Claude chatbot exploited in Mexican government data breach

Attack details and methodology

A hacker exploited Anthropic's Claude chatbot to carry out cyberattacks against Mexican government agencies, resulting in the theft of 150GB of official government data. The stolen information included taxpayer records and employee credentials.

The hacker used Claude to:

• Find vulnerabilities in government networks
• Write scripts to exploit discovered vulnerabilities
• Find ways to automate data theft
• Produce thousands of detailed reports with ready-to-execute plans
• Tell the human operator exactly which internal targets to attack next and what credentials to use

The attacks started in December and continued for approximately one month. The hacker was able to jailbreak Claude with prompts, eventually bypassing the chatbot's guardrails after initial refusals of nefarious demands.

Additional tools and responses

The hacker also used ChatGPT to supplement the attacks, using OpenAI's chatbot to gather information on:

• How to move through computer networks
• Which credentials were needed to access systems
• How to avoid detection

OpenAI stated that its tools refused to comply with the hacker's attempts to violate usage policies.

Company responses and security implications

Anthropic investigated the claims, disrupted the activity, and banned all accounts involved. The company's latest model, Claude Opus 4.6, includes tools to disrupt this kind of misuse.

Cybersecurity company Gambit Security found at least 20 security vulnerabilities during its research that the country is likely not keen on highlighting. The hacker remains unidentified, and while attacks haven't been attributed to a specific group, Gambit Security suggested they could be tied to a foreign government.

This isn't the first time Claude has been used for major cyberattacks. Last year, hackers in China manipulated the tool into attempting to infiltrate dozens of global targets, several of which were successful.

Anthropic recently nixed its long-standing safety pledge, which committed to never train an AI system unless it could guarantee in advance that safety measures were adequate.