A major cybersecurity incident has revealed how artificial intelligence is being used to carry out large-scale attacks on critical government systems.
According to a technical report by Gambit Security researcher Eyal Sela, a single threat actor used AI tools to breach 9 government agencies in Mexico. The attack, which ran from late December 2025 to mid-February 2026, led to the theft of hundreds of millions of citizen records.
The attacker relied heavily on commercial AI platforms, including Anthropic’s Claude Code and OpenAI’s GPT-4.1. Claude Code alone generated and executed around 75% of the remote commands used in the operation.
To manage the stolen data, the attacker built a custom 17,550-line Python tool connected to OpenAI’s API. This system converted raw data from internal servers into structured intelligence reports. With AI automation, a single operator achieved results typically expected from a full team of advanced attackers.
The system analysed 305 internal servers and generated 2,597 intelligence reports. Investigators also found over 400 AI-generated attack scripts and 20 custom exploits targeting 20 different Common Vulnerabilities and Exposures (CVEs).
During 34 live sessions inside the compromised systems, the attacker entered 1,088 prompts, which produced 5,317 executable commands. This rapid use of AI significantly reduced the time needed to map networks and create exploits, cutting the process from days to just hours.
By automating reconnaissance and attack development, the operator bypassed traditional detection timelines. Security teams were unable to respond quickly enough as the attacker rapidly mapped and exploited internal systems.
Despite the advanced use of AI, the initial breach was not due to new techniques. It was made possible by basic security failures. The affected organisations lacked standard protections such as regular patching, credential rotation, network segmentation, and strong endpoint detection.
Researchers warned that ignoring these basic practices increases risk in a threat landscape where AI has reduced the time, cost, and effort needed to carry out complex cyberattacks.
This incident highlights how AI is transforming cyber threats, making it easier for attackers to target critical infrastructure at scale.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
