2026-02
Jailbreak & Misuse
Government of Mexico

Lone hacker uses Claude to breach Mexican government, stealing 150GB

What happened

Publicly accessible conversation logs revealed how a lone attacker jailbroke Claude Code into acting as an offensive hacking assistant against Mexican federal and state agencies over roughly six weeks. Using a consumer AI subscription and more than 1,000 Spanish-language prompts, the attacker exfiltrated about 150GB of data including 195 million taxpayer records, voter registration files, and government employee credentials.

Impact

Roughly 150GB of sensitive citizen data covering most of Mexico's population was stolen by a single individual; Anthropic and OpenAI confirmed the activity and banned the accounts.

How this could have been prevented

Consumer AI subscriptions can force-multiply a lone attacker — provider-side abuse detection on agentic tools and defenses against AI-accelerated intrusion tempo are now table stakes.

Sources

More jailbreak & misuse incidents

Would runtime governance have caught this?

Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.

Request a demo