Hacker Used Anthropic's Claude To Steal Sensitive Mexican Data (bloomberg.com)
- Reference: 0180859012
- News link: https://yro.slashdot.org/story/26/02/25/1524257/hacker-used-anthropics-claude-to-steal-sensitive-mexican-data
- Source link: https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data
> The unknown Claude user wrote Spanish-language prompts for the chatbot to act as an elite hacker, finding vulnerabilities in government networks, writing computer scripts to exploit them and determining ways to automate data theft, Israeli cybersecurity startup Gambit Security said in research published Wednesday.
>
> The activity started in December and continued for roughly a month. In all, 150 gigabytes of Mexican government data was stolen, including documents related to 195 million taxpayer records as well as voter records, government employee credentials and civil registry files, according to the researchers.
[1] https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data
This is such BS (Score:2)
This is just stupid.
If Claude can "act as an elite hacker" and "find vulnerabilities" then every tool on the planet would find the same vulnerabilities. The chatbot is not, in fact, an elite hacker, it's a word (token) generator, and it has no f..ing clue about how to find vulnerabilities. The steps it can generate (token for token) is the same you can find in any Hacking for Dummies or 1337 Hackzor script.
These headlines grow dumber and dumber as the AI companies are desperately trying to get everyone
Re: (Score:2)
Yeah the headline is garbage. "Hacker used google search to learn how websites, SQL and networks worked and exploited it and did bad things."
This to me is akin to "Person who commits crime went and used BOOKS in the Library to learn how certain things worked then did BAD THINGS WITH IT" Gosh, let's restrict people's access to libaries, you know, for the safety of everyone.
That's all this reeks of.
Marty: "Coolzies" (Score:4, Interesting)
Now really can't wait for the U.S. Military to more fully integrate with Claude...
[1]Hegseth Gives Anthropic Until Friday To Back Down on AI Safeguards [slashdot.org]
> Defense Secretary Pete Hegseth gave Anthropic CEO Dario Amodei until Friday evening to give the military unfettered access to its AI model or face harsh penalties,
Especially now... [2]Anthropic Drops Flagship Safety Pledge [slashdot.org]
> ... to never train an AI system unless it could guarantee beforehand that its safety measures were adequate.
[1] https://tech.slashdot.org/story/26/02/24/1850232/hegseth-gives-anthropic-until-friday-to-back-down-on-ai-safeguards
[2] https://slashdot.org/story/26/02/25/1355245/anthropic-drops-flagship-safety-pledge
Re: (Score:1)
Claude vs Grok in the first and only game of Global Thermonuclear War. GO!
Re: (Score:3)
Don't worry, when anything bad happens it will get blamed on Biden or Obama.
Hmmm (Score:1)
Can you track the hackers by the hot diarrhea data trails? That Mexican data should be spicy.
Who was exploited... (Score:4, Insightful)
> A hacker exploited Anthropic's AI chatbot
This doesn't seem a like an accurate summary, using an LLM to generate attack scripts isn't exploiting the LLM but the target of the scripts. The proper term would probably be "misused" as the use of Claude was against the Terms of Service and Acceptable Use Policy.
Ever since the inception of the internet the accessibility of information that can be use for unethical purposes has been problematic without easy answers. But the source of information being the focus rather than unsecured environments seems misplaced. Running a private instance of an open source model isn't that much extra effort than an LLM as a service to a threat actor, so making a big deal out of it being Claude seems silly.
Using Google or Bing to translate or get scripting help wouldn't generate an article and they've been in the same boat for safeguards for years. The lines between acceptable security use and White Hat Security researcher/Black Hat hacker realms are also pretty blurry. I can see calls for the same safeguards as health safety as search engines and providing support for people in crisis, but trying to moderate access to security information is seems in excess. Why shouldn't an org be able to write red team scripts or test out their honeypot?
Smells like vendor lobbying (Score:2)
Anyone could figure this stuff out with a simple search and spending their time to do it.
All this reaks of is corporations that want to leverage AI to build and peddle their products upset that the massess can access the AI models and do it on their own without buying their "New AI product" because their really low hanging fruit stuff I can ask an AI model to build for me, and not pay them 10$ a month per domain to monitor dmarc or something.
They're going to lobby to create entry barriers to AI app building
Re: (Score:2)
The 'artificial scarcity' game just got moved up a level.
It used to be the products that were scarce, but when everything went digital, the product scarcity had to be artificial.
For a while, it was the creators who were scarce, (programmers, artists) but now that's not scarce either.
At this point, the only thing that's scarce is energy, water, and RAM.
By-pass the safeguard (Score:2)
that's supposed to be in place.
Mexican gov data will be a lot more secure now (Score:2)
after this, I bet. Thank you for your service waking them out of complacency.
31337 C14ud3 (Score:5, Interesting)
It's no surprise that these tools can enable script kiddies to elevate their game. This is what they're pushing, after all... you don't have to know what you're doing, just keep prompting until it works!
We're in a golden age of sorts. Soon these LLMs will be so locked down due to fears of stuff like this. Use it while you can before you have to pay an exorbitant license fee for that "elite hacker" persona.
Re: (Score:2)
Nothing a simple google search wouldn't provide anyway