SoylentNews

fliptop [soylentnews.org] writes:

A single attacker used Anthropic's Claude and OpenAI's ChatGPT to compromise nine Mexican government agencies, stealing 195 million taxpayer records and voter data [letsdatascience.com]:

On February 25, 2026, Bloomberg published a story that would have sounded like fiction two years ago. A lone hacker, with no apparent ties to any government, used Anthropic's Claude chatbot to orchestrate a cyberattack against Mexico's federal and state government agencies. The campaign lasted roughly six weeks, from late December 2025 through January 2026. By the time it was over, the attacker had stolen 150 gigabytes of sensitive data -- including 195 million taxpayer records, voter registration files, government employee credentials, and civil registry data.

The hacker did not use custom malware. They did not deploy a zero-day exploit. They used a consumer AI subscription and a set of carefully written Spanish-language prompts. The AI did the rest.

The breach was uncovered not by any of the affected agencies, but by Gambit Security, an Israeli cybersecurity startup whose researchers stumbled onto publicly accessible conversation logs showing exactly how the attacker coaxed Claude into becoming an offensive hacking assistant. The paper trail was remarkably detailed -- a step-by-step record of how guardrails were tested, resisted, and ultimately bypassed.

"This reality is changing all the game rules we have ever known," said Alon Gromakov, Gambit Security's co-founder and CEO.

TFA goes on to list what was stolen, how Claude was weaponized and how the affected entities responded.

Original Submission