Key Points
- Threat actors used Anthropic’s Claude and other AI tools during a cyberattack targeting a Mexican water utility, leveraging them for reconnaissance, exploit development, and credential harvesting.
- Claude allegedly identified a pathway from IT into OT systems, found a vulnerable interface, and attempted a password-spray attack without prior context.
- IANS Faculty say this incident shows that AI is lowering the barrier to entry for attackers targeting critical infrastructure, enabling less-skilled actors to launch faster and more sophisticated operations.
Hackers Used Anthropic’s Claude to Target Mexican Water Utility, Researchers Say
Researchers at Dragos say that an unknown cyber threat group leveraged Anthropic’s Claude in a cyberattack against a local water utility in Mexico. According to a new report, the group used AI to identify access pathways into operational technology (OT) infrastructure without any prior ICS/OT context.
The attack was a part of a larger campaign targeting multiple Mexican government agencies, spanning from December 2025 to February 2026. The attackers relied heavily on AI tools, including Claude and OpenAI’s GPT-4.1. Most of the technical work was completed via Claude, including reconnaissance, customizing exploits, privilege escalation, and credential harvesting.
On its own, Claude identified a server functioning as a vNode industrial gateway inside the enterprise network. It then found a single-password authentication interface, researched vendor documentation, and initiated a password-spray attack using gathered default and victim credentials.
The password spray attack was unsuccessful. However, this incident demonstrates how AI can conduct more sophisticated attacks than previously believed.
"The biggest takeaway from this is that AI is beginning to meaningfully lower the barrier to entry for operational technology (OT) and critical infrastructure attacks by helping threat actors rapidly understand unfamiliar environments, generate scripts, map industrial systems, and accelerate reconnaissance and exploitation workflows." Dave Shackleford, IANS Faculty.
Big Picture
It would be surprising if threat actors weren’t using AI to supplement cyberattacks. The difference here is that AI tools like Claude enabled these hackers to launch more specialized attacks than previously thought possible.
"What should concern enterprise security teams isn’t just ‘AI hacking,' but the reality that small groups can now operate with capabilities and scale that previously required much larger, specialized teams. This especially raises risk for utilities, manufacturing, energy, healthcare, transportation, and other organizations where IT/OT convergence has expanded attack surfaces faster than segmentation and monitoring programs have matured." Dave Shackleford, IANS Faculty.
At the same time, AI isn’t just augmenting attacker behavior, but potentially influencing decision making. In this instance, Claude found the correct pathway towards OT systems that these threat actors probably would have missed on their own.
With these AI capabilities on the threat actors’ side, getting initial access just got a lot easier. Security teams defending OT-adjacent systems should prioritize detection and containment over keeping attackers out in the first place.
"That collapses two assumptions critical infrastructure operators have leaned on for years: that OT obscurity is a defense, and that the IT-to-OT pivot requires specialized adversary skills. Neither assumption holds true anymore. The threshold for ‘credible OT threat’ just dropped to anyone who can pay $20 a month and stay logged in.” Jeff Brown, IANS Faculty
IANS Faculty Recommendations
- Rethink who can credibly threaten your industrial systems: Treat AI-assisted OT reconnaissance and attack-path discovery as an expected threat capability and validate segmentation between IT, OT, engineering workstations, and SCADA environments.
- Harden access: Accelerate deployment of identity-centric controls for OT access, including MFA, privileged access management, and strict remote-access governance for vendors and contractors.
- Expand visibility: Monitor east-west traffic, engineering protocols, and unusual discovery activity inside industrial environments, not just perimeter traffic. Prioritize rapid asset inventory and attack-path visibility across hybrid IT/OT environments to understand what systems an attacker could realistically pivot into after initial compromise.
- Close the easy doors between corporate IT and operations: The attack hinged on a single-password interface on the system connecting office IT to the plant floor. The password spray failed this time, but the attack pattern only works because these bridge systems still routinely use shared passwords, default credentials, or single-factor login.
- Run the tabletop before the headline. Schedule a tabletop in the next 60 days using exactly this scenario. The questions to surface: who decides to isolate the gateway, who has the vendor relationships to get help fast, and how quickly can you preserve evidence without taking service offline.
Dave Shackleford, IANS Faculty
Jeff Brown, IANS Faculty
Authors & Contributors
Emily Dempsey, Author, IANS News
Dave Shackleford, IANS Faculty
Jeff Brown, IANS Faculty
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our News & blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.