- Gambit report claims popular AI tools were used in Mexican government breach
- Claude Code + GPT‑4.1, exploits, scripts and RCE
- A single attacker stole hundreds of millions of citizen records
Large companies may soon ask Claude Mythos to fix security flaws in their software, but new research claims that hackers are doing just fine with Claude Cowork.
A report from security researchers Gambit claims that a single threat actor targeted nine government agencies in Mexico, using Claude Code and GPT-4.1 extensively, both during planning and execution, before taking over “hundreds of millions of citizen records.”
The campaign ran from late December 2025 to mid-February 2026, during which approximately 75% of all remote order execution (RCE) activity was generated – and executed – by Claude Code. Additionally, the attacker used a 17,550-line custom Python tool to route server data collected through OpenAI’s API. This generated “2,597 structured intelligence reports on 305 internal servers.”
Article continues below
Compressed attack timelines
During the post-mortem, Gambit said it discovered more than 400 custom attack scripts, as well as 20 custom exploits targeting 20 different CVEs. The attacker used generative artificial intelligence to find vulnerabilities to exploit and to generate the exploit code.
During the attack, the threat actor issued more than 1,000 prompts, through which it generated more than 5,300 commands executed by the AI over 34 sessions on the real victim’s infrastructure.
The use of AI in cybercrime is nothing new. However, this attack demonstrates what the cybersecurity industry has been warning about for years: AI accelerates attacks, and defenders who don’t deploy the same technology don’t stand a chance:
“The campaign compressed attack timelines below standard detection and response windows,” Gambit said.
“It transformed raw reconnaissance data from hundreds of servers into structured intelligence, allowing a single operator to process volumes that would normally require a team. It transformed unknown systems into mapped targets and tailor-made exploits in hours, not days.”
Gambit researchers concluded that this AI-assisted method “represents a significant evolution in offensive capability” that could have been avoided with standard security controls such as patching, credential rotation, network segmentation, and endpoint detection.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
