Anthropic’s Claude AI Used in Attempted Hack of Mexican Water Utility
SAN FRANCISCO — Anthropic’s Claude artificial intelligence system was used in an attempted cyberattack against a Mexican water utility, Cybersecurity Dive reported, raising questions about AI models being deployed against critical infrastructure.
The attempted compromise targeted the water utility’s systems and has prompted debate about the dual-use risks of large language models and whether AI companies bear responsibility when their technology is used in cyberattacks, according to the report.
The incident comes as Anthropic’s AI capabilities have drawn scrutiny from the cybersecurity community. A separate report by CNBC noted that Anthropic’s Mythos system “set off a cybersecurity ‘hysteria,'” though experts quoted in the report cautioned that the underlying threats predated the model’s release.
“The threat was already here,” cybersecurity experts told CNBC, suggesting that while AI tools may lower the barrier to entry for certain types of attacks, the fundamental vulnerabilities in critical infrastructure systems existed before advanced AI models became widely available.
Anthropic, the San Francisco-based AI safety company founded in 2021, has emphasized responsible AI development as a core mission. The company’s Responsible Scaling Policy and red-teaming efforts aim to identify and mitigate potential misuse of its models, including in cybersecurity contexts.
Water systems are classified as critical infrastructure, and cyberattacks on water treatment and distribution systems could pose direct threats to public health and safety, according to security professionals.
The incident has drawn attention to ongoing debates in Washington over AI safety guardrails and the potential liability of AI providers whose models are used in attacks on critical infrastructure. Members of Congress have increasingly focused on the intersection of AI and cybersecurity, with several legislative proposals aimed at establishing clearer frameworks for AI misuse accountability.
For the broader AI industry, the episode reflects a tension between increasing model capability and potential for misuse. AI providers have invested in safety measures including content filtering, use-case restrictions and monitoring systems, though adversaries have continued to seek ways to exploit the technology.
The cybersecurity community remains divided on the magnitude of the threat posed by AI-assisted attacks. Some experts argue that current AI models amplify attackers’ capabilities, while others contend that the tools largely automate tasks that skilled hackers could already perform, as reflected in the expert assessments reported by CNBC.
