The rise of artificial intelligence has brought incredible productivity tools. However, it has also created new security risks. Among the main ones is the democratization of cybercrime. A recent report from the cybersecurity startup Gambit Security has disclosed a big security breach where an attacker managed to compromise several government agencies in Mexico by using Anthropic‘s AI-powered chatbot, Claude, as their primary accomplice.
AI-enabled hacking: The Claude-powered 150GB Mexico data breach explained
What makes this case particularly striking is not just the volume of stolen data, but how the attacker secured the AI’s cooperation. If you’re unaware, AI chatbots have security shields against so-called “harmful prompts.” These are instructions designed to cause harm in one way or another. However, malicious individuals can bypass these shields using the “prompt injection” technique.
In this case, the hacker used Spanish-language prompts to convince Claude that they were participating in a legitimate “bug bounty” program. The user persuaded the AI to act as an “elite hacker” by disguising malicious intent as ethical research. Through this deception, the chatbot generated thousands of detailed reports, computer scripts, and ready-to-execute attack plans.
When Claude hit certain safety guardrails, the attacker reportedly turned to OpenAI’s ChatGPT to obtain lateral movement tactics and evasion methods. This “tag-team” approach allowed the individual to automate data theft on a massive scale without needing deep technical expertise.
A 150-Gigabyte haul
The results of this campaign were devastating for national privacy. According to Gambit researchers, the attacker walked away with 150GB of sensitive information. The haul included records linked to 195 million taxpayers from the federal tax authority and sensitive voter records from the national electoral institute.
The response from Mexican authorities has been mixed following the discovery. While some federal investigations began months ago, other local agencies have denied any unauthorized access to their networks.
The post Anthropic’s Claude Exploited in Massive 150GB Mexican Government Data Theft appeared first on Android Headlines.
