Newsletters
A small group of hackers used artificial intelligence (AI) tools to break into nine Mexican government agencies and steal hundreds of millions of citizens' personal records between December 2025 and mid-February 2026.
Researchers say this is one of the largest cybersecurity breaches ever recorded.
Gambit Security said the attackers used Anthropic's Claude Code and OpenAI's GPT-4.1 throughout the two and a half month campaign against federal and state agencies.
The company shared its findings in a blog post on February 24 and followed up with a technical report on April 10.
"195 million identities and detailed tax records, 15.5M vehicle registry records extracted (license plates, names, taxpayer IDs, addresses), 295 civil records (births, deaths, marriages, etc.), 3.6 million property owner records, an additional 2.28 million property records, and more sensitive information was exfiltrated," Eyal Sela, director of threat intelligence at Gambit Security, wrote in the report.
To sort through the stolen files and choose what to take, the attackers sent over 1,000 prompts to the AI tools. These prompts led to more than 5,000 commands being carried out during the operation.
Sela said this case shows that AI is changing cybercrime by letting small groups launch attacks as quickly and on as large a scale as much bigger teams.
AI can find weaknesses in digital systems and process stolen information much more efficiently than older methods.
During the campaign, the hackers used over 400 custom attack scripts and a larger program designed to handle data stolen from hundreds of internal servers.
Gambit Security said Claude did most of the work during the hands-on part of the hack, creating and running about 75% of the remote hacking activity. However, Claude's built-in safeguards did not always allow this.
"Throughout the campaign, Claude refused or resisted certain requests, questioning the legitimacy of operations, requesting authorization evidence, and declining to generate specific tools," Sela said.
AI chatbots are designed to refuse harmful requests, but some users have managed to 'jailbreak' them and get around these protections.
In this case, researchers found that the attackers needed just 40 minutes to get past Claude's protections. After that, the model helped them find security weaknesses and complete coding tasks to extract the data.
The attackers used ChatGPT to analyze the stolen documents. They built a Python tool with 17,550 lines of code to send data through the model, which produced 2,597 reports on material from 305 internal servers.
The attackers then sent those reports back to Claude for more analysis, which broke the terms of use for both AI systems.
"Recovering from this attack will take weeks to months; rebuilding trust will likely take years," Curtis Simpson, chief strategy officer at Gambit Security, said in the blog post.
"The attackers in this scenario may have been focused on government identities and backdoors to create fraudulent identities, but considering the level of compromise achieved, this could have just as easily resulted in all data being eliminated and the systems being rendered unrecoverable."
Researchers said the Mexico attack should "serve as a wake-up call" for governments and private organizations everywhere.
This case shows that generative AI platforms, intended to help people work more efficiently, can be misused to accelerate large-scale hacks when their safety controls are bypassed.
Security analysts in Europe, the Middle East, and other regions, including Türkiye, have noticed that AI-assisted attacks are becoming more common and more advanced.
Set as preferred source
Set as preferred source
3 min read
