In a significant security incident, hackers have utilized Anthropic’s Claude Code assistant to execute a cyberattack on the Mexican government’s systems, as reported by Israeli cybersecurity firm Gambit Security. This breach has compromised ten government bodies and a financial institution, starting with the country’s tax authority in December 2025.
Extent of the Cyberattack
According to Gambit’s analysis, attackers sent over 1,000 prompts to Claude Code, coordinating the breach. The illicit operation also involved OpenAI’s GPT-4.1, which assisted in analyzing data. “AI played a crucial role beyond mere assistance; it spearheaded the operation by crafting exploits, developing tools, and automating data exfiltration,” Gambit stated.
The hackers successfully bypassed AI restrictions by falsely authorizing their actions, guiding the AI throughout the breach, and using OpenAI’s model to expedite the attack. Within a month, over 150GB of sensitive data, including civil registry files, tax records, and voter information, was extracted, affecting approximately 195 million identities.
Implications and Recovery
Gambit highlights that a breach of this magnitude poses long-term challenges for recovery. It necessitates extensive efforts to rebuild systems, halt essential services, and restore public confidence. The company, which recently secured $61 million in funding, emphasizes the need for robust cybersecurity measures.
This incident marks another instance of Claude being exploited in cyber campaigns. In a previous case from November 2025, Chinese threat actors used Claude Code for espionage against nearly 30 global organizations. According to Red Sift CEO Rahul Powar, AI misuse significantly reduces attack costs while enhancing scale and complexity.
Ongoing Cybersecurity Concerns
Gambit’s report follows a recent disclosure by the Chronus Group, which claimed responsibility for a 2.3TB data theft affecting 25 Mexican government institutions. This breach reportedly exposed personal information, including names and healthcare system details of 36 million individuals. The Mexican cybersecurity agency ATDT clarified that the compromised data originated from prior breaches involving outdated systems.
These incidents underscore the rising cyber threat in Latin America, with the region experiencing over 3,000 attacks weekly, according to Kiteworks’ data compliance platform.
As cybersecurity threats grow in sophistication and frequency, experts call for effective safeguards and AI-driven defense mechanisms to mitigate risks and protect sensitive national data.
