A cybersecurity investigation uncovered a Russian threat actor who used Anthropic’s Claude in combination with an open-source hacking framework, HexStrike AI, to systematically target hotel booking and property management software companies, exposing millions of guest records. The discovery was made by researchers at Cybernews on April 16, 2026, after the attacker left his own server publicly accessible. The attacker bypassed Claude’s safety guardrails by framing malicious activity as authorized penetration testing. Claude configuration files on the exposed server contained the attacker’s personal email address, which the Cybernews research team used to confirm the threat actor is a Russian citizen. The server also held at least 50 penetration test reports generated during the campaign.