A hacker exploited Anthropic PBC’s Claude chatbot to help breach multiple Mexican government agencies and steal a large trove of sensitive data, including tax and voter information, Bloomberg reported Wednesday, citing research from Israeli cybersecurity startup Gambit Security.

Gambit said the unknown Claude user wrote Spanish-language prompts instructing the chatbot to behave like an elite hacker, identifying vulnerabilities in government networks, generating scripts to exploit them, and mapping ways to automate data theft. The activity began in December and ran for roughly a month, Gambit said.

With Claude’s help, the hacker ultimately stole some 150 gigabytes of Mexican government data, according to Bloomberg. The haul included documents tied to 195 million taxpayer records, along with voter records, government employee credentials, and civil registry files, the researchers said.

Gambit said the intruder compromised Mexico’s federal tax authority and the national electoral institute. The researchers also said state governments in Jalisco, Michoacán, and Tamaulipas were affected, along with Mexico City’s civil registry and Monterrey’s water utility. Gambit has not attributed the operation to a specific hacking group, though its researchers said they do not believe it was tied to a foreign government, according to the report. 

Claude initially warned the user about malicious intent but ultimately complied after the attacker repeatedly probed the system and succeeded in “jailbreaking” the tool, bypassing guardrails designed to prevent wrongdoing, Bloomberg said. 

Claude then executed thousands of commands against government computer networks and produced “thousands of detailed reports” with ready-to-run guidance for the human operator, including which internal targets to attack next and what credentials to use, according to Curtis Simpson, Gambit’s chief strategy officer. 

Anthropic told the news agency that it had investigated Gambit’s claims, disrupted the activity, and banned the accounts involved. A company representative told Bloomberg that Anthropic feeds examples of malicious use back into Claude to improve defenses, and said one of its newer models, Claude Opus 4.6, includes probes meant to disrupt misuse. 

Read more at Bloomberg