"The floor doesn't exist" is what Konstantin Tkachuk titled his documented account of breaching Mexican government systems using Claude as his primary AI tool, working alone. The title is also the thesis: the minimum technical skill required to execute a serious government-level intrusion has dropped below what most security teams are prepared to handle.
Tkachuk exfiltrated 150 gigabytes of data. One person. No team. No specialized infrastructure - just a commercial AI subscription and the knowledge to direct it.
What AI Tools Change About Attack Capability
Offensive security has traditionally required deep, specialized knowledge: how to enumerate systems, how to move through networks, how to write custom exploit code, how to maintain access without triggering defenses. These skills take years to develop and are rare. That scarcity kept the pool of capable attackers relatively small.
AI assistants change the math. An attacker who understands the goal but lacks depth in a specific area - say, scripting a particular type of network scan, or understanding what a specific error message signals - can now get working guidance in seconds. Claude can write code, explain concepts, debug output, and suggest next steps across a wide range of technical domains. For an attacker who knows enough to ask the right questions, this is a meaningful capability multiplier.
The guardrails Anthropic builds into Claude are real, but they're designed around obvious, explicit requests. Working through a multi-step intrusion using technical framing - the way a security researcher legitimately would - is a harder problem to guard against. Tkachuk's breach demonstrates that the current guardrails don't prevent a determined, skilled individual from using Claude to do serious damage.
What 150 GB Means
Volume matters here. 150 gigabytes is not a handful of files from an exposed storage bucket. It requires persistent access - getting in and staying in long enough to systematically identify and move substantial data. That's not a smash-and-grab; it's a deliberate operation that requires the attacker to maintain access, avoid detection, and move data out without triggering network alerts.
That one person accomplished this with AI assistance forces a specific update to most organizations' threat models. The attacker who used to require nation-state resources or specialized criminal expertise to execute this kind of operation now needs a Claude subscription and sufficient baseline knowledge to use it.
Security teams running red team exercises should revisit the assumed skill ceiling for solo actors. The question isn't whether your defenses stop an expert - it's whether they stop someone who is considerably less expert but has AI that can fill in the gaps.