Unidentified hackers used AI 'Claude' to steal 150GB of Mexican government data, including 195 million taxpayer records

Hackers reportedly used Anthropic's AI model, 'Claude,' to breach the network of a Mexican government agency, potentially stealing approximately 150GB of sensitive data, including taxpayer records and employee credentials.

Hacker Used Anthropic's Claude to Steal Sensitive Mexican Data - Bloomberg
https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data

Hacker used Anthropic's Claude chatbot to attack multiple government agencies in Mexico
https://www.engadget.com/ai/hacker-used-anthropics-claude-chatbot-to-attack-multiple-government-agencies-in-mexico-171237255.html

According to a research report by cybersecurity firm Gambit Security, unidentified users of Claude used Spanish prompts to discover security vulnerabilities in Mexican government networks, and may have used Claude to create scripts to exploit the vulnerabilities and automate data theft.

It has also been reported that the attackers may have used ChatGPT to complement their attacks, gathering information on how to move within computer networks, identify the credentials needed to access systems, and how to evade detection.

'Claude generated thousands of detailed reports with actionable plans, telling human operators exactly which internal targets to attack next and which credentials to use,' said Curtis Simpson, chief strategy officer at Gambit Security.

Claude initially rejected the request, saying it would violate AI safety guidelines, but eventually used some kind of prompt to successfully jailbreak the system and bypass the guardrails. The attack, which began in December 2025 and continued for about a month, resulted in the theft of up to 195 million taxpayer records, voter records, and government credentials from Mexico's federal tax authorities, the National Electoral Commission, and four state governments, according to Gambit Security.

Hackers Used Anthropic's Claude to Steal 150 GB of Mexican Government Data

> Tell Claude you're doing a bug bounty
> Claude initially refused:
> “That violates AI safety guidelines”
> Hacker just kept asking
> Claude: 'OK, I'll help.'
> Hacked the entire Mexican… pic.twitter.com/Qaux239K8t

— Nawaz Haider (@nawaz0x1) February 25, 2026

Anthropic has investigated these allegations and has suspended all relevant accounts. An Anthropic representative also said that Claude Opus 4.6, released in February 2026, includes features to prevent abuse like this.

Anthropic releases Claude Opus 4.6, improving not only coding but also financial processing and document creation performance & supporting context windows of up to 1 million tokens - GIGAZINE

Mexico's National Digital Agency has not commented on the data breach, and the Jalisco state government has denied it, saying only the federal government's network was affected. Mexico's National Electoral Commission has also denied any data breach or unauthorized access.