A coordinated cyber campaign targeting Mexican government infrastructure leveraged AI-based tools to compromise at least nine public sector organizations, according to a new report from Gambit Security.
The operation, which ran from late Dec. 2025 to mid-Feb. 2026, led to the theft of 195 million citizen records and the takeover of hundreds of internal systems, amounting to 150GB of data exfiltrated.
Gambit researchers found the attacker combined manual techniques with AI-assisted automation, substantially reducing the time needed to move from initial access to full system compromise. The attacker was able to navigate Claude’s safety guardrails by framing all requests as legitimate bug bounty security queries.
At Mexico’s federal tax authority alone, the attacker accessed approximately 195 million taxpayer records and built a live API to query government database information in real time.
The campaign used commercial AI platforms (Anthropic’s Claude and OpenAI’s GPT-4.1) to conduct reconnaissance, exploit development, and credential harvesting.
Around 75% of remote command execution activity was generated through AI-assisted workflows, the report stated.
The attack was discovered by Gambit researchers when they identified the attacker’s actual conversation logs with Claude were accessible online. This was a significant oversight on the attackers behalf.
AI Accelerates Attack Speed and Scale
Investigators said AI enabled a single operator to process large data volumes and identify vulnerabilities at a pace typically requiring a team of human analysts. In one case, a custom tool analyzed more than 300 compromised servers and generated nearly 2,600 structured intelligence reports.
“[AI] compressed attack timelines below standard detection and response windows,” said Eyal Sela, Director of Threat Intelligence at Gambit Security in the report. “[It analyzed] unfamiliar systems, [identified] high-value targets, and [tailored] exploits in hours rather than days or weeks.”
The attacker also developed a document forgery system that generated fake tax compliance certificates using live government data. While the cryptographic signature was invalid, the documents appeared legitimate in manual checks.
Despite the sophistication of the campaign, researchers noted that many exploited vulnerabilities were preventable. Unpatched systems, weak credential management, and poor network segmentation played a key role in the breaches.
For security leaders, the more significant question the report raises is whether existing detection and response tooling is calibrated for single-operator AI-assisted attacks. The campaigns generate high output volume at low cost, move faster than standard detection windows, and leave fewer of the social or operational signatures typically used to identify threat actor groups.
