125/69 Wednesday, March 4, 2026
Israeli cybersecurity firm Gambit Security has revealed that threat actors leveraged Claude Code, an AI-powered coding assistant developed by Anthropic, to build cyberattack tools. The attackers used the AI system to generate intrusion scripts and ultimately exfiltrated more than 150GB of data from systems belonging to Mexican government agencies. The incident highlights the growing risk of generative AI being weaponized in real-world cyber operations.
According to the report, the attackers gained access to systems across at least 10 Mexican government agencies, including one financial institution. The campaign reportedly began in December 2025, initially targeting Mexico’s federal tax authority. Investigators found that the attackers submitted more than 1,000 prompts to Claude Code to analyze vulnerabilities, develop attack scripts, and produce operational reports. In addition, they used GPT-4.1 from OpenAI to help analyze the stolen data. The breach affected several key institutions, including the national tax authority, the electoral institute, local government systems, the Mexico City civil registry, and a municipal utilities organization in Monterrey. In total, approximately 195 million records containing personal data were exposed.
The attackers reportedly used jailbreak techniques to bypass the AI system’s safety guardrails by posing as security researchers participating in a bug bounty program, tricking the model into helping generate attack plans. Initially, Claude refused certain requests-such as deleting logs or performing actions intended to conceal traces—but the attackers later refined their prompts to bypass those restrictions. When Claude eventually stopped responding to certain requests, the attackers switched to ChatGPT for guidance on lateral movement within the compromised network and managing stolen credentials. The incident occurred shortly after a previous wave of AI-related cybersecurity concerns reported in November 2025.
