Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico. The post Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion appeared first on SecurityWeek.
Cybersecurity firm Dragos has released a threat intelligence report detailing an intrusion into a municipal water and drainage utility in Monterrey, Mexico, in which an unidentified threat actor made extensive use of AI tools to assist its operation.
The hacker attack on the water utility took place in January 2026, but was part of a broader campaign targeting multiple Mexican government organizations between December 2025 and February 2026. The campaign was initially uncovered by researchers at Gambit Security, who brought Dragos in specifically to evaluate the threat to industrial control systems (ICS) at the water utility.
What distinguished this intrusion from typical cyberattacks was the central role of Anthropic’s Claude and OpenAI’s GPT models, which together served as an AI-assisted operational engine.
Related breach coverage
- Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants2026-05-08
The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek.
- AI Firm Braintrust Prompts API Key Rotation After Data Breach2026-05-08
Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek.
- Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom2026-05-08
A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals. The post Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom appeared first on SecurityWeek.
- Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking2026-05-07
Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on SecurityWeek.