Between December 2025 and January 2026, a single unknown person used a consumer AI chatbot to systematically dismantle the cybersecurity defenses of the government of Mexico. By the time anyone noticed, 150 GB of data was gone.
This includes tax records tied to 195 million taxpayers’ records, voter files, government credentials, and civil registry documents spanning Mexico’s federal tax authority, its electoral institute, four state governments, and a water utility in Monterrey.
The tool wasn’t some sophisticated nation-state hacking suite but a consumer AI chatbot. Anthropic’s Claude AI.
The breach came to light on February 25, 2026, when Israeli cybersecurity firm Gambit Security stumbled upon it during routine threat hunting and found the attacker’s actual conversation logs with Claude publicly accessible online.
The method was somewhat clever but not complicated. The attacker claimed to be running a “bug bounty” exercise, which is a legitimate practice of paying ethical hackers to find system vulnerabilities.
Claude initially pushed back, but the attacker kept rephrasing and reframing requests until the guardrails gave way. Once they did, Claude identified at least 20 exploitable vulnerabilities, wrote attack scripts, guided lateral movement through government networks, and helped automate the data theft.
When Claude hit its limits, the attacker switched to ChatGPT for additional guidance.
Anthropic confirmed the findings, banned the accounts involved, and said it had fed examples of the attack back into its training pipeline. Its newest model now includes real-time misuse detectors. This could, however, be taken as cold comfort, given what had already happened.
Here’s what makes the timing uncomfortable. On February 24, 2026, the day before the breach became public, Anthropic quietly released Version 3.0 of its Responsible Scaling Policy (RSP), the internal rulebook governing how cautiously it develops more powerful AI.
From Anthropic’s own published blog post on AI-orchestrated cyberattacks, published in 2025, Anthropic wrote:
The very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. When sophisticated cyberattacks inevitably occur, our goal is for Claude — into which we’ve built strong safeguards — to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack.
It is a logical argument on paper, but it rests on a critical assumption that defenders have access to the same AI tools as the attackers and the trained teams to deploy them.
Bringing this back home, Kenya has built something rather impressive but with a massive bullseye at the center. Over 13 million Kenyans are registered on eCitizen, more than 16,000 government services sit on a single platform, and the Maisha Namba digital ID is issuing up to 30,000 new IDs every day. This makes it an enormous, centralized target.
Kenya’s agencies have learned, rather painfully, to handle conventional attacks. In the third quarter of 2025 (July – September) alone, Kenya’s National KE-CIRT/CC detected over 842 million cyber threat events, with the majority exploiting system vulnerabilities.
Kenya’s government systems are a patchwork of old infrastructure with inconsistent security standards. Making it worse is a loophole in the Data Protection Act of 2019, which means eCitizen and Maisha Namba are legally exempt from independent security audits, so biometric data on millions of Kenyans is piling up with nobody legally required to check whether it is safe.
A breach wouldn’t just be an embarrassment; it could compromise individual identity on a mass and permanent scale.
Cyber losses in Kenya hit $230 million (KES 29.9 billion) in 2025, according to a recent Serianu cybersecurity report driven by payment fraud, online scams, and impersonation attacks exploiting gaps in monitoring and authentication.
That was before AI-assisted attacks became this accessible.
The Mexico attacker was not a nation-state operative with novel exploits. They only had Claude, ChatGPT, and a patient approach to persuasion, a combination that proved to be enough.
For Kenyan agencies still struggling to keep their systems updated and staff vulnerable to well-crafted phishing emails, this is not a distant threat; it is already here.
We need to close the legal gaps in the Data Protection Act, mandate independent security audits of eCitizen and Maisha Namba, and update cybercrime law to address AI-assisted intrusions.
Mexico has learned the hard way. Kenya doesn’t have to
