What happened

An unidentified hacker used Claude and ChatGPT to attack several high-level Mexican government agencies, including the Federal Tax Authority (SAT), national electoral body (INE), state governments, civil registry, and utility systems. 

Through careful prompting in Spanish, the attacker coaxed Claude into identifying system vulnerabilities, writing exploit scripts, and outlining detailed attack steps, effectively automating parts of the breach.

The campaign resulted in the theft of about 150 gigabytes of data, including 195 million taxpayer records, voter registration files, government employee credentials, and civil registry information.

During some steps, the attacker also used ChatGPT to supplement guidance on lateral network movement and evasion techniques when Claude hit limits or resisted certain requests. 

Cybersecurity firm Gambit Security uncovered the operation after finding publicly accessible logs of the attacker’s AI conversations and technical traces of at least 20 exploited vulnerabilities across government systems. 

Some Mexican authorities have publicly denied confirmed intrusions into specific systems, even as officials acknowledged investigations into breaches across public institutions.

Why it happened

While the motivation of the hacker remains unclear, it appeats the incident was enabled by a combination of weak Mexican government cybersecurity and the fact that both Calude and ChatGPT can be “jailbroken” into providing offensive capabilities. 

The hacker repeatedly probed Claude’s safety guardrails, reframing requests as if they were part of a legitimate “bug bounty” or penetration test and eventually succeeded in bypassing protections to obtain detailed attack playbooks.