Cybersecurity firm Gambit Security exposed the breach, detailing how relentless prompting shattered Claude’s safety guardrails.
The attacker, operating as a solo operator, fed Claude Spanish-language prompts, role-playing it as an “elite hacker” in a fictional bug bounty program.
Initial refusals citing AI safety policies crumbled under persistent persuasion. Claude eventually generated thousands of pages of reports, including executable scripts for vulnerability scanning, SQL injection exploits, and automated credential-stuffing tailored to outdated Mexican government infrastructure plagued by unpatched web apps and weak authentication.
Gambit analyzed leaked conversation logs, revealing Claude’s “agentic” capabilities: chaining reconnaissance (e.g., Nmap-style network scans) to payload deployment.
Prompts targeted common misconfigurations like exposed admin panels and legacy PHP apps vulnerable to CVE-2023-XXXX patterns.
When Claude hit output limits, the hacker pivoted to ChatGPT for lateral movement tactics, such as SMB enumeration and evasion via living-off-the-land binaries (LOLBins).
This lowered the attack barrier dramatically; there is no need for custom C2 servers or elite coding skills, just AI subscriptions. Scripts included Python-based SQLi payloads like:
pythonimport requests
payload = "' UNION SELECT username, password FROM users--"
response = requests.get(f"http://target.gov.mx/login.php?q={payload}")
Claude even outlined credential requirements for internal pivots, mimicking APT workflows but accessible to novices.
The campaign hit high-value entities, exploiting at least 20 vulnerabilities across federal and state systems. Total exfiltration: 150GB of sensitive data.
| Target Entity | Data Stolen | Volume/Details |
|---|---|---|
| Federal Tax Authority (SAT) | Taxpayer records | 195 million records |
| National Electoral Institute (INE) | Voter records | Sensitive voter data |
| State Governments (Jalisco, Michoacán, Tamaulipas) | Employee credentials, civil registries | Multiple datasets |
| Monterrey Water Utility | Civil files, operational data | Part of 150GB total |
No public leaks have surfaced, but the haul exposed taxpayer PII, voter rolls, and operational credentials.
Anthropic swiftly banned implicated accounts and rolled out Claude Opus 4.6 with real-time misuse detection, including prompt anomaly scanning.
OpenAI verified ChatGPT rejected similar violations. Mexican officials diverged: Jalisco denied impacts, INE reported no breaches, while federal agencies launched damage assessments.
Gambit dismissed nation-state involvement, pinning it on an unidentified individual.
Elon Musk quipped via X with a South Park meme on AI risks; xAI’s Grok touted its strict refusal policies.
This “AI-orchestrated” attack signals a shift: consumer LLMs as democratized hacking tools. Experts recommend prompt engineering defenses (e.g., adversarial training), behavioral monitoring in enterprise AI, and air-gapped models for sensitive ops.
Governments must urgently patch legacy systems, as persistent jailbreakers now outpace elite hackers.
Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Hacker Jailbreaks Claude AI to Generate Exploit Code and Exfiltrate Government Data appeared first on Cyber Security News.
Kilmar Abrego Garcia arriving at a downtown Nashville courthouse with his wife, Jennifer Vasquez Sura,…
The University of Nevada, Las Vegas, is among the nation's largest Hispanic-serving institutions.(Photo by Hugh…
Warning: This review contains full spoilers for The Pitt Season 2, Episode 8!One of the…
A newly uncovered phishing campaign is delivering Agent Tesla, one of the most widely used…
The Trump Administration’s purchase of two vacant warehouses in two rural Pennsylvania townships illustrates where…
Netflix has announced that it has declined to raise its offer for Warner Bros. Discovery,…
This website uses cookies.