New Delhi: A recent report has raised alarms about the misuse of Artificial Intelligence (AI) by cybercriminals, as an unidentified hacker allegedly exploited the AI chatbot Claude to infiltrate several government agencies in Mexico, resulting in the theft of approximately 150GB of sensitive data. This incident underscores the growing concerns regarding the security vulnerabilities associated with AI technologies and the potential for their exploitation.
The hacker reportedly communicated with Claude in Spanish, convincing the chatbot that they were participating in a “bug bounty program” aimed at identifying vulnerabilities within government systems. Under this false pretense, the AI provided advice on detecting weaknesses in government websites, generating scripts, and automating the data-extraction process.
Cybersecurity researchers monitoring hacker forums later identified discussions and technical indicators that pointed to a breach within Mexico’s government infrastructure. The compromised data reportedly includes records of around 190 million taxpayers, voter-related information, identification documents of government employees, and civil registry data. The cyberattack is believed to have started in December and spanned nearly a month.
Multiple major government institutions were targeted in the attack, including the Federal Tax Authority, the National Electoral Institute, and various state government systems in Jalisco, Michoacán, and Tamaulipas, as well as the Mexico City Civil Registry and the Monterrey Water Supply Agency. In response to the reports, several government agencies have denied suffering any significant data breach, asserting that their security measures remain robust.
The hacker’s activities did not stop with Claude; they also utilized OpenAI’s ChatGPT when Claude failed to yield sufficient information. The hacker reportedly posed questions regarding traversing networks, identifying potential credentials, and assessing the risk of detection. OpenAI responded by stating that accounts found to be violating their policies were identified and banned.
In a related response, Anthropic, the company that developed Claude, announced that it had suspended the accounts implicated in the breach after conducting an investigation. The firm emphasized that it is leveraging insights from such incidents to enhance the security of its AI models. The latest version, Claude Opus 4.6, includes additional safety features aimed at preventing misuse.
Experts in cybersecurity have expressed concerns that specific limitations in AI chatbots are being increasingly exploited by cybercriminals. The large-scale leak of personal and government employee data poses substantial risks, including identity theft and espionage. Reports indicate that AI-driven cyberattacks have surged by 89% since 2025, with a 2026 CrowdStrike cybersecurity report highlighting that hackers can now penetrate systems in an average of 29 minutes with AI assistance. Currently, about one in every six data theft incidents involves AI tools, which have also contributed to the sophistication of phishing emails and other cyberattacks, making them harder to detect.
Professor Triveni Singh, a cybersecurity expert and former IPS officer, noted that while AI technology benefits various sectors, its misuse is escalating rapidly. He pointed out that cybercriminals are leveraging AI to expedite and automate hacking efforts, transforming tasks that once took days into processes that can be accomplished in mere minutes. He cautioned that if governments and tech companies do not enhance AI security standards, future cyberattacks could escalate to unprecedented levels.
This incident serves as a stark reminder of the dual-edged nature of AI technology. As it evolves rapidly, so too do the tactics employed by cybercriminals, who are continuously seeking new ways to exploit its capabilities. The implications for digital security are profound, necessitating urgent attention from both policymakers and the tech industry.
See also
Anthropic Sues U.S. Government Over Defense Supply Chain Ban Amid AI Safety Dispute
Anthropic Sues Pentagon Over AI Blacklist, Claims Unlawful Designation Threatens Business
Nearly 10,000 Authors Launch ‘Empty’ Book to Protest AI Copyright Violations at London Fair
OpenAI, Google Employees Support Anthropic’s Fight Against Pentagon’s Blacklist
Anthropic Sues US Government Over Military AI Classification Amid OpenAI’s Defense Deals
