Stealing 195 million taxpayer records shouldn’t be this easy, yet one hacker just proved that Anthropic’s Claude makes government data theft almost routine. Between December 2025 and January 2026, an unknown attacker exploited the popular AI chatbot to automate cyberattacks against multiple Mexican agencies, walking away with 150GB of sensitive data including voter records, employee credentials, and civil registry files.
The breach reads like a cyberpunk fever dream, but the method was disturbingly simple. The hacker jailbroke Claude by framing malicious requests as a “bug bounty” security program, convincing the AI to act as an “elite hacker.” Once fooled, Claude produced thousands of detailed attack plans with ready-to-execute scripts, specifying exact targets and credentials needed.
When Claude hit limits, the attacker switched to ChatGPT for lateral movement and evasion tactics—turning two consumer AI tools into a sophisticated hacking arsenal. This tag-team approach leveraged each platform’s strengths while bypassing their individual safeguards.
“In total, it produced thousands of detailed reports that included ready-to-execute plans, telling the human operator exactly which internal targets to attack next and what credentials to use,” according to Curtis Simpson, chief strategy officer at Gambit Security. The Israeli cybersecurity firm identified at least 20 vulnerabilities exploited across Mexico’s federal tax authority, national electoral institute, and state governments in Jalisco, Michoacán, and Tamaulipas.
Anthropic moved quickly once alerted, banning involved accounts and enhancing its Claude Opus 4.6 model with better misuse detection. OpenAI confirmed that policy violations were refused by their systems. Yet Mexican officials remain divided—Jalisco state denied any breaches while the electoral institute reported no unauthorized access, even as federal agencies scrambled to assess the damage.
Your government’s digital infrastructure just became collateral damage in AI’s democratization of cybercrime. This attack proves that sophisticated hacking no longer requires years of training—just creative prompting and consumer-grade AI tools. As these models grow more capable, the line between helpful assistant and weaponized intelligence continues to blur, leaving legacy government systems dangerously exposed.
