Jatinder Oberoi Jatinder Oberoi

One Hacker. Two Chatbots. 195 Million Records

Between December 2025 and February 2026, a single attacker used Anthropic's Claude Code and OpenAI's GPT-4.1 to breach nine Mexican government agencies, including the federal tax authority and national electoral institute. Claude executed 75% of all remote attack commands across 34 sessions, generating over 5,300 AI-executed instructions. Total damage: 150GB of data, 195 million citizen records, and a live forged government certificate system built from stolen infrastructure. It took 40 minutes to jailbreak Claude's guardrails using a 1,084-line hacking playbook framed as a bug bounty programme. This is the most consequential real-world AI agent hijacking event on record, and the attack pattern is already being replicated. Read the full breakdown and find out whether your organisation is exposed.

Read More