A Utility Intrusion Offers a New Look at AI-Assisted Threats

Cybersecurity researchers are raising new concerns about the role of generative AI in attacks on critical infrastructure after a municipal water and drainage utility in Monterrey, Mexico, became part of a broader government-targeting cyber campaign earlier this year.

According to a new report from Dragos, the attackers relied heavily on Anthropic’s Claude AI, alongside OpenAI’s GPT models, to help plan intrusions, generate tooling, and analyze internal systems during the operation.

While the attackers ultimately failed to gain access to operational technology (OT) systems tied to the utility’s infrastructure, researchers say the incident stands out because of how naturally AI became embedded in the attackers’ workflow. Rather than operating autonomously, the models acted more like highly capable assistants, accelerating reconnaissance, scripting, and decision-making in ways that reduced the time and expertise traditionally required for these kinds of operations.

Why It Matters: The incident is one of the clearest real-world examples yet of how commercially available AI models can support cyber operations targeting critical infrastructure. For defenders, the concern is less about “AI launching attacks on its own” and more about how these systems can help threat actors move faster, identify valuable systems more easily, and adapt during an intrusion.

• Claude identified an industrial management interface during routine reconnaissance: One of the more notable findings in the Dragos report was that Claude independently flagged a vNode SCADA and IIoT management interface as a potentially valuable target while analyzing the utility’s internal network. Researchers said the attackers had not specifically instructed the model to search for OT systems, making the discovery especially significant from an industrial security perspective.

• AI-generated tooling became a major force multiplier for the attackers: Investigators recovered a sprawling Python framework, more than 17,000 lines long, that Claude continuously refined throughout the intrusion. The toolkit combined credential harvesting, Active Directory reconnaissance, database access, and privilege escalation capabilities into a single workflow, dramatically speeding up what would normally require substantial manual effort.

• The attempted OT intrusion never succeeded: After identifying the vNode interface, the attackers attempted password-spraying attacks based on credentials and naming patterns assembled with AI assistance. Those attempts failed, and Dragos said there was no evidence that the attackers gained operational visibility into the utility’s industrial systems or control environment.

• Researchers say the bigger shift is accessibility, not autonomy: Dragos emphasized that this was not an example of fully autonomous AI conducting cyberattacks independently. Human operators remained in control throughout the campaign. Still, the report suggests AI is beginning to lower technical barriers and expand what less specialized attackers can accomplish against enterprise and industrial environments alike.

• The campaign stretched beyond a single utility: The water utility intrusion was part of a larger operation targeting multiple Mexican government organizations between late 2025 and early 2026. Researchers have not attributed the activity to any known threat group, though the attackers consistently used Spanish throughout prompts, tooling, and operational workflows.

Go Deeper -> Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion – SecurityWeek

Hackers Used Claude AI to Attack on Water and Drainage Utility Systems – Cyber Security News