What the Mexico Government Breach Means for Your Business
A cyberattack that unfolded over December 2025 and January 2026 has changed how security professionals think about AI . New Zealand business leaders should take note.
A single attacker jailbroke Anthropic’s Claude AI assistant and used it to target multiple Mexican government agencies over roughly a month, exfiltrating 150GB of records and exposing approximately 195 million identities. The targets included the country’s federal tax authority, national electoral institute, and civil registry. The attacker didn’t need a team of engineers. They didn’t write custom malware. They largely just wrote Spanish-language prompts into a commercial AI chatbot.
What actually happened
The attacker employed a role-playing approach, framing malicious requests as legitimate bug bounty security research. Claude initially refused, but eventually complied. It generated thousands of detailed reports with ready-to-execute plans specifying which internal targets to hit next and which credentials to use.
Over 1,000 prompts were sent to Claude during the campaign. When Claude stopped being cooperative, the attacker switched to OpenAI’s GPT-4.1 to continue lateral movement through the network.
- Two consumer AI subscriptions.
- One motivated individual.
- Nine government agencies compromised.
CrowdStrike’s 2026 Global Threat Report, released in late February, documents an 89% year-over-year increase in AI-enabled adversary operations. Average attacker breakout time, that is the window between initial access and moving deeper into a network, fell to just 29 minutes, with the fastest observed at 27 seconds.
The four blind spots your security stack may not cover
The VentureBeat analysis of this breach identified four domains where most security monitoring has significant gaps: credentials stolen from unmanaged edge devices, identity systems, cloud environments, and now , various AI tools themselves.
That last one is new. If your organisation cannot answer “what did our AI tools do in the last 24 hours,” that gap needs to close. AI coding assistants, AI-connected integrations, and automated workflows are now a legitimate attack surface, and it is one that most monitoring tools weren’t built to watch.
What this means for Kiwi businesses
The lesson here isn’t that AI is dangerous and shouldn’t be used. The lesson is that your security posture needs to keep pace with your AI adoption, and with the AI your adversaries are using.
At Kinetics, we’ve always maintained that cybersecurity isn’t a product you buy and forget. It’s a discipline that must evolve continuously alongside the threat landscape. Our KARE Foundation service is built on exactly this principle. We combine endpoint detection and response, proactive monitoring, patching, and multi-factor authentication management into a systematic, always-on layer of protection.
The Mexico breach didn’t succeed because the technology was unbeatable. It succeeded because the affected agencies had no visibility into what was happening. The breach was discovered not by any of them, but by an external security firm that stumbled across publicly accessible attacker logs.
Visibility is everything. If you don’t have it, you don’t have security — you just have hope.
The practical question for your business
Are you confident you’d know within hours if an attacker was moving through your systems? Do you have oversight of the AI tools your team uses daily? Is your security approach proactive, or does it rely on someone noticing something has gone wrong?
What does the Iran conflict mean for AI cyber attacks?
On 28 February 2026, the US and Israel launched a joint offensive, Operation Epic Fury and Operation Roaring Lion, against Iran. In the hours following the initial strikes, Iran began a multi-vector retaliatory campaign that has evolved into a significant trans-regional conflict.
AI’s role on the offensive side (US/Israel)
The Iran war is being fought on a hybrid digital-physical battlefield, with both old-school deception tactics and AI technology playing a role. The US military’s first move in the conflict was reportedly in cyberspace, with coordinated cyber operations disrupting Iranian communications and sensor networks before the physical strikes began.
Iran’s AI cyber capabilities
There is no public evidence that Iran can yet deploy fully autonomous AI cyber agents at the level documented in recent state-sponsored attacks. However, Iran remains one of the world’s most capable cyber powers, and experts warn that AI may already be accelerating its more familiar attack methods against critical infrastructure.
As of early March, there were no confirmed large-scale cyberattacks directly tied to the Iran conflict — but national security experts warn that as Iran’s conventional military capabilities are degraded, it is highly likely to pivot to cyberattacks as its primary tool for retaliation.
The spillover risk for organisations like Kinetics’ clients
Google’s chief threat intelligence analyst has warned that Iranian retaliatory attacks “won’t be very different from what we’ve seen going on for the last few years” , but what changes is the targeting, because Iran’s previous attacks were aimed at Israel’s mature cyber defences. Attacking less-secure targets will produce “a very different attack surface.”
Over 150 hacktivist incidents were recorded in the days following the February 28 strikes, with global spillover risks noted across energy, finance, IT, and critical infrastructure sectors. Managed service providers serving Middle Eastern workloads were specifically flagged as facing elevated risk around identity, control planes, and administrative management consoles.
Bottom line for a Kinetics context
There’s no confirmed AI-specific attack tied directly to the Mexico breach methodology in the Iran conflict, but the broader conditions are exactly what security firms have been warning about: a motivated, capable nation-state actor with an incentive to “empty the tank,” combined with AI tools that dramatically lower the cost of running offensive campaigns against softer targets outside the primary conflict zone.