{"id":241214,"date":"2026-05-07T10:00:00","date_gmt":"2026-05-07T14:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/07\/openai-and-anthropic-llms-used-in-critical-infrastructure-cyber-attack\/"},"modified":"2026-05-07T16:30:09","modified_gmt":"2026-05-07T20:30:09","slug":"openai-and-anthropic-llms-used-in-critical-infrastructure-cyber-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/07\/openai-and-anthropic-llms-used-in-critical-infrastructure-cyber-attack\/","title":{"rendered":"OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/llm-critical-infrastructure\/\">OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/llm-critical-infrastructure\/\">https:\/\/www.infosecurity-magazine.com\/news\/llm-critical-infrastructure\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-07 10:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Commercial large language models (LLMs) were used as part of a cyber-attack which targeted a municipal water and drainage utility provider in Mexico, cybersecurity researchers at Dragos have warned.<\/p>\n<p>A \u201csignificant compromise\u201d of the water infrastructure providers\u2019 IT environment escalated into an attempted attack against the organization\u2019s operational infrastructure (OT), said a Dragos report, published on May 6.<\/p>\n<p>The research suggested that attackers used Anthropic\u2019s Claude AI and OpenAI\u2019s GPT models to aid with planning and conducting the campaign.<\/p>\n<p>The cyber-attack against the water facility in the Monterrey metropolitan area of Mexico took place between December 2025 and February 2026.<\/p>\n<p>Dragos analyzed 350 artifacts associated with the attack, most of which were AI-generated malicious scripts used as offensive tooling during the intrusions. They found that the adversary leveraged commercially available tools to aid with the campaign.<\/p>\n<p>Attribution remains unclear, with no named threat actor publicly identified.<\/p>\n<h2><strong>AI Exploited to Operate Attack Faster<\/strong><\/h2>\n<p>Anthropic\u2019s Claude AI was used to as \u201cthe primary technical executor of the intrusion\u201d and handled prompt-and-response interactions, intrusion planning and the development and deployment of malicious tools.<\/p>\n<p>Meanwhile, OpenAI\u2019s GPT models were used for what Dragos described as \u201canalytical roles,\u201d as well as processing collected data and generating outputs in Spanish.<\/p>\n<p>The AI models were deployed to help the campaign operate faster and more efficiently and allowed the attackers to refine their techniques in real-time, based on what was working and what was not.<\/p>\n<p>According to Dragos, Claude was also deployed to analyse vendor documentation around the SCADA systems at the water facility and was even used to generate lists of default and known login credentials for brute force attacks against the systems.<\/p>\n<p>While a breach of the OT system was ultimately unsuccessful, Dragos pointed out that&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/llm-critical-infrastructure\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack https:\/\/www.infosecurity-magazine.com\/news\/llm-critical-infrastructure\/ Publish Date: 2026-05-07 10:00:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":241215,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/68dd414d-b049-4bb6-a1af-a9f0ea1397ae.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,17,34],"class_list":["post-241214","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-llm","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241214"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=241214"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241214\/revisions"}],"predecessor-version":[{"id":241216,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241214\/revisions\/241216"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/241215"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=241214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=241214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=241214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}