Hackers used AI to steal hundreds of millions of Mexican government and private citizen records in one of the largest cybersecurity breaches ever

Nine Mexican government agencies were hacked in an artificial intelligence (AI)-driven cyber campaign between December 2025 and mid-February 2026 in what researchers have said should "serve as a wake-up call."

According to researchers at cybersecurity company Gambit Security, a small group of individuals used Anthropic's Claude Code and OpenAI's GPT-4.1 to breach both federal and state government agencies and abscond with millions of personal citizen records. Gambit Security representatives outlined the attack in a blog post Feb. 24, which they followed up with a technical report April 10.

"195 million identities and detailed tax records, 15.5M vehicle registry records extracted (license plates, names, taxpayer IDs, addresses), 295 civil records (births, deaths, marriages, etc.), 3.6 million property owner records, an additional 2.28 million property records, and more sensitive information was exfiltrated," Eyal Sela, director of threat intelligence at Gambit Security, wrote in the report.

To sort through the huge pile of files and decide what to steal, the attackers used more than 1,000 prompts — written requests sent to the AI tools — which led to more than 5,000 commands executed during the operation.

This latest attack reveals how AI may be reshaping cybercrime by helping small groups carry out hacks with the speed and scale of a larger crew, Sela said in the report. AI can both exploit weaknesses already in the digital framework and process the stolen information with more efficiency.

AI-assisted attack

Over two and a half months, the hackers used more than 400 custom attack scripts, as well as a large program that helped process information stolen from hundreds of internal servers. Claude appears to have done most of the heavy lifting during the hands-on phase of the intrusion, with Gambit representatives saying that about 75% of the remote hack activity was generated and executed by the model. However, Claude's programming didn't make the process easy.

"Throughout the campaign, Claude refused or resisted certain requests — questioning the legitimacy of operations, requesting authorization evidence, and declining to generate specific tools," Sela said.

Although AI chatbots are programmed to refuse to help with potentially harmful requests, some users have been able to "jailbreak," or override, these refusals. In this hack, the researchers found that it took the hackers only 40 minutes to jailbreak Claude's guardrails. Once inside those limits, Claude helped find security weaknesses to exploit and coding tasks to steal the data, the researchers said.

ChatGPT was used to help make sense of the stolen documents, with the attackers building a 17,550-line Python tool that moved data through it, producing 2,597 reports of the data stolen from 305 internal servers. The hackers then fed those reports back to Claude to learn from, violating both companies' terms of use for their AI systems.

"Recovering from this attack will take weeks to months; rebuilding trust will likely take years," Gambit's chief strategy officer, Curtis Simpson, said in the blog post. "The attackers in this scenario may have been focused on government identities and backdoors to create fraudulent identities but, considering the level of compromise achieved, this could have just as easily resulted in all data being eliminated and the systems being rendered unrecoverable."