- Gambit Report Claims Popular AI Tools Used in Violation of Mexico Government
- Claude Code + exploits, scripts and RCE powered by GPT‑4.1
- A single attacker stole hundreds of millions of citizen records
Big companies may soon get Claude Mythos to patch security holes in their software, but new research claims hackers are doing just fine with Claude Cowork.
A report from security researchers Gambit claims that a single threat actor targeted nine government agencies in Mexico, using Claude Code and GPT-4.1 extensively, both during planning and execution, before making off with “hundreds of millions of citizen records.”
The campaign ran from late December 2025 to mid-February 2026, during which time approximately 75% of all remote command execution (RCE) activity was generated (and executed) by Claude Code. Additionally, the attacker used a custom 17,550-line Python tool to pipe data collected from the server through the OpenAI API. This generated “2,597 intelligence reports structured on 305 internal servers.”
Article continues below.
Compressed attack schedules
During the autopsy, Gambit said it discovered more than 400 custom attack scripts, as well as 20 custom exploits targeting 20 different CVEs. The attacker was using Generative Artificial Intelligence to find which vulnerabilities to exploit and generate the exploit code.
During the attack, the threat actor made more than 1,000 prompts, generating more than 5,300 AI-executed commands across 34 sessions on the live victim’s infrastructure.
The use of AI in cybercrime is nothing new. However, this attack is a testament to what the cybersecurity industry has been warning about for years: AI is accelerating attacks, and defenders who don’t implement the same technology don’t stand a chance:
“The campaign compressed attack schedules below standard detection and response windows,” Gambit said.
“It transformed raw reconnaissance data from hundreds of servers into structured intelligence, allowing a single operator to process volumes that would normally require a team. It turned unknown systems into mapped targets and custom exploits in hours, not days.”
Gambit researchers concluded that this AI-assisted approach “represents a significant evolution in offensive capability,” which could have been prevented by standard security controls such as patching, credential rotation, network segmentation, and endpoint detection.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
