AI maps prime Operational Technology targets for the cybercriminals, who fail to breach the targeted data, and steal enterprise data instead.

A recent threat intelligence report by an industrial cybersecurity firm has arrived at the conclusion that the hackers who hit nine Mexican government agencies from December 2025 to February 2026 had leveraged Anthropic’s Claude AI to breach a municipal water and drainage utility.

Once inside the utility’s enterprise IT network, the unidentified threat actor — tracked by investigators as TAT26-12 — had used a jailbroken Claude tool to scout internal systems. The AI bot then independently pinpointed a server running a vNode industrial gateway and Supervisory Control and Data Acquisition (SCADA)/IIoT management platform, deeming it vital to critical infrastructure. It also probed potential routes to cross from IT to operational technology (OT) systems, marking these as prime “crown jewel” targets.

Despite the AI boost, attackers failed to penetrate the control systems and thereby pivoted to stealing data instead, according to the intelligence report released on 6 May 2026. No evidence of OT access or visibility into the Mexican utility’s industrial operations have surfaced.

Post-mortem analysis
Based on the forensic data of over 350 artifacts, mostly AI-crafted malicious scripts, the investigations reveal that the jailbroken Claude AI drove about 75% of remote command executions, while OpenAI’s GPT-4.1 (unhacked) had been used to process victim data and format reports. Also:

  • The hackers had bypassed Claude’s safety controls in roughly 40 minutes, by posing queries as hypothetical bug bounty research. At the core of the AI output was a 17,000-line Python framework dubbed “BACKUPOSINT v9.0 APEX PREDATOR.” This toolkit contained 49 modules for tasks such as credential theft, Active Directory scouting, database queries, privilege escalation, and automated lateral movement.
  • According to references in the report to Curtis Simpson, Chief Strategy Officer, Gambit Security: “(The AI) produced thousands of detailed reports that included ready-to-execute plans, telling the human operator exactly which internal targets to attack next and what credentials to use.”
  • The threat intelligence investigation, produced by Dragos, also highlighted consistent Spanish usage as the lone behavioral clue about TAT26-12.

Experts view this incident as one of the earliest confirmed cases of an AI autonomously hunting industrial control systems as high-value assets amid a real-time breach, raising alarms about AI’s role in lowering barriers for sophisticated cyberattacks.