Threat actors weaponized Anthropic's Claude Code AI assistant to automate and accelerate a large-scale cyberattack against Mexican government systems, bypassing its guardrails by convincing the AI the actions were authorized. The attackers used over 1,000 prompts to have the AI write exploits, build tools, and automate the exfiltration of over 150GB of sensitive data, also leveraging OpenAI's GPT-4.1 for data analysis. This incident highlights the emerging threat of AI tools being abused to lower the barrier to entry and amplify the scale and speed of attacks.
Artificial Intelligence Hackers Weaponize Claude Code in Mexican Government Cyberattack The AI was abused to write exploits, create tools, and automatically exfiltrate over 150GB of data. By Ionut Arghire | March 1, 2026 (7:30 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Anthropic’s Claude Code assistant has been abused in a cyberattack against the Mexican government’s systems, Israeli cybersecurity startup Gambit Security reports. As part of the attack, ten Mexican government bodies and a financial institution were compromised, beginning with the country’s tax authority in late December 2025. Based on the analyzed attacker logs, Gambit assesses that over 1,000 prompts were sent to Claude Code to mount the attacks, and that information was also passed to OpenAI’s GPT-4.1 for analysis. “AI didn’t just assist, it functioned as the operational team: writing exploits, building tools, automating exfiltration,” Gambit explains. The attacker bypassed the AI’s guardrails by convincing it that all actions were authorized, guided the assistant throughout the compromise, and leveraged OpenAI’s model to analyze data and accelerate the attack execution. Within a month, Gambit says, the hacker exfiltrated over 150GB of data, including civil registry files, tax records, and voter data. Roughly 195 million identities have been exposed in the breach, it says. Advertisement. Scroll to continue reading. “An attack of this scale does not end when it is discovered. Recovery can be long, disruptive, and expensive, often requiring organizations to rebuild systems, suspend critical services, and work to regain public trust,” Gambit notes. Gambit recently emerged from stealth with $61 million in funding. This is not the first time hackers have abused Claude in malicious campaigns. In November 2025, Anthropic revealed that Chinese threat actors manipulated Claude Code to do heavy lifting as part of an espionage campaign targeting nearly 30 organizations worldwide. According to Red Sift CEO Rahul Powar, hackers are abusing AI at no cost, while reaping the benefits of attack scale, speed, and sophistication amplification. “The cost to entry for any attacker is essentially non-existent, and while this technology offers enormous benefits, its misuse can lead to dangerous national security risks. Implementing the right safeguards that prevent harm, and utilizing AI as a defense mechanism, can ensure all governments are prepared to respond against powerful and harmful operations,” Powar said. Previous Mexican government data breaches Gambit’s report on the data breach comes roughly a month after hacking collective Chronus Group boasted of stealing roughly 2.3TB of data from 25 government institutions, potentially affecting 36 million people. The data, reportedly compiled from multiple sources, included names, phone numbers, dates of birth, and details about Mexico’s public universal healthcare system. Active since at least 2021, Chronus Group’s operations include both hacktivism and cybercrime activities. The collective was previously described as spreading FUD and seeking media attention. In response to the hackers’ claims, Mexico’s cybersecurity agency Agencia de Transformación Digital y Telecomunicaciones (ATDT) said that the data was a collection of information compromised in previous data breaches, stolen from obsolete systems managed by private entities for local state bodies. In November 2024, the ransomware group Ransomhub claimed to have stolen 313GB of data from the Mexican government’s presidential legal counsel office. In January 2024, a hacker leaked the information of 263 journalists who had signed up to cover presidential activities. These incidents, however, illustrate the escalating cyber threats to Latin America, a region that faces over 3,000 cyberattacks per week, according to data compliance platform Kiteworks . Related: 38 Million Allegedly Impacted by ManoMano Data Breach Related: Nearly 1 Million User Records Compromised in Figure Data Breach Related: ApolloMD Data Breach Impacts 626,000 Individuals Related: Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Gambit Security Emerges From Stealth With $61 Million in Funding Zyxel Patches Critical Vulnerability in Many Device Models US Sanctions Russian Exploit Broker Operation Zero Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers SolarWinds Patches Four Critical Serv-U Vulnerabilities Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia CarGurus Data Breach Impacts Over 12 Million Users Astelia Raises $35 Million for Exposure Management Latest News Canadian Tire Data Breach Impacts 38 Million Accounts Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators 38 Million Allegedly Impacted by ManoMano Data Breach 900 Sangoma FreePBX Instances Infected With Web Shells Chilean Carding Shop Operator Extradited to US Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move Predictive revenue system company Clari + Salesloft has named Peter Liebert as CISO. Nscale has appointed Latha Maripuri as Chief Information Security Officer. BreachRx has named Young-Sae Song as Chief Marketing Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email