Between December 2025 and February 2026, one person used two consumer AI subscriptions to breach nine Mexican government agencies, steal about 150GB of sensitive data, and expose roughly 195 million taxpayer records. No malware team. No nation-state. No custom infrastructure. A single operator, a Claude account, a ChatGPT account, and about six weeks. The forensic detail matters because it rewrites the threat model every business running AI agents is operating under. Gambit Security’s investigation logged 1,088 attacker prompts that generated 5,317 AI-executed commands across 34 sessions , with Claude producing about 75% of the remote commands. The underlying vulnerabilities were conventional, the kind any patch cycle could have closed. What was new was the speed and the operator. That’s what this article is about.…