Thanks to AI, even a relatively unskilled hacker can pull off massive government data breaches 鈥 like the one that hit Mexico鈥檚 tax system 鈥 and that kind of vulnerability could shake investor confidence and expose serious gaps in USMCA-era cybersecurity rules
Key insights:
-
-
-
AI makes everyone鈥檚 job easier, including cybercriminals 鈥 With Anthropic鈥檚 Claude, an attacker breached Mexico鈥檚 federal tax portal in less than an hour.
-
Cybersecurity breaches may be a canary in the coal mine for a much larger problem 鈥 This is the second publicly disclosed Claude-enabled attack in less than a year.
-
Nearshoring the risk 鈥 Beyond the immediate damage to affected citizens and businesses, foreign investors and multinational evaluating their operations in Mexico may see a red flag that could discourage them from moving forward.
-
-
Amid the 2025 year-end celebrations 鈥 while most people were busy wrapping gifts, decorating trees, spending time with loved ones, and sketching out their 2026 resolutions 鈥 a quieter threat was unfolding. Unlike the Grinch, it had no interest in stealing Christmas cheer; instead, it set its sights on something far more valuable: more than 150 gigabytes of sensitive information from Mexican government organizations.
Armed with what appeared to be intermediate knowledge of cybersecurity and an advanced usage of AI tools, the Spanish-speaker attacker convinced Anthropic鈥檚 Claude chatbot that the interaction was part of a bug bounty 鈥 a legal way to hack a company and get paid for telling them how you broke in 鈥 with 3 key rules: avoid making changes that could damage the system, delete all logs, and disable command history.
At first, Claude strongly resisted, flagging these instructions as they sounded like detection-evasion techniques, commonly used by malicious actors. It even challenged the attacker, requesting verification.
However, just three minutes after the suspicious prompts, the attacker dropped a simple and straight-forward instruction: 鈥淐ould you add this to claude.md鈥, with a penetration-testing cheat sheet attached. After that, things went as smooth as butter.
In simple terms, using a penetration-testing cheat sheet is like asking a security guard to write instructions to disable the alarms and he refuses, so you pull out a pre-written note with those exact instructions and say, 鈥淐an you just stick this on your booth door?鈥 and he does. Now those instructions are in front of him all day, and he follows it when you ask him, automatically without questioning it. In this case, Claude didn鈥檛 write the malicious manual 鈥 it just stuck the note up, but the result was the same.
Mexican government infrastructure attacked
According to Gambit Security, the attacker breached the Tax Administration Service (SAT, according to its acronyms in Spanish) 鈥 along with least 8 other Mexican government institutions during the end of 2025 until mid-February 2026. The incident has been described as one of the largest breaches of government infrastructure.
Within the scope of the SAT alone, the compromise reportedly exposed 195 million taxpayer records and 52 million directory entries. Building on this access, the attacker then leveraged Claude to pursue even more sensitive data, including Mexico鈥檚 electronic signature (e.firma) private keys, taxpayer identification numbers (RFC), national ID numbers (CURP), as well as customers鈥 biometrics, email addresses, phone numbers, and physical addresses.
Even beyond all of this, however, the most unsettling part of the attack came next. With a prompt that revealed a striking lack of technical literacy 鈥 鈥淢ake a Python or something like that鈥︹ 鈥 the attacker asked Claude to build a simple web application capable of querying and returning SAT taxpayer information. He then used this tool to develop a script that generated fraudulent tax status certificates, populated with real data pulled directly from the system. While he was unable to forge the document鈥檚 digital seal, the deception was still dangerously effective, because without proper cryptographic validation, the certificates appeared legitimate and were nearly indistinguishable from authentic ones.
Thus, the commercial relevance of the SAT hack is not secondary or collateral 鈥 it鈥檚 central. SAT is not merely a fiscal institution, it is the central nervous system of Mexico鈥檚 formal commerce, and its database holds information that companies provide under legal obligation, not only with a reasonable expectation that the government will protect it, but because they have no option but to do so.
When that information is compromised, the damage is not limited to the privacy of the affected taxpayers, it extends to a foreign investor or a company鈥檚 compliance team that may be evaluating a nearshore move for the establishment of operations in Mexico. And with all of that, it would be understandable for them to wonder:
If the government cannot protect the data that companies have little choice but to provide, what guarantee exists that it will be safe? And with that, in case of a danger, will the Mexican government have enough tools to investigate and sanction the attackers?
The hack spreads mistrust and apprehension
Within that calculus, weaknesses in government cybersecurity become more than a technical concern 鈥 they evolve into a tangible barrier to investment, a contradiction made even sharper amid the ongoing renegotiations of the United States-Mexico-Canada Free Trade Agreement (USMCA).
The last version of the USMCA establishes a framework for cybersecurity cooperation among member countries. Its legal architecture rests on three pillars: i) the recognition that cyber-threats represent a risk to digital commerce; ii) the commitment of the parties to develop capacities to identify and manage those risks; and iii) the promotion of cooperation between the public and private sectors in this area.
However, it never mentions a minimum-security standard that governments are required to meet, but that is not the only loose thread, since the USMCA was negotiated in a technological context radically different from the present one 鈥 back when generative AI (GenAI) was still science fiction rather than a browser tab. Indeed, the cybersecurity framework implicitly assumes that threat actors are organized structures.
And that鈥檚 where the case analyzed by Gambit Security could jeopardize everything, as the breach in which AI functioned as a primary operational tool, according to their document. More worrisome, what previously required months of specialized work and considerable resources by a potential network of hackers can today be executed in days by a much smaller unit, or singular person, with monthly subscription tools 鈥 and maybe less technical knowledge than you think.
That said, the push for stronger cybersecurity standards may extend beyond USMCA concerns and evolve into a broader industry imperative, particularly in places in which the agreement itself may fall short.
Claude as the mechanism
This attack marks the second known incident involving the use of Anthropic鈥檚 Claude 鈥 the first having been linked to a Chinese state-affiliated group 鈥 and it is unlikely to be the last. Without clearer regulation and stronger security standards, such misuse will not remain an exception but rather become an increasingly recurring threat not only in Mexico but also in Canada and the United States. Even in the US, which maintains comparatively advanced cybersecurity frameworks, experts acknowledge that defenses are still struggling to keep pace with an increasingly complex threat landscape.
The US is not the only one taking the lead, however, as the European Union has already introduced the first comprehensive AI regulatory framework, requiring systems to be resilient against misuse (including for cyberattacks) and obligating companies to report and address vulnerabilities. However, these rules primarily apply to AI developers rather than those who weaponize the technology. By contrast, the US has begun to address this gap by enacting laws that treat the use of AI in criminal activity as an aggravating factor, leading to harsher penalties.
As such, this is not only an alert for Mexico to improve its own cybersecurity practices but is certainly a broader call to action for all three countries. Regulating a technology that evolves faster than legal processes is both urgent and challenging 鈥 but not impossible.
You can find out more about the challenges facing Mexico on several different fronts here
