Claude: AI chatbot used for cyberattack on Mexican government

A cybercriminal has used Anthropic's AI chatbot Claude to infiltrate the networks of Mexican government agencies, stealing vast amounts of sensitive tax and voter information, according to cybersecurity experts. This was reported on Wednesday by the US news agency Bloomberg.

The Bloomberg report refers to a study by Israeli cybersecurity startup Gambit Security, which found that the unknown Claude user wrote Spanish-language commands for the chatbot to identify vulnerabilities in government networks, write computer scripts to exploit them, and find ways to automate data theft. The illegal activities reportedly began in December and lasted for about a month.

The attacker gained access to the Mexican Federal Tax Administration and the National Electoral Institute. The governments of several federal states, as well as agencies in Mexico City and Monterrey, were also compromised, it is stated. A total of 150 gigabytes of data were stolen, including documents related to 195 million tax records, voter records, government employee credentials, and population registry files. In December, the Mexican government published a brief statement stating that it was investigating a possible security incident in personal databases held by public institutions. It is unclear whether this is related to the Claude cyberattack. It is also unclear who is behind the cyberattack and data theft; however, Gambit does not believe there are connections to a foreign government.

Anthropic investigates the incident

The chatbot Claude initially warned the attacker of malicious intent during “their conversation” but eventually complied with the unknown user's demands, executing thousands of commands within the Mexican government's computer networks, according to Gambit experts. Anthropic stated it is investigating the incident. The accounts involved have been blocked. A company representative told Bloomberg that the company feeds examples of malicious activity back into Claude to learn from them. One of the latest AI models, Claude Opus 4.6, contains probes that can prevent misuse.

When Claude encountered problems during the attack or required additional information, the cybercriminal turned to OpenAI's ChatGPT for further insights, Gambit continued. According to the Israeli cybersecurity experts, this included how to move laterally through computer networks, what credentials were required to access specific systems, and the likelihood of the illegal action being detected. OpenAI stated that ChatGPT resisted these illegal attempts. The accounts used by the attacker have been blocked, the company said in an emailed statement.

As reported by Bloomberg, Gambit employees uncovered the attacks on Mexican authorities while testing new threat hunting techniques. They encountered publicly accessible evidence of active or recent attacks, including one that contained extensive Claude conversations about breaching Mexican government computer systems. These conversations revealed, according to Gambit, that the attacker, to bypass Claude's security measures, informed the chatbot that they were pursuing a bug bounty program. Bug bounty programs are initiatives to identify vulnerabilities and flaws in software. Such programs are run by companies or authorities and reward the discovery of computer security vulnerabilities with material or monetary prizes.

“Alarming Trend”

“The attacks on Mexican government networks are the latest example of an alarming trend,” Bloomberg writes. “As Anthropic and OpenAI focus on developing increasingly sophisticated AI coding tools – and cybersecurity companies tie their future to AI-powered defenses – cybercriminals and cyberspies are finding new ways to use this technology for attacks.”

Artificial intelligence has become an important tool for cybercriminals. In November, Anthropic announced that it had thwarted an AI-orchestrated cyberespionage campaign. Attackers, allegedly supported by the Chinese state, had manipulated the Claude chatbot to attack dozens of targets worldwide. A few attempts were successful. Recently, there have also been reports that North Korean cybercriminals are using AI-generated PowerShell backdoors. And according to a recent study, AI can already perform sophisticated tasks such as writing zero-day exploits, which were previously handled by human experts.

(akn)