Cybersecurity firm Dragos, working with Gambit Security, has reported a 2025-2026 intrusion campaign against multiple Mexican government organizations, including a municipal water and drainage utility serving the Monterrey metropolitan region. The unidentified threat actor used Anthropic’s Claude and OpenAI’s GPT models to support reconnaissance, tool development, credential attacks and lateral movement within compromised IT systems. Industry voices framed this as a broader warning that generative AI is sharply lowering the barrier to entry for attacking critical infrastructure, enabling actors with little prior expertise to mount sophisticated campaigns within weeks
According to the report, the attackers leveraged AI-generated scripts and automation to identify a SCADA and industrial gateway platform connected to the utility's operational environment, and Claude independently recognized the OT-adjacent system as a potentially critical target and attempted to identify access pathways between enterprise IT and water infrastructure systems. The AI models did not invent novel ICS attack techniques but significantly accelerated the use of publicly available offensive methods, with attackers producing and refining tooling in near real time — including a 17,000-line Python post-compromise framework for credential harvesting, Active Directory interrogation, and lateral movement. The breach of the OT environment itself was ultimately unsuccessful, and Dragos found no evidence that operational systems were compromised
Dragos argues the incident shows how AI-assisted intrusions can dramatically compress the time between an enterprise IT compromise and attempts to pivot into industrial infrastructure. The firm urged utilities to reinforce foundational controls — network segmentation, strong authentication, OT network visibility, and monitoring of east-west traffic inside control systems — and pointed to the SANS Five Critical Controls for ICS Cybersecurity as a reference framework. The broader takeaway is that water utilities and other critical infrastructure operators should expect more automated, AI-accelerated threats and invest in defensive AI capabilities to keep pace.