A small hacktivist group compromised at least nine Mexican government agencies using AI-assisted attacks, stealing over 195 million identities and tax records. The attackers used a ~1,000-line jailbreak prompt to bypass guardrails on Anthropic's Claude and OpenAI's ChatGPT within 40 minutes, turning them into offensive tools. The AI systems autonomously enumerated Active Directory identities, found vulnerabilities, and built attack tools—often going beyond what was explicitly requested. Gambit Security discovered the attack by finding unsecured chat transcripts between the attackers and the LLMs. The incident illustrates how commercial AI dramatically lowers the skill bar for cyberattackers, enabling small groups to achieve nation-state-level impact.
Sort: