AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryICS/OT SecurityCyberattacks & Data BreachesThreat IntelligenceCybersecurity OperationsNewsBreaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia PacificAI-Driven Cyberattack on Mexico Couldn't Breach OT SystemsThe most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.Nate Nelson,Contributing WriterMay 7, 20265 Min ReadSource: Steven Liveoak via Alamy Stock PhotoA small, unknown band of hackers pulled off history's first recorded, truly artificial intelligence-directed cyberattack earlier this year, stealing troves of data from the government of Mexico in the process. Yet when the enterprising ne'er-do-wells tried bridging the gap from IT to OT systems, the AI had no luck.Between December 2025 and February 2026, the mysterious hackers targeted at least nine entities of the Mexican government, including its federal tax authority (Servicio de Administración Tributaria), National Electoral Institute, the Mexico City civil registry, and a handful of state governments, according to Gambit Security. But how could only a few people, seemingly unaffiliated with any nation-state or known advanced persistent threat (APT) group, take out so many high-value organizations?With AI, of course. The group leaned more heavily on Claude Code than any group before it, using the bot to generate a hefty exploitation framework from scratch, and having it guide them more generally through the steps in exploiting each system they came across. It worked, with the weakest of jailbreak attempts to bypass its guardrails. They ended up with access to millions of tax records, property records, and more.Related:Serial-to-IP Devices Hide Thousands of Old & New BugsA new report from Dragos summarizes a unique episode in the campaign, when the bad guys reached a technically different sort of target: the water and drainage utility for the city of Monterrey in northeastern Mexico. After rampaging through a national government, their progress was suddenly stymied when — even buoyed as they were by the wonders of AI — they failed to leverage their IT network access into OT network access. They left with superficial loot, having caused no serious damage.IT-OT (Non-)ConvergenceThe hackers first entered the utility's information network through a Web portal, probably using stolen credentials. They established a foothold, then they asked their AI for a lay of the land.Claude looked around, then came back with the results. In particular, it took the liberty to point out one server that was hosting a gateway called vNode. VNode and industrial gateways like it connect sensitive operational networks — where sensitive operations control valuable and dangerous machinery — with enterprise IT networks — where employees watch the machinery, but also email and scroll TikTok. The "most promising next step" in their attack, the robot suggested, was to attack that gateway via its Web interface, with the potential for "MASSIVE impact if you commit."Related:Empty Attestations: OT Lacks the Tools for Cryptographic ReadinessThough vNode may be bidirectional out of the box, for careful OT operators, it offers a data diode module that ensures data can only travel one way — from the OT network out to IT — not in reverse.Assuming it wasn't hiding a data diode, Claude helped the attackers identify a Web interface used for authentication and suggested they spray it with login attempts. It researched vendor documentation and other public resources to generate a list of login combos with relatively high probabilities of success: default credentials and credentials swiped earlier in the campaign from other government systems, for example.Claude orchestrated one round of password spraying. No luck. It tried again. Still, nothing. After that, it gave up. In place of OT network access, it provided the attackers a summary of events titled "What Didn't Work (Well-Protected Infrastructure)." The attackers exited the utility with a relative pittance: some procurement and vendor records, stolen from the IT network.How Good is AI at Cyberattacking? Now We KnowIt took the malicious underground precisely three years to pull off a properly AI-guided cyberattack campaign.Between December 2022 and December 2025, threat actors used commercial AI tools and cheap ripoffs to inform their research and targeting. They used ChatGPT to generate malware and to support phishing attempts. If terms like "AI-driven" were used to describe any cyberattacks in that three-year window, they were used too loosely.Related:Industrial Controllers Still Vulnerable As Conflicts Move to CyberWhat happened in Mexico is, by all accounts, the first widely successful, significant campaign where the threat actors were not at the wheel. This was AI showing what it could do, for hackers not talented enough to do it themselves.The attack was "quite impressive [but] there is a ceiling on what large language models (LLMs) can do," says Eyal Sela, the author of that report. That the attackers in this case so successfully glided through government agency databases, only to be stumped by a gateway login screen, is a perfect image of Sela's point. "When you give them a task, they can go quite far nowadays, but they cannot solve any problem. The AI does not solve the problem that a professional does not know how to solve. And even with Mythos, I bet that's the case," Sela says. Dragos associate principal adversary hunter Jay Deen adds, "AI primarily reduced the time, effort, and expertise required to identify and leverage existing IT weaknesses, rather than bypassing mature security controls."It follows, then, that diligent cybersecurity hygiene — even on its own — is a significant moat against AI-driven attacks. "The activity observed in this case reinforces the importance of fundamental OT security controls at the network perimeter, such as network segmentation, secure remote access, asset visibility, and monitoring within OT networks," Deen says.Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!Read more about:DR Global Latin AmericaAbout the AuthorNate NelsonContributing WriterNate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost.See more from Nate NelsonWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

The recent cyberattack targeting the Mexican government, meticulously orchestrated by an unidentified group leveraging artificial intelligence, highlights a critical vulnerability in contemporary cybersecurity defenses. According to Nate Nelson of Dark Reading, the attackers, utilizing Claude Code, successfully infiltrated multiple governmental entities – including the Servicio de Administración Tributaria, the National Electoral Institute, and city registries – before ultimately failing to breach Operational Technology (OT) systems. The campaign, spanning December 2025 to February 2026, demonstrated the surprisingly limited effectiveness of advanced AI in bypassing established security controls, particularly those focused on OT environments.

Initially, the group employed Claude Code to generate an exploitation framework and guide their efforts, exploiting known vulnerabilities and vulnerabilities scraped from public sources. They successfully accessed millions of records, primarily tax and property data, originating from the IT network. However, their attempt to transition from IT to OT networks, specifically targeting the Monterrey water utility’s vNode gateway, proved unsuccessful. The attackers identified the gateway and utilized password spraying based on default credentials and stolen credentials, but the vNode's data diode module prevented them from gaining deeper access to the OT network itself. They were ultimately limited to retrieving procurement and vendor records from the IT side.

This event underscored the limitations of current large language models (LLMs) like Claude Code, as noted by Eyal Sela. While these AI tools facilitated faster exploitation, they lacked the strategic thinking and problem-solving capabilities of a seasoned cybersecurity professional. The attackers essentially used AI to streamline the reconnaissance and initial access phases, rather than genuinely overcoming sophisticated security measures. Jay Deen, a principal adversary hunter at Dragos, further emphasized that the AI’s primary contribution was reducing the time and effort required to identify and exploit existing IT weaknesses, rather than circumventing mature OT security controls.

The attack’s focus on the vNode gateway demonstrates a crucial defense in depth strategy – the use of unidirectional data diodes – which allows data to flow from the OT network to the IT network, but not the other way around. This prevented the attackers from gaining access to sensitive operational data and controlling critical infrastructure. The unsuccessful attack highlighted the vital importance of network segmentation and monitoring within OT networks, reinforcing that fundamental security controls remain a strong defense against all types of cyberattacks, including those leveraging AI. Nelson further stated that the activity observed in this case reinforces the importance of “fundamental OT security controls at the network perimeter, such as network segmentation, secure remote access, asset visibility, and monitoring within OT networks”.