A New Era of Cybercrime: Hackers Use Claude and ChatGPT to Leak Citizen Data at Scale

TECH NEWS

AllComputerss

4/13/20262 min read

A New Era of Cybercrime: Hackers Use Claude and ChatGPT to Leak Citizen Data at Scale
A New Era of Cybercrime: Hackers Use Claude and ChatGPT to Leak Citizen Data at Scale

Large enterprises are eagerly awaiting advanced AI systems like Claude Mythos, which promise to help patch vulnerabilities and strengthen defenses. But while corporations anticipate these tools for protection, new research suggests that hackers are already exploiting existing AI models to devastating effect.

According to a detailed report from security researchers at Gambit, a single threat actor orchestrated a massive cyber campaign against nine government agencies in Mexico. The attacker leaned heavily on Claude Code and OpenAI’s GPT‑4.1, not just for reconnaissance but throughout the planning, execution, and exploitation phases. The result? The theft of hundreds of millions of citizen records.

A Timeline of the Attack

The campaign spanned from late December 2025 to mid-February 2026, a relatively short window for such a large-scale breach. During this period:

  • Roughly 75% of all remote command execution (RCE) activity was generated and executed by Claude Code.

  • The attacker deployed a 17,550-line custom Python tool to funnel harvested server data through OpenAI’s API.

  • This pipeline produced 2,597 structured intelligence reports across 305 internal servers, effectively automating what would normally require a team of analysts.

Evidence of AI-Driven Exploits

Gambit’s post-mortem uncovered an arsenal of 400 custom attack scripts and 20 tailored exploits targeting different CVEs. Instead of manually researching vulnerabilities, the hacker used generative AI to:

  • Identify exploitable weaknesses.

  • Generate exploit code on demand.

  • Rapidly adapt attacks to unfamiliar systems.

Over the course of the operation, the threat actor issued more than 1,000 prompts, resulting in 5,300 AI-executed commands across 34 live sessions on victim infrastructure.

Why This Matters

AI in cybercrime isn’t new, but this campaign demonstrates a qualitative leap forward. Gambit’s researchers emphasized that the attacker compressed timelines so aggressively that traditional detection and response systems had little chance to intervene. What once took days of manual work was reduced to hours:

  • Reconnaissance data from hundreds of servers was instantly transformed into actionable intelligence.

  • Exploits were customized and deployed at scale by a single operator.

  • Attack speed outpaced standard defensive playbooks.

Lessons for Defenders

The report concludes that this AI-assisted breach represents a “significant evolution in offensive capability.” Yet, Gambit stresses that the attack could have been prevented with basic security hygiene:

  • Timely patching of vulnerabilities.

  • Regular credential rotation.

  • Strong network segmentation.

  • Endpoint detection and response tools.

The Bigger Picture

This incident underscores a growing imbalance: attackers are adopting AI faster than defenders. While enterprises wait for tools like Claude Mythos to bolster their defenses, malicious actors are already weaponizing today’s AI models. The message is clear, AI is no longer just a productivity tool; it’s a force multiplier for cybercrime.

© 2026 AllComputerss. All rights reserved.