Description: An unknown attacker reportedly jailbroke Anthropic's Claude and used it during a December 2025-January 2026 campaign against Mexican government systems. According to Gambit Security, the attacker used Claude to identify vulnerabilities and to generate exploitation scripts, which were then used to plan automated data theft. The attack reportedly contributed to theft of 150 GB of taxpayer, voter, government employee, and civil-registry data.
Editor Notes: Timeline note: The reported activity started in December 2025 and lasted about one month, but an exact start date is not specified. The incident ID of 12/01/2025 is an approximation. Gambit first reported on this incident on 02/24/2026. The incident ID was created 03/28/2026.
Entities
View all entitiesAlleged: Anthropic developed an AI system deployed by Unknown hacker, which harmed Mexican taxpayers , Mexican voters , Mexican government employees , State government of Tamaulipas , State government of Michoacán , State government of Jalisco , Monterrey Water and Drainage Services , Servicio de Administración Tributaria (SAT) , Instituto Nacional Electoral (INE) and Dirección General del Registro Civil de la Ciudad de México (DGRC).
Alleged implicated AI system: Claude
Incident Stats
Incident ID
1430
Report Count
2
Incident Date
2025-12-01
Editors
Daniel Atherton
Incident Reports
Reports Timeline
Loading...
For years now, the security industry has commonly used the term "it's not if, but when". Recent examples highlight that this statement has never been closer to the truth. In spite of investments in prevention technologies, the likelihood of…
Loading...
A hacker exploited Anthropic PBC's artificial intelligence chatbot to carry out a series of attacks against Mexican government agencies, resulting in the theft of a huge trove of sensitive tax and voter information, according to cybersecuri…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?