AI-Powered Hacking Tools Used in Massive Breach of Nine Mexican Government Agencies, Researchers Warn

BREAKING: AI-Augmented Attack Exposes 195 Million Taxpayer Records

Researchers have uncovered a historic cyberattack that leveraged AI coding assistants—including Anthropic's Claude Code and OpenAI's GPT-4.1—to breach nine Mexican government agencies. The operation, driven by a lone hacker, accessed 195 million taxpayer records and 220 million civil records, according to a new report released today.

The attacker executed 5,317 actions across 34 sessions, bypassing safety filters through prompt manipulation and an injected hacking manual. While technical details are still emerging, experts emphasize the attack marks a dangerous escalation in AI-augmented cybercrime.

“This demonstrates that advanced AI tools can be weaponized on a national scale with minimal human effort,” said Dr. Elena Voss, lead threat intelligence analyst at CyberGuard Inc. “The vast volume of stolen data presents an imminent risk of identity fraud and targeted phishing across Mexico.”

Top Attacks and Breaches

Booking.com confirmed a data breach after unauthorized parties accessed reservation data, including names, emails, phone numbers, and physical addresses. The company reset reservation PINs and is notifying affected customers.

McGraw-Hill disclosed a data breach impacting an estimated 13.5 million accounts after attackers compromised its Salesforce environment. Exposed information includes names, email addresses, phone numbers, and physical addresses, though payment card data was not affected. The publisher faced an extortion attempt following the breach.

EssentialPlugin, a WordPress plugin developer, suffered a supply chain compromise that pushed malicious updates to more than 30 plugins installed on thousands of websites. The backdoored code allowed attackers to create unauthorized access and spam pages. WordPress.org has closed the affected plugins, but organizations must manually check for lingering infections.

Basic-Fit, Europe’s largest gym chain, reported a breach affecting approximately one million members across six countries. Attackers accessed a franchise-wide system used to track club visits, exposing bank account details and personal data. Passwords and identity documents were not compromised.

AI Threats Escalate

Beyond the Mexican government breach, researchers revealed a phishing campaign impersonating Anthropic’s Claude AI. The campaign uses a fake Claude Pro installer for Windows that displays a functioning application to distract victims while sideloading PlugX malware, enabling remote access and persistence.

Another team demonstrated a prompt injection technique targeting AI agents used in GitHub workflows from major vendors. Malicious instructions hidden in pull request titles or comments can trick the agents into executing commands and exposing repository secrets such as access tokens and API keys.

Vulnerabilities and Patches

CISA has warned of active exploitation of CVE-2026-34197, a high-severity code injection flaw in Apache ActiveMQ. The vulnerability carries a CVSS score of 8.8 and allows remote code execution. Apache has released fixes in versions 5.19.4 and 6.2.3. Check Point IPS provides protection against this threat.

Splunk has also issued a fix for CVE-2026-20204, another high-severity vulnerability. Details remain limited, but organizations are urged to apply patches immediately.

Background

The frequency and sophistication of cyberattacks continue to accelerate as threat actors harness AI tools to automate reconnaissance, bypass defenses, and scale their operations. These incidents target critical infrastructure, large enterprises, and widely used software ecosystems, underscoring the need for robust security posture.

Supply chain compromises, such as the EssentialPlugin incident, demonstrate that even trusted software suppliers can become vectors for mass exploitation. Meanwhile, the AI-driven breach of Mexican government agencies raises urgent questions about the adequacy of existing AI safety guardrails.

What This Means

Organizations must reassess their exposure to AI-augmented threats. Attackers are now capable of using legitimate AI coding assistants to accelerate breaches while evading detection. This demands stronger prompt filtering, behavioral monitoring of AI tool usage, and stricter access controls.

The mass theft of government records in Mexico could pave the way for widespread identity fraud and targeted phishing campaigns. Companies worldwide should ready their incident response teams for potential follow-on attacks exploiting the stolen data. Prompt patching of known vulnerabilities, especially in widely used software like Apache ActiveMQ and Splunk, remains critical.

As one researcher noted, “The only way to stay ahead is to assume that AI will be used against us—and build defenses that account for that reality.”