Business
How our AI bots are ignoring their programming and giving hackers superpowers
Welcome to the age of AI hacking, in which the right prompts make amateurs into master hackers.
A group of cybercriminals recently used off-the-shelf artificial intelligence chatbots to steal data on nearly 200 million taxpayers. The bots provided the code and ready-to-execute plans to bypass firewalls.
Although they were explicitly programmed to refuse to help hackers, the bots were duped into abetting the cybercrime.
According to a recent report from Israeli cybersecurity firm Gambit Security, hackers last month used Claude, the chatbot from Anthropic, to steal 150 gigabytes of data from Mexican government agencies.
Claude initially refused to cooperate with the hacking attempts and even denied requests to cover the hackers’ digital tracks, the experts who discovered the breach said. The group pummelled the bot with more than 1,000 prompts to bypass the safeguards and convince Claude they were allowed to test the system for vulnerabilities.
AI companies have been trying to create unbreakable chains on their AI models to restrain them from helping do things such as generating child sexual content or aiding in sourcing and creating weapons. They hire entire teams to try to break their own chatbots before someone else does.
But in this case, hackers continuously prompted Claude in creative ways and were able to “jailbreak” the chatbot to assist them. When they encountered problems with Claude, the hackers used OpenAI’s ChatGPT for data analysis and to learn which credentials were required to move through the system undetected.
The group used AI to find and exploit vulnerabilities, bypass defences, create backdoors and analyze data along the way to gain control of the systems before they stole 195 million identities from nine Mexican government systems, including tax records, vehicle registration as well as birth and property details.
AI “doesn’t sleep,” Curtis Simpson, chief executive of Gambit Security, said in a blog post. “It collapses the cost of sophistication to near zero.”
“No amount of prevention investment would have made this attack impossible,” he said.
Anthropic did not respond to a request for comment. It told Bloomberg that it had banned the accounts involved and disrupted their activity after an investigation.
OpenAI said it is aware of the attack campaign carried out using Anthropic’s models against the Mexican government agencies.
“We also identified other attempts by the adversary to use our models for activities that violate our usage policies; our models refused to comply with these attempts,” an OpenAI spokesperson said in a statement. “We have banned the accounts used by this adversary and value the outreach from Gambit Security.”
Instances of generative AI-assisted hacking are on the rise, and the threat of cyberattacks from bots acting on their own is no longer science fiction. With AI doing their bidding, novices can cause damage in moments, while experienced hackers can launch many more sophisticated attacks with much less effort.
Earlier this year, Amazon discovered that a low-skilled hacker used commercially available AI to breach 600 firewalls. Another took control of thousands of DJI robot vacuums with help from Claude, and was able to access live video feed, audio and floor plans of strangers.
“The kinds of things we’re seeing today are only the early signs of the kinds of things that AIs will be able to do in a few years,” said Nikola Jurkovic, an expert working on reducing risks from advanced AI. “So we need to urgently prepare.”
Late last year, Anthropic warned that society has reached an “inflection point” in AI use in cybersecurity after disrupting what the company said was a Chinese state-sponsored espionage campaign that used Claude to infiltrate 30 global targets, including financial institutions and government agencies.
Generative AI also has been used to extort companies, create realistic online profiles by North Korean operatives to secure jobs in U.S. Fortune 500 companies, run romance scams and operate a network of Russian propaganda accounts.
Over the last few years, AI models have gone from being able to manage tasks lasting only a few seconds to today’s AI agents working autonomously for many hours. AI’s capability to complete long tasks is doubling every seven months.
“We just don’t actually know what is the upper limit of AI’s capability, because no one’s made benchmarks that are difficult enough so the AI can’t do them,” said Jurkovic, who works at METR, a nonprofit that measures AI system capabilities to cause catastrophic harm to society.
So far, the most common use of AI for hacking has been social engineering. Large language models are used to write convincing emails to dupe people out of their money, causing an eight-fold increase in complaints from older Americans as they lost $4.9 billion in online fraud in 2025.
“The messages used to elicit a click from the target can now be generated on a per-user basis more efficiently and with fewer tell-tale signs of phishing,” such as grammatical and spelling errors, said Cliff Neuman, an associate professor of computer science at USC.
AI companies have been responding using AI to detect attacks, audit code and patch vulnerabilities.
“Ultimately, the big imbalance stems from the need of the good-actors to be secure all the time, and of the bad-actors to be right only once,” Neuman said.
The stakes around AI are rising as it infiltrates every aspect of the economy. Many are concerned that there is insufficient understanding of how to ensure it cannot be misused by bad actors or nudged to go rogue.
Even those at the top of the industry have warned users about the potential misuse of AI.
Dario Amodei, the CEO of Anthropic, has long advocated that the AI systems being built are unpredictable and difficult to control. These AIs have shown behaviors as varied as deception and blackmail, to scheming and cheating by hacking software.
Still, major AI companies — OpenAI, Anthropic, xAI, and Google — signed contracts with the U.S. government to use their AIs in military operations.
This last week, the Pentagon directed federal agencies to phase out Claude after the company refused to back down on its demand that it wouldn’t allow its AI to be used for mass domestic surveillance and fully autonomous weapons.
“The AI systems of today are nowhere near reliable enough to make fully autonomous weapons,” Amodei told CBS News.
Dear Mr. Pelley:
I meant what I said in my letter last week to the 60 Minutes team: joining 60 Minutes is the honor of my career and I am grateful to be working alongside the people who have contributed to the most important television journalism brand this country has ever produced. While I’m new to 60 Minutes, I’ve devoted my career to investigative journalism and storytelling. I started this job excited to collaborate and to benefit from the wisdom and experience of the 60 Minutes veterans, with you among them. For that reason, one of the first things I did in my new role was call you to talk and invite you to dinner. It is a profound disappointment that you rejected that overture and chose ambush instead. Yesterday, you hijacked my first meeting with staff to disparage me, my qualifications, and my intentions with remarkable incivility and contempt. I welcome a diversity of viewpoints and respectful debate among the team, but this was nothing of the sort. Yesterday’s performative display of hostility enacted in front of the staff instead of in a civil, private conversation-demonstrated that you have no interest in contributing to the future success of the show, or approaching my new tenure with a mind open to collaboration and progress. I am here to deliver first-in-class news programming, not to make headlines about newsroom drama. I am eager to work alongside those who share this goal.
Despite yesterday’s misconduct, I had hoped that in sitting down with you today we could find a path forward together. You made clear that you are not interested in such a path.
Your antipathy to the future of the show has come through loud and clear. And I have heard you. I therefore write on behalf of CBS News, Inc. (“CBS”) to inform you that your employment with CBS is terminated for cause effective immediately. Enclosed is your formal termination letter.
Sincerely,
Nick Bilton
Executive Producer, 60 Minutes
The co-founder of Aspiration, Joseph Sanberg, was sentenced to 14 years in prison on Monday after defrauding investors and lenders of over $248 million.
The startup, an eco-friendly digital banking company boasting fossil fuel-free investments, carbon offsets for gas purchases, and a debit card with cash-back benefits for shopping at clean companies, was founded by Sanberg and Andrei Cherny. Cherny left the company in 2022 and has not been charged.
Sanberg, an Orange County native, pleaded guilty to wire fraud in October after being arrested in March last year. Aspiration subsequently filed for bankruptcy and liquidated all of its assets by July.
Sanberg and venture capitalist Ibrahim AlHusseini, who also faces charges, together forged a series of bank statements in order to obtain loans. From 2020 to 2021, the pair forged AlHusseini’s bank statements to show millions of dollars in assets in order to obtain millions of dollars from lenders.
Additionally, they forged a letter from their audit committee stating that $250 million in funds were available, when in reality Aspiration had less than $1 million. The amount of loans defrauded exceeded $248 million.
In 2021, Sanberg artificially inflated Aspiration’s 2021 revenue by $44 million by recruiting 27 fake customers to sign letters of intent pledging tens of thousands of dollars per month for tree planting services. Sanberg himself funded the contracts and used the inflated revenue numbers to obtain more loans.
The charges sparked an NBA investigation into salary cap allegations due to Aspiration’s connections with Clippers owner Steve Ballmer.
Ballmer personally invested $60 million in Aspiration, all of which was lost. He is now the target of a civil lawsuit alleging his participation in the scheme. Ballmer denies the allegations.
The team announced a $300-million sponsorship deal with Aspiration, and Clippers player Kawhi Leonard signed a four-year, $28-million marketing contract with the company, which reportedly performed no duties. The issue has raised concerns about how players are circumventing the NBA’s salary cap.
The team lost the $300-million sponsorship deal and an additional $20 million paid for carbon offset purchases.
Residents in the city of Monterey Park will be the first in the nation to vote on a permanent ban on data centers Tuesday.
If approved, Measure NDC would prohibit data centers within the city limits and could only be overturned by another vote.
Yard signs saying “No Data Center” in English and Chinese with images of dragons line sidewalks in the San Gabriel Valley city.
As a wave of data center opposition sweeps the country, numerous towns and counties across the U.S. have instituted temporary moratoria and other restrictions on the facilities. But only a handful have instituted indefinite bans, and just four other towns have sent related matters to the ballot.
Supporters are hoping the vote will set a precedent for the rest of the region, where residents are fighting proposals in Vernon and City of Industry.
“This is about as permanent a ban as we can get,” said Steven Kung, co-founder of the group No Data Center Monterey Park. “Winning Measure NDC would send a huge message to the rest of the San Gabriel Valley about how residents don’t want data centers.”
The ballot measure emerged from the fight against a 247,000-square-foot center proposed in 2024 by the Australian-owned investment firm HMC StratCap for a residential area in Monterey Park.
The facility would have sat less than 500 feet away from the nearest home and used three times the electricity of the 60,000-person, predominantly Asian American city.
While the developer touted the potential for jobs and tax revenue, residents expressed concerns about noise and air pollution, rising electricity rates and a potential to lower property values.
The company pulled its plans in late March following public outcry and a March 4 city council vote to extend a temporary data center moratorium and place a ban on Tuesday’s ballot.
In a letter to the city council, HMC StratCap said it would pursue a different use for the land and would not engage in a ballot measure fight.
The city council later banned data centers indefinitely, the first in California to do so, said Mayor Elizabeth Yang. But she’s still been out campaigning for the measure with all four other council members.
“If a council puts in an ordinance, a future council can reverse it too,” said Yang. “With the ballot measure, unbanning it is a lot harder because you need the entire city to vote on it.”
The measure proposes the ban “to protect air quality, drinking water resources, and public health” and “prevent impacts to electricity and water rates.”
While California places third in the country for existing data centers with about 300 facilities, it hasn’t been a hot spot in the recent AI-driven data center boom. High electricity rates, expensive land and regulatory hurdles mean that fewer, and smaller, facilities are currently planned than in Virginia, Texas, Georgia, Illinois or Arizona.
“Most of California’s data centers are small by today’s standards,” said Shaolei Ren, an engineering professor at UC Riverside who studies how to reduce the environmental impacts of data centers. “Ten years ago, they would be medium-sized, but the power demand for new AI data centers has increased a lot.”
The average operating data center demands 45 megawatts, according to the Washington Post, while the average planned one would draw 430 MW. The one proposed for Monterey Park would have required about 50 MW at peak demand.
As proposals crop up in SoCal, they’re met with fierce opposition. Montebello, El Monte and Baldwin Park have all enacted temporary moratoria, and Alhambra recently banned data centers as part of a zoning code update. City of Industry, Vernon, City of Commerce and Santa Fe Springs are moving in the other direction, trying to court developers and streamline data center approvals. Community groups are fighting that.
Outside the San Gabriel Valley, residents of Coachella and Imperial County are showing up in droves to protest local proposals.
Matthew Shaw, a volunteer with the Coalition for Responsible Data Center Development, who recently published a report on opposition to AI data centers, said a vote to ban them in Monterey Park “would lead to copycats, partially because so many groups are just opposed to any data center development at all.”
While there is no formal opposition to Measure NDC, some building trades like Ironworker Local 433 supported the Monterey Park data center when it was still live before city council. Those in the data center industry are lamenting the state of public opinion.
“These are multi-billion-dollar assets that are built by multi-trillion-dollar companies. These things will get done,” said Mehdi Paryavi, chairman of the International Data Center Authority. “My biggest problem is that our industry does not invest enough in community engagement.”
Paryavi said towns that seek to limit data centers are missing out on thousands of jobs generated by data center construction, operations and customers, as well as faster artificial intelligence speeds and better performance.
Kung said local community organizers are “looking at the empirical evidence” and seeing a ban as a win.
“We’ve never seen a city that embraces a data center and is like, ‘Look how our quality of life has increased, look how all the revenue has gone into citywide improvements,’” he said. “That just doesn’t exist.”
-
Los Angeles, Ca46 minutes agoCalifornia primary election results: governor and L.A. mayor races
-
Detroit, MI1 hour agoAnother bribery scandal hits Detroit. It involves the People Mover
-
San Francisco, CA1 hour agoWhat’s Worth More Than Cash in San Francisco Real Estate? Anthropic Stock
-
Dallas, TX1 hour agoDallas weighs $500 million‑plus repair plans as City Hall’s future comes up for debate
-
Miami, FL1 hour agoMiami biotech executive was followed into his condo by man who allegedly threw him from 25th floor
-
Boston, MA2 hours agoWhat a World Cup ‘fan zone’ is and what Boston fans can expect in 2026
-
Denver, CO2 hours agoDefensive lineman Jordan Miller has a tough battle to make the Broncos’ final 53-man roster
-
Seattle, WA2 hours agoVIDEO: Mayor Wilson proposes renewing, expanding Seattle Transit Measure by doubling the sales-tax percentage that funds it.
