Hackers reportedly used Anthropic's artificial intelligence chatbot Claude, and at times OpenAI's ChatGPT, to breach Mexican government agencies and steal about 150 gigabytes of sensitive data. Cybersecurity researchers from Israeli firm Gambit Security said the attackers prompted the chatbot in Spanish to identify vulnerabilities, generate exploit scripts, and automate data extraction over nearly a month beginning in December 2025. The stolen information allegedly includes millions of taxpayer records, voter databases, government employee credentials, and civil registry documents.

Researchers said the attacker exploited at least 20 vulnerabilities and used the tools to move across networks, identify credentials, and reduce the risk of detection. Although Claude initially flagged potentially malicious intent, the hacker reportedly bypassed safeguards through a so called jailbreak technique. When one system proved difficult, the attacker sought additional guidance from ChatGPT to continue the operation.

Anthropic and OpenAI said they banned the accounts involved and strengthened safeguards after reviewing the findings. Mexican authorities stated they had examined their systems and, in several cases, reported no confirmed breaches, though investigations are ongoing. The incident highlights growing concerns that advanced artificial intelligence tools are being used to scale and automate cyberattacks against public institutions.