Description: An unknown attacker reportedly jailbroke Anthropic's Claude and used it during a December 2025-January 2026 campaign against Mexican government systems. According to Gambit Security, the attacker used Claude to identify vulnerabilities and to generate exploitation scripts, which were then used to plan automated data theft. The attack reportedly contributed to theft of 150 GB of taxpayer, voter, government employee, and civil-registry data.
Editor Notes: Timeline note: The reported activity started in December 2025 and lasted about one month, but an exact start date is not specified. The incident ID of 12/01/2025 is an approximation. Gambit first reported on this incident on 02/24/2026. The incident ID was created 03/28/2026.
Entities
View all entitiesAlleged: Anthropic developed an AI system deployed by Hackers, which harmed Mexican taxpayers , Mexican voters , Mexican government employees , State government of Tamaulipas , State government of Michoacán , State government of Jalisco , Monterrey Water and Drainage Services , Servicio de Administración Tributaria (SAT) , Instituto Nacional Electoral (INE) and Dirección General del Registro Civil de la Ciudad de México (DGRC).
Alleged implicated AI system: Claude
Incident Stats
Risk Subdomain
A further 23 subdomains create an accessible and understandable classification of hazards and harms associated with AI
4.2. Cyberattacks, weapon development or use, and mass harm
Risk Domain
The Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental harms, and (7) AI system safety, failures & limitations.
- Malicious Actors & Misuse
Entity
Which, if any, entity is presented as the main cause of the risk
AI
Timing
The stage in the AI lifecycle at which the risk is presented as occurring
Post-deployment
Intent
Whether the risk is presented as occurring as an expected or unexpected outcome from pursuing a goal
Unintentional
Incident Reports
Reports Timeline
Loading...
For years now, the security industry has commonly used the term "it's not if, but when". Recent examples highlight that this statement has never been closer to the truth. In spite of investments in prevention technologies, the likelihood of…
Loading...
A hacker exploited Anthropic PBC's artificial intelligence chatbot to carry out a series of attacks against Mexican government agencies, resulting in the theft of a huge trove of sensitive tax and voter information, according to cybersecuri…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?