Hackers use Claude and ChatGPT in ‘a significant evolution in offensive… is attracting attention across the tech world. Analysts, enthusiasts, and industry observers are watching closely to see how this story develops.
This update adds another signal to a fast-moving sector where product decisions, platform changes, and competition can quickly shape the market.
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Get full access to premium articles, exclusive features and a growing list of member rewards.
Big enterprises might soon get Claude Mythos to patch security holes in their software, but new research claims hackers are doing just fine with Claude Cowork.
A report from security researchers Gambit claims a single threat actor targeted nine government agencies in Mexico, using Claude Code and GPT-4.1 extensively, both during planning and execution, before making off with “hundreds of millions of citizen records”.
The campaign ran from late December 2025, through mid-February 2026, during which time, roughly 75% of all remote command execution (RCE) activity was generated – and executed – by Claude Code. Furthermore, the attacker used a custom 17,550-line Python tool to pipe harvested server data through OpenAI’s API. This generated “2,597 structured intelligence reports across 305 internal servers”.
During the post-mortem, Gambit said it uncovered more than 400 custom attack scripts, as well as 20 tailored exploits targeting 20 different CVEs. The attacker was using Generative Artificial Intelligence to find which vulnerabilities to exploit, and to generate the exploit code.
During the attack, the threat actor made more than 1,000 prompts, through which they generated more than 5,300 AI-executed commands in 34 sessions on live victim infrastructure.
Using AI in cybercrime is nothing new. However, this attack is a testament to what the cybersecurity industry has been warning of for years now – AI is speeding attacks up, and defenders who don’t deploy the same tech innovation stand no chance at all:
“The campaign compressed attack timelines below standard detection and response windows,” Gambit said.
“It transformed raw reconnaissance data from hundreds of servers into structured intelligence, thus enabling a single operator to process volumes that would normally require a team. It turned unfamiliar platforms into mapped targets and tailored exploits in hours, not days.”
Gambit’s researchers concluded that this AI-assisted method “represents a significant evolution in offensive capability”, which could have been avoided through standard security controls such as patching, credential rotation, network segmentation, and endpoint detection.
➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Please logout and then login again, you will then be prompted to enter your display name.
Why This Matters
This development may influence user expectations, future product strategy, and the competitive balance inside the broader technology industry.
Companies in adjacent segments often react quickly to similar moves, which is why stories like this tend to matter beyond a single announcement.
Looking Ahead
The full impact will become clearer over time, but the story already highlights how quickly the modern tech landscape can evolve.
Observers will continue tracking the next steps and how they affect products, users, and the wider market.
