A single hacker lately managed to compromise 9 completely different Mexican authorities businesses by exploiting two widespread AI platforms. This discovering comes from the analysis agency Gambit Safety, revealing that Claude Code, an AI-powered coding assistant, and OpenAI’s GPT-4.1 had been used within the assault between December 2025 and February 2026.
Researchers famous in an in depth report that the attacker accessed state and federal techniques at a velocity that human safety groups merely couldn’t match. Claude Code ran round 75% of the distant instructions despatched to authorities computer systems.
The hacker logged 1,088 prompts in complete, which generated 5,317 instructions throughout 34 reside periods, thus permitting the hacker to single-handedly do the work of an entire group, turning unfamiliar networks into clearly mapped targets in only a few hours.
Tricking the AI
The hacker blatantly manipulated the AI platforms to bypass security filters. On 27 December 2025, the attacker began a session by claiming they had been a part of a authorized bug bounty program, after which fed the AI a 1,084-line hacking handbook, which taught the AI to cover the hacker’s tracks by mechanically deleting historical past recordsdata.
Additional investigation revealed {that a} customized 17,550-line software known as BACKUPOSINT.py was used to maneuver the assault ahead. This software despatched stolen knowledge from 305 inner servers to OpenAI’s techniques, which produced 2,597 reviews explaining the federal government’s server setups. Principally, the AI acted as an automatic analyst, turning uncooked knowledge right into a structured map for the hacker.
Widespread Entry to Citizen Knowledge
The harm hit a number of ranges of presidency. On the federal tax authority (SAT), the hacker accessed 195 million taxpayer data and constructed a service to create pretend tax certificates. In Mexico Metropolis, the attacker used a easy scheduled process file to sneak in a secret key and take over 220 million civil data. In Jalisco state, the hacker gained management over the complete server system, together with a 13-node Nutanix cluster.
This gave them entry to 37 completely different database servers containing delicate well being data and knowledge on home violence victims. In accordance with researchers, the hacker used 20 customized scripts to focus on 20 CVEs in software program. When the AI refused some requests or questioned the work, the hacker merely rephrased their instructions. The regarding half is that whereas these instruments are new, the methods hackers used to use them had been fairly fundamental.
“The forensic materials we recovered consists of: – 20 tailor-made exploit scripts concentrating on 20 completely different CVEs – 2,597 structured intelligence reviews generated by OpenAI – Over 400 customized assault scripts – 301 Bash and 113 Python – together with tunnel administration, credential spraying, knowledge extraction, deployment automation, operational safety cleanup, and rootkits – 1,088 individually logged attackers prompts producing 5,317 AI-executed instructions throughout 34 periods on a reside sufferer infrastructure,” the report reads.
Why the Assault Succeeded
Researchers imagine that the federal government businesses didn’t replace their software program or change their passwords typically sufficient as a result of easy steps like fixing previous software program and splitting up networks into smaller components might have stopped the hacker.
In addition they defined that Fashionable AI instruments have made it far cheaper and simpler for hackers to determine safety vulnerabilities, overwhelming cybersecurity groups and enabling attackers to succeed.
