Cybersecurity firm Dragos has released a threat intelligence report detailing an intrusion into a municipal water and drainage utility in Monterrey, Mexico, in which an unidentified threat actor made extensive use of AI tools to assist its operation. The hacker attack on the water utility took place in January 2026, but was part of a broader campaign targeting multiple Mexican government organizations between December 2025 and February 2026. The campaign was initially uncovered by researchers at Gambit Security, who brought Dragos in specifically to evaluate the threat to industrial control systems (ICS) at the water utility. What distinguished this intrusion from typical cyberattacks was the central role of Anthropic’s Claude and OpenAI’s GPT models, which together served as an AI-assisted operational engine. Claude served as the primary technical workhorse, handling intrusion planning, tool development, and problem-solving, while GPT handled victim data processing and structured reporting.

Full report : Cybersecurity startup Dragos found threat actors used Claude AI in an attack on a water and drainage utility in Mexico.