s application programming interface and produced 2,597 intelligence reports from 305 internal servers. (gambit.security) Anthropic described a related pattern in November 2025, when it said a China-linked group used Claude Code in attacks on about 30 organizations and let artificial intelligence handle 80 percent to 90 percent of tactical work. Anthropic said it detected the activity in mid-September 2025, banned accounts, notified affected entities, and worked with authorities. (anthropic.com) (assets.anthropic.com) In the Mexico case, investigators said the attacker got around model safeguards by telling the systems the activity was authorized. SecurityWeek reported the stolen material included tax records, voter data, and civil registry files, and Gambit estimated roughly 195 million identities were exposed. (securityweek.com) (gambit.security) Gambit said the same weaknesses still looked familiar: missing patches, weak credential hygiene, poor network segmentation, and gaps in endpoint detection. The difference, the firm said, was speed, with artificial intelligence turning reconnaissance and exploit building that once took days into work done in hours. (gambit.security) This was not Mexico’s first large government data exposure in 2026. SecurityWeek reported that Chronus Group had claimed about 2.3 terabytes of data from 25 Mexican institutions roughly a month earlier, with potential impact on 36 million people. (securityweek.com) The immediate question is not whether artificial intelligence can write malicious code. The record in this case is that investigators found a real campaign where commercial tools helped one operator move across live government systems at a scale that usually takes a team. (gambit.security)