Hacker used Anthropic’s Claude chatbot to attack multiple government agencies in Mexico

This is about this “golden” period of AI. A hacker has exploited Anthropic’s Claude chatbot to hold out assaults towards Mexican authorities businesses, . This resulted within the theft of 150GB of official authorities information, together with taxpayer information, worker credentials and extra.

The hacker used Claude to seek out vulnerabilities in authorities networks and to put in writing scripts to use them. It additionally tasked the chatbot with discovering methods to automate information theft, as indicated by cybersecurity firm Gambit Security. This began in December and continued for round a month.

It seems to be just like the hacker was in a position to primarily jailbreak Claude with prompts, lastly bypassing the chatbot’s guardrails. Claude initially refused the nefarious calls for till finally relenting.

“In whole, it produced hundreds of detailed stories that included ready-to-execute plans, telling the human operator precisely which inside targets to assault subsequent and what credentials to make use of,” stated Curtis Simpson, Gambit Safety’s chief technique officer.

Anthropic has investigated the claims, disrupted the exercise and banned the entire accounts concerned, in keeping with an organization consultant. The spokesperson additionally stated that its newest mannequin, Claude Opus 4.6, contains instruments to disrupt this sort of misuse.

It is also been reported that this hacker used ChatGPT to complement the assaults, utilizing OpenAI’s chatbot to collect info on methods to transfer by means of laptop networks, decide which credentials had been wanted to entry techniques and methods to keep away from detection. OpenAI says it has recognized makes an attempt by the hacker to violate its utilization insurance policies and that the instruments refused to conform.

The hacker stays unidentified. The assaults have not been attributed to a particular group, however Gambit Safety did recommend they might be tied to a international authorities. It is also unclear what the hacker desires to do with all of that information.

Mexico’s nationwide digital company hasn’t commented on the breach, however did be aware that cybersecurity is a precedence. The state authorities of Jalisco denies that it was breached, saying solely federal networks had been impacted. Nevertheless, Mexico’s nationwide electoral institute additionally denied any breaches or unauthorized entry in current months. It is price noting that Gambit discovered no less than 20 safety vulnerabilities throughout its analysis that the nation is probably going not eager on highlighting.

This is not the primary time Claude has been used for a serious cyberattack. Final 12 months, hackers in China manipulated the device into trying to , a number of of which had been profitable. Anthropic , which dedicated to by no means practice an AI system until it might assure upfront that security measures had been satisfactory. So who is aware of what fresh hell the future will bring as the corporate’s instruments change into extra superior.