1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Hackers use Claude and ChatGPT in 'a significant evolution in off

    From TechnologyDaily@1337:1/100 to All on Mon Apr 13 15:30:24 2026
    Hackers use Claude and ChatGPT in 'a significant evolution in offensive capability' to breach government agencies, leak hundreds of millions of citizen records

    Date:
    Mon, 13 Apr 2026 14:20:00 +0000

    Description:
    Nine Mexican government agencies targeted by a single attacker with two AI tools.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Gambit report claims popular AI tools used in Mexico govt breach Claude Code + GPT4.1 powered exploits, scripts, and RCE Single attacker stole hundreds of millions of citizen records Big enterprises might soon get Claude Mythos to patch security holes in their software, but new research claims hackers are doing just fine with Claude Cowork.

    A report from security researchers Gambit claims a single threat actor targeted nine government agencies in Mexico, using Claude Code and GPT-4.1 extensively, both during planning and execution, before making off with hundreds of millions of citizen records. The campaign ran from late December 2025, through mid-February 2026, during which time, roughly 75% of all remote command execution (RCE) activity was generated - and executed - by Claude Code. Furthermore, the attacker used a custom 17,550-line Python tool to pipe harvested server data through OpenAIs API. This generated 2,597 structured intelligence reports across 305 internal servers. Article continues below You may like Security experts flag multiple issues in Claude Code, warning, 'As
    AI integration deepens, security controls must evolve to match the new trust boundaries' Three high-risk AI vulnerabilities discovered in Claude.ai end-to-end attack chain exfiltrates sensitive info without user knowing Anthropics Claude models are no longer available: US State Department ditches Claude on the orders of Trump while Senate approves Gemini, ChatGPT, and CoPilot for use Compressed attack timelines During the post-mortem, Gambit said it uncovered more than 400 custom attack scripts, as well as 20 tailored exploits targeting 20 different CVEs. The attacker was using Generative Artificial Intelligence to find which vulnerabilities to exploit, and to generate the exploit code.

    During the attack, the threat actor made more than 1,000 prompts, through which they generated more than 5,300 AI-executed commands in 34 sessions on live victim infrastructure.

    Using AI in cybercrime is nothing new. However, this attack is a testament to what the cybersecurity industry has been warning of for years now - AI is speeding attacks up, and defenders who dont deploy the same technology stand no chance at all:

    The campaign compressed attack timelines below standard detection and
    response windows, Gambit said. Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    It transformed raw reconnaissance data from hundreds of servers into structured intelligence, thus enabling a single operator to process volumes that would normally require a team. It turned unfamiliar systems into mapped targets and tailored exploits in hours, not days.

    Gambits researchers concluded that this AI-assisted method represents a significant evolution in offensive capability, which could have been avoided through standard security controls such as patching, credential rotation, network segmentation, and endpoint detection. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-use-claude-and-chatgpt-in-a-sig nificant-evolution-in-offensive-capability-to-breach-government-agencies-leak- hundreds-of-millions-of-citizen-records


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)