Grupo Seguritech is a Mexican surveillance company that is expanding into the US.

A lone hacker used Claude Code and GPT-4.1 to exfiltrate hundreds of millions of Mexican citizen records from 9 government agencies.

An unknown hacker used Anthropic’s LLM to hack the Mexican government:

The unknown Claude user wrote Spanish-language prompts for the chatbot to act as an elite hacker, finding vulnerabilities in government networks, writing computer scripts to exploit them and determining ways to automate data theft, Israeli cybersecurity startup Gambit Security said in research published Wednesday.

[…]

Claude initially warned the unknown user of malicious intent during their conversation about the Mexican government, but eventually complied with the attacker’s requests and executed thousands of commands on government computer networks, the researchers said.

Anthropic investigated Gambit’s claims, disrupted the activity and banned the accounts involved, a representative said. The company feeds examples of malicious activity back into Claude to learn from it, and one of its latest AI models, Claude Opus 4.6, includes probes that can disrupt misuse, the representative said.

Alternative link here.

Hackers abused Claude Code to build exploits and steal 150GB of data in a cyberattack targeting Mexican government systems.

Hackers abused Anthropic’s Claude Code AI assistant to develop exploits, create custom tools, and automatically exfiltrate more than 150GB of data in an attack on Mexican government systems, the Israeli cybersecurity firm Gambit Security reports. The case highlights how generative AI can be weaponized to accelerate real-world cyber operations.

Attackers compromised 10 Mexican government agencies and a financial institution, starting with the tax authority in December 2025. Gambit Security found the threat actors sent over 1,000 prompts to Claude Code and used OpenAI’s GPT-4.1 to analyze stolen data.

Attackers jailbroke Anthropic’s Claude and used it for about a month to target multiple Mexican government entities, including the federal tax authority, the electoral institute, state governments, Mexico City’s civil registry, and Monterrey’s water utility. By bypassing AI guardrails and framing actions as authorized, the attacker automated exploit writing and data theft, exfiltrating 150GB of records and exposing about 195 million identities.

Posing as bug bounty testers, they crafted prompts to bypass safeguards. Claude initially resisted, flagging log deletion and stealth instructions as red flags before being manipulated into assisting the operation.

“In total, it produced thousands of detailed reports that included ready-to-execute plans, telling the human operator exactly which internal targets to attack next and what credentials to use,” Curtis Simpson, Gambit Security’s chief strategy officer. told VentureBeat.

When Claude stopped being helpful, the attackers switched to ChatGPT from OpenAI to get guidance on moving deeper into the network and organizing stolen credentials. As the breach progressed, they repeatedly asked where else government identities and related data could be found and which additional systems to target.

“This reality is changing all the game rules we have ever known,” said Alon Gromakov, co-founder and CEO of Gambit Security”

In November 2025, Anthropic disclosed that China-linked actors had also abused Claude Code in an espionage campaign targeting nearly 30 organizations worldwide. The AI was manipulated to perform key operational tasks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Claude Code)