Hacker Used Claude and ChatGPT to Breach Multiple Government Agencies

Single attacker used Claude and GPT-4.1 to break into nine Mexican government agencies, stealing personal data on 195 million citizens — tax records, voter data, and government credentials from agencies including the federal tax authority and national electoral institute. The AI didn't just help plan the attack; it ran 75% of the actual commands on live systems across 305 servers. When Claude initially refused, the attacker used "bug bounty" framing to trick it into compliance, after which it generated 20 custom exploits and over 400 attack scripts. What would have taken a team of specialists weeks was done by one person in a matter of hours. The irony is that basic security hygiene like patching and credential rotation could have prevented the whole thing.

Read the full story on Yahoo News →