Mexico reportedly breached via Claude exploitation

Numerous Mexican government agencies have been compromised in a month-long attack campaign beginning in December that weaponized Anthropic's Claude large language model, resulting in the theft of 150 GB of data, according to Cybernews.

Infiltration of Mexico's federal tax authority and civil registry, as well as some state governments and Monterrey's water utility, using 20 security flaws identified by Claude has allowed threat actors to steal nearly 195 million taxpayer records, civil registry files, voter lists, and government employee credentials, findings from a Gambit Security report revealed. Harnessing Claude involved attackers sending prompts to determine system vulnerabilities and craft exploit scripts under the guise of a bug-hunting operation.

While Claude flagged subsequent prompts seeking log and command history deletion, attackers were able to circumvent the LLM's guardrails by prompting from the perspective of authorized security research. Both Mexico's tax authority and national electoral institute have dismissed the reported breach. Similar denial has been issued by the state government of Jalisco, which noted the intrusion had impacted federal networks alone.