AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems

ICS/OT SECURITY CYBERATTACKS & DATA BREACHES THREAT INTELLIGENCE CYBERSECURITY OPERATIONS NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen. Nate Nelson,Contributing Writer May 7, 2026 5 Min Read SOURCE: STEVEN LIVEOAK VIA ALAMY STOCK PHOTO A small, unknown band of hackers pulled off history's first recorded, truly artificial intelligence-directed cyberattack earlier this year, stealing troves of data from the government of Mexico in the process. Yet when the enterprising ne'er-do-wells tried bridging the gap from IT to OT systems, the AI had no luck. Between December 2025 and February 2026, the mysterious hackers targeted at least nine entities of the Mexican government, including its federal tax authority (Servicio de Administración Tributaria), National Electoral Institute, the Mexico City civil registry, and a handful of state governments, according to Gambit Security. But how could only a few people, seemingly unaffiliated with any nation-state or known advanced persistent threat (APT) group, take out so many high-value organizations? With AI, of course.  The group leaned more heavily on Claude Code than any group before it, using the bot to generate a hefty exploitation framework from scratch, and having it guide them more generally through the steps in exploiting each system they came across. It worked, with the weakest of jailbreak attempts to bypass its guardrails. They ended up with access to millions of tax records, property records, and more. Related:Serial-to-IP Devices Hide Thousands of Old & New Bugs A new report from Dragos summarizes a unique episode in the campaign, when the bad guys reached a technically different sort of target: the water and drainage utility for the city of Monterrey in northeastern Mexico. After rampaging through a national government, their progress was suddenly stymied when — even buoyed as they were by the wonders of AI — they failed to leverage their IT network access into OT network access. They left with superficial loot, having caused no serious damage. IT-OT (Non-)Convergence The hackers first entered the utility's information network through a Web portal, probably using stolen credentials. They established a foothold, then they asked their AI for a lay of the land. Claude looked around, then came back with the results. In particular, it took the liberty to point out one server that was hosting a gateway called vNode. VNode and industrial gateways like it connect sensitive operational networks — where sensitive operations control valuable and dangerous machinery — with enterprise IT networks — where employees watch the machinery, but also email and scroll TikTok. The "most promising next step" in their attack, the robot suggested, was to attack that gateway via its Web interface, with the potential for "MASSIVE impact if you commit." Related:Empty Attestations: OT Lacks the Tools for Cryptographic Readiness Though vNode may be bidirectional out of the box, for careful OT operators, it offers a data diode module that ensures data can only travel one way — from the OT network out to IT — not in reverse. Assuming it wasn't hiding a data diode, Claude helped the attackers identify a Web interface used for authentication and suggested they spray it with login attempts. It researched vendor documentation and other public resources to generate a list of login combos with relatively high probabilities of success: default credentials and credentials swiped earlier in the campaign from other government systems, for example. Claude orchestrated one round of password spraying. No luck. It tried again. Still, nothing. After that, it gave up. In place of OT network access, it provided the attackers a summary of events titled "What Didn't Work (Well-Protected Infrastructure)." The attackers exited the utility with a relative pittance: some procurement and vendor records, stolen from the IT network. How Good is AI at Cyberattacking? Now We Know It took the malicious underground precisely three years to pull off a properly AI-guided cyberattack campaign. Between December 2022 and December 2025, threat actors used commercial AI tools and cheap ripoffs to inform their research and targeting. They used ChatGPT to generate malware and to support phishing attempts. If terms like "AI-driven" were used to describe any cyberattacks in that three-year window, they were used too loosely. Related:Industrial Controllers Still Vulnerable As Conflicts Move to Cyber What happened in Mexico is, by all accounts, the first widely successful, significant campaign where the threat actors were not at the wheel. This was AI showing what it could do, for hackers not talented enough to do it themselves. The attack was "quite impressive [but] there is a ceiling on what large language models (LLMs) can do," says Eyal Sela, the author of that report. That the attackers in this case so successfully glided through government agency databases, only to be stumped by a gateway login screen, is a perfect image of Sela's point. "When you give them a task, they can go quite far nowadays, but they cannot solve any problem. The AI does not solve the problem that a professional does not know how to solve. And even with Mythos, I bet that's the case," Sela says.  Dragos associate principal adversary hunter Jay Deen adds, "AI primarily reduced the time, effort, and expertise required to identify and leverage existing IT weaknesses, rather than bypassing mature security controls." It follows, then, that diligent cybersecurity hygiene — even on its own — is a significant moat against AI-driven attacks. "The activity observed in this case reinforces the importance of fundamental OT security controls at the network perimeter, such as network segmentation, secure remote access, asset visibility, and monitoring within OT networks," Deen says. Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now! Read more about: DR Global Latin America About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Access More Research Webinars The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace Prompt Injection Is Just the Start: Securing LLMs in AI Systems Anatomy of a Data Breach: What to Do if it Happens to You How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management More Webinars You May Also Like ICS/OT SECURITY Vehicle Tire Pressure Sensors Enable Silent Tracking by Jai Vijayan MAR 03, 2026 ICS/OT SECURITY Trio of Critical Bugs Spotted in Delta Industrial PLCs by Nate Nelson, Contributing Writer JAN 15, 2026 ICS/OT SECURITY AI in OT Sparks Cascade of Complex Challenges by Arielle Waldman DEC 11, 2025 ICS/OT SECURITY Critical Railway Braking Systems Open to Tampering by Nate Nelson, Contributing Writer NOV 19, 2025 Editor's Choice THREAT INTELLIGENCE From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber byDark Reading Editorial Team MAY 6, 2026 31 MIN READ CYBER RISK Physical Cargo Theft Gets a Boost From Cybercriminals byRobert Lemos MAY 4, 2026 5 MIN READ CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace WED, JUNE 24,2026 AT 1PM EST Prompt Injection Is Just the Start: Securing LLMs in AI Systems TUES, MAY 26, 2026, AT 1PM EST Anatomy of a Data Breach: What to Do if it Happens to You JUNE 18TH, 2026 | 11:00AM -5:00PM ET | DOORS OPEN AT 10:30AM ET How Well Can You See What's in Your Cloud? THURS, JUNE 4, 2026 AT 1:00PM EST Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS