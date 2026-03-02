Sign up to see the future, today Can’t-miss innovations from the bleeding edge of science and tech Email address Sign Up Thank you!

It’s no secret that AI models have come a long way, from tools that can complete high school students’ homework to “vibe coding” assistants that can build entire apps in a fraction of the time it would take for human developers.

But besides cheating at school and terrifying employees who fear they’re about to be laid off, AI can also be used for evil. “Vibe hacking,” the evil twin of “vibe coding,” has quickly turned into a cybersecurity nightmare, with AI systems topping several hacking-related bug bounty leaderboards.

Case in point, just last week, a hacker used a jailbroken version of Anthropic’s Claude chatbot to find vulnerabilities in Mexican government networks and successfully automate the theft of highly sensitive taxpayer and voter records, as Bloomberg reports. With the help of AI, the hacker stole 150 gigabytes of government data related to 195 million taxpayers.

In a report about the latest hack in Mexico, cybersecurity startup Gambit Security said the perpetrator likely wasn’t associated with any specific group or foreign adversary government. Researchers also told Bloomberg that they found at least 20 specific vulnerabilities being exploited. In other words, AI means the barrier to entry for real-deal hacking has never been lower.

Last month, Amazon’s security research team revealed that hackers — or perhaps just one — had broken into more than 600 firewall systems across dozens of countries while armed with commercially available AI tools, overpowering weak security measures, and extracting credential databases, and possibly setting the stage for future ransomware deployment.

“It’s like an AI-powered assembly line for cybercrime, helping less skilled workers produce at scale,” said Amazon security engineering and operations lead CJ Moses in a statement.

The exploits are part of a much broader trend, as AI supercharges cybersecurity attacks, from deepfake footage luring victims into phishing traps to AI-enabled password cracking.

A new report by IBM found that there was a 44 percent year-over-year increase in the “exploitation of public-facing software or system applications” and a nearly 50 percent uptick in “active ransomware groups.”

“Attackers aren’t reinventing playbooks, they’re speeding them up with AI,” said IBM global managing partner for cybersecurity services Mark Hughes in a statement. “The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed.”

Google security researchers also noted in a report earlier this year that a “pitched battle” between threat actors accessing the “same classes of powerful AI models and automated processes as their targets” is about to “change in significant and unpredictable ways.”

“If [AI is] weaponized in a ransomware toolkit and sold on the underground, the rates of incidents may increase,” said Google vice president of security engineering Heather Adkins in a statement. “But if it’s closely held by a threat actor with really specific targeting, we may not even be able to tell that there’s a fully automated platform on the other end. We may only know when it’s physically in someone’s hand.”

