OPENAI and Anthropic LLMs were used as part of a cyber-attack which targeted a municipal water and drainage utility provider in Mexico, according to Dragos. A “significant compromise” of the water infrastructure provider’s IT environment escalated into an attempted attack against the organisation’s operational infrastructure (OT), the Dragos report published on May 6 warns. The research suggested that attackers used Anthropic’s Claude AI and OpenAI’s GPT models to aid with planning and conducting the campaign.
The cyber-attack against the water facility in the Monterrey metropolitan area of Mexico took place between December 2025 and February 2026, with Dragos analysing 350 artifacts, most of which were AI-generated malicious scripts used as offensive tooling. Attribution remains unclear, with no named threat actor publicly identified.