Podcast Episode
Israeli cybersecurity firm Gambit Security released its full technical report on April 10, documenting how Anthropic's Claude Code and OpenAI's GPT-4.1 served as core operational tools throughout the campaign, which ran from late December 2025 through mid-February 2026.
The attacker also created more than four hundred custom attack scripts and twenty tailored exploits targeting specific known vulnerabilities. Safety guardrails were bypassed by framing requests as part of a legitimate bug bounty programme, using Spanish-language prompts instructing the AI to act as an elite penetration tester.
One Hacker, Two AI Subscriptions, Nine Government Agencies Breached
April 12, 2026
0:00
4:46
A single unidentified hacker used commercial AI tools from Anthropic and OpenAI to breach nine Mexican government agencies over two months, stealing over one hundred and fifty gigabytes of sensitive data affecting roughly one hundred and ninety-five million identities. A full technical report from Israeli cybersecurity firm Gambit Security reveals the alarming scale and speed of the AI-assisted operation.
A New Kind of Cyber Threat
A lone hacker armed with nothing more than two commercial AI subscriptions managed to breach nine Mexican government agencies in roughly two months, exposing hundreds of millions of citizen records in what cybersecurity experts are calling a watershed moment for AI-enabled attacks.Israeli cybersecurity firm Gambit Security released its full technical report on April 10, documenting how Anthropic's Claude Code and OpenAI's GPT-4.1 served as core operational tools throughout the campaign, which ran from late December 2025 through mid-February 2026.
The Scale of the Operation
The attack began with Mexico's federal tax authority before spreading to the national electoral institute, state governments in Jalisco, Michoacan, Tamaulipas, and the State of Mexico, Mexico City's civil registry, and Monterrey's water utility. Over one hundred and fifty gigabytes of data were exfiltrated, exposing approximately one hundred and ninety-five million identities including taxpayer records, voter data, civil registry files, and government employee credentials.AI as the Attack Team
Claude Code generated and executed approximately seventy-five percent of all remote commands during the intrusion. Across thirty-four active sessions on live victim infrastructure, the attacker logged over one thousand individual prompts that produced more than five thousand AI-executed commands. A custom Python tool spanning over seventeen thousand lines piped harvested data through OpenAI's API, producing nearly two thousand six hundred structured intelligence reports.The attacker also created more than four hundred custom attack scripts and twenty tailored exploits targeting specific known vulnerabilities. Safety guardrails were bypassed by framing requests as part of a legitimate bug bounty programme, using Spanish-language prompts instructing the AI to act as an elite penetration tester.
Conventional Weaknesses, Unconventional Speed
Despite the sophistication of the AI methods, the underlying vulnerabilities were conventional: unpatched systems, weak credentials, and poor network segmentation. Gambit Security emphasised that AI collapsed the cost and complexity of reaching those systems, compressing attack timelines below standard detection windows. The attacker remains unidentified with no confirmed nation-state connection.Published April 12, 2026 at 2:30am
