Anthropic’s Claude Exploited to Steal 150GB of Data from Mexican Government

Israeli cybersecurity firm Gambit Security reports that multiple Mexican government agencies were targeted in a cyberattack using Anthropic’s Claude, resulting in the theft of approximately 150 gigabytes of sensitive data.

The stolen data reportedly includes records of 195 million taxpayers, voter registries, government employee credentials, and civil registry files.

According to the investigation, the attacker instructed Claude to act as a hacker, identify vulnerabilities in government networks, generate exploit scripts, and automate data extraction. Initially, Claude warned the user about malicious intentions, but its safeguards were eventually bypassed (a jailbreak), allowing the execution of thousands of commands.

The attacker also leveraged OpenAI’s GPT to supplement Claude, for example, to determine lateral network movements and required credentials. OpenAI stated that all malicious requests were rejected.

Anthropic banned the accounts involved and strengthened protections. The company is also using examples of malicious activity to improve Claude’s safeguards, with its latest model, Claude Opus 4.6, including features to block misuse.

Experts warn that the incident highlights the growing risks of AI misuse in cybercrime, emphasizing the need for robust security and monitoring measures.