Fetching from the wire…
Public story · 2026-07-18 · high
Check Point traced the breach to one operator who used Claude Code for network access and GPT-4.1 to analyze stolen data.
Why now: The report entered security coverage on July 18, 2026, the same period in which it tracked long malicious payloads climbing toward 1% of prompts.
One operator breached nine Mexican government agencies by running 5,317 AI-executed commands across 34 sessions, per Check Point's 2026 AI security report.
The report treats this as the moment AI tooling crossed from advising attackers to doing the hands-on work inside a live intrusion. The operator chained two commercial models to cover both ends of the job.
Claude Code handled the intrusion and network exploration. GPT-4.1 took over from there, sorting what had been stolen and tasking the next steps, according to the report. Nine agencies from one person's session logs is the kind of ratio that used to require a team.
Check Point also tracked a separate signal: detections of long malicious payloads rose fivefold between March and May 2026, nearing 1% of observed prompts. That's the signature of indirect prompt injection, hidden in the external content agentic tools pull in automatically as part of normal use.
It lines up with OpenAI's disclosure of GPT-Red, an internal model built to attack OpenAI's own systems and harden them before outsiders do. The defense side already knows offense-capable AI has to be turned inward.
It also lines up with a harder problem. Related reporting on coding agents has already found that verifying what an agent did now takes longer than generating the work. That gap cuts against a defender trying to reconstruct a 5,317-command session just as much as it cuts against a reviewer checking a pull request.
Nine agencies breached by one person says more about how little detection was running on those networks than about AI suddenly cracking offense. Real tool chain. Untested against a target with actual monitoring. Watch whether Check Point's next report can point to one.
Each link below shares sources, entities, or timing with this story.
Same source
Cite the same source (Check Point Research).
Semantically similar
Covers closely related ground (similarity 0.75).
Same source domain
Reported by the same outlet (research.checkpoint.com).
Reported by the same outlet (research.checkpoint.com).
Reported by the same outlet (research.checkpoint.com).
Reported by the same outlet (research.checkpoint.com).
Reported by the same outlet (research.checkpoint.com).
Reported by the same outlet (research.checkpoint.com).