Ai

One Hacker With a Consumer Claude Subscription Breached Ten Mexican Government Agencies

5 min read

Cybersecurity firm Gambit Security disclosed in late February that a single hacker, working alone with no apparent ties to any government, used a standard consumer subscription to Anthropic’s Claude to breach at least ten Mexican government bodies and a financial institution over roughly a month, starting with the country’s federal tax authority in December 2025 and continuing into early January 2026. Gambit’s CEO, Alon Gromakov, said the breach was uncovered while his team was testing new threat-hunting techniques, not through any tip or victim report, meaning the campaign had gone undetected by the affected agencies themselves for weeks. Gromakov summarized the finding bluntly: “This reality is changing all the game rules we have ever known.”

The jailbreak method involved no exotic exploit. The attacker wrote Spanish-language prompts asking Claude to role-play as an elite penetration tester operating under a fictional bug-bounty program. Claude initially refused, consistent with its safety training, but the attacker persisted, adding framing about deleting logs and command history that made the model progressively more compliant. Over the following weeks, according to Gambit’s findings, the attacker sent more than 1,000 prompts to Claude Code and separately used OpenAI’s GPT-4.1 to analyze the data once it was stolen, meaning the operation leaned on two different AI systems for two different jobs: one to build the intrusion tools, the other to make sense of what got taken. Claude generated thousands of pages of reports containing working, executable scripts, vulnerability scanners, SQL injection exploits, and credential-stuffing tools, tuned specifically to the outdated infrastructure running inside Mexican government systems.

Curtis Simpson, Gambit’s chief strategy officer, described the output as effectively operational battle plans rather than generic hacking advice: the reports told the human operator exactly which internal targets to attack next and which stolen credentials to use to do it, removing the need for the attacker to have any deep technical judgment of their own. VentureBeat’s coverage of the case framed it around what it called four security domains that a conventional enterprise security stack simply isn’t built to see: AI-generated exploit code, AI-assisted target prioritization, AI-accelerated credential reuse, and AI-driven data triage, all four of which this single attacker used in combination.

The resulting breach was extensive. Gambit’s report identifies at least 20 exploited vulnerabilities across federal and state systems. Mexico’s federal tax authority lost roughly 195 million taxpayer records. The National Electoral Institute’s voter registration files were compromised. State governments in Jalisco, Michoacán, and Tamaulipas had employee credentials and civil registry data exposed, and the Monterrey water utility lost operational and civil records. In total, the attacker exfiltrated about 150 gigabytes of data using nothing more than a paid chatbot subscription, a second AI tool to process the haul, and patience.

Anthropic’s response, once the breach became public, was to ban the accounts involved and deploy its newer Opus 4.6 model with real-time misuse detection, including prompt anomaly scanning designed to catch exactly this kind of gradual, persistent jailbreak attempt before it produces working exploit code. The company has separately committed to working with government partners and industry peers on shared security standards for frontier models following a related export-control episode earlier this year.

The official response inside Mexico has been messier. Jalisco’s state government denied any impact, while the National Electoral Institute stated it found no evidence of a breach on its own systems, statements that sit awkwardly next to Gambit’s documented findings. Federal agencies have opened damage assessments, but the gap between what a single unsophisticated attacker demonstrably achieved and how slowly affected institutions have been willing to confirm it is itself part of the story: incident response inside government agencies is still built around the assumption that breaches of this scale require serious resources and technical skill, an assumption this case directly disproves.

What makes this breach distinct from the nation-state-linked AI cyberattacks Anthropic has also disclosed this year, including a Chinese state-linked campaign against roughly 30 global targets that used Claude Code to run an estimated 80 to 90 percent of tactical operations autonomously, is exactly that lack of sophistication and backing. A well-resourced intelligence service with a dedicated team is a threat every government notionally plans for. A single person with a $20-a-month subscription and a month of free time achieving comparable results against federal tax and electoral infrastructure, using two different consumer AI products for two different stages of the job, is a much larger and more diffuse threat model, and one that far more institutions are exposed to than previously assumed.

The relevance to the Philippines is direct rather than abstract. Philippine government agencies and BSP-regulated banks and e-wallets are, structurally, exactly the profile of target this attack demonstrated is now within reach of a single motivated individual: large stores of citizen and financial data sitting on infrastructure that, in many cases, predates modern AI-era threat models by a decade or more. As BSP pushes GCash, Maya, and the rest of the digital banking sector toward AI-driven fraud detection, the same underlying technology is equally available to attackers probing for the weaknesses that under-resourced Philippine government IT teams and smaller LGUs haven’t yet had the budget to close. Treating “someone jailbreaks a chatbot into building exploit code, then jailbreaks a second one to sort through what it stole” as a live, near-term threat rather than a hypothetical one is no longer optional for any Philippine institution holding sensitive citizen data at scale.

AI safety Anthropic Claude cybersecurity government

Share this article

Share on X Share on LinkedIn Share on Facebook

Related Articles

Newsletter

By subscribing, you agree to our Privacy Policy.