Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

News > Attacks & Threats > Autonomous Agent Hacked McKinsey's AI in 2 Hours

Autonomous Agent Hacked McKinsey's AI in 2 Hours

16 Mar 2026
Written by Gabi Gerber
Attacks & Threats

Featured

Artificial Intelligence, Hacking Topics, Security Operation Center

A cybersecurity startup says its artificial intelligence agent needed just two hours to break into McKinsey & Company's proprietary generative AI platform, accessing millions of staff messages and thousands of files.

CodeWall published findings earlier this week, disclosing that it also could have rewritten the chatbot's core instructions after its agent exploited a SQL injection flaw.

The startup said its agent gained full read and write access to the production database underpinning McKinsey's AI platform Lilli, an internal platform the high-priced consultancy says could "rewire the way we operate." Roughly three quarters of the firm's more than 40,000 employees use it for strategy work, client research and document analysis. Read more...

Similar Stories

Attacks & Threats

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. More...
Attackers Target Backup Storage to Force Ransom Payment

Object First's Cusimano on Why Backup Storage Is Now a Prime Ransomware Target More...
Critical Flaw in Langflow AI Platform Under Attack

Threats actors pounced on the code injection vulnerability within hours of its disclosure, demonstrating that organizati… More...
Attackers Hide Infostealer in Copyright Infringement Notices

More...
Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish

In an unsuccessful phishing attack, threat actors leveraged trusted brands and domains to try to redirect a C-suite exec… More...

Have your say

 

News Categories

Attacks & Threats

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. More...
Attackers Target Backup Storage to Force Ransom Payment

Object First's Cusimano on Why Backup Storage Is Now a Prime Ransomware Target More...
Why a ‘Near-Miss’ Database Is Key to Improving Information Sharing

RSAC 2026 CONFERENCE — San Francisco — When people talk about transparency in cybersecurity, they are usually referring … More...
Critical Flaw in Langflow AI Platform Under Attack

Threats actors pounced on the code injection vulnerability within hours of its disclosure, demonstrating that organizati… More...
Attackers Hide Infostealer in Copyright Infringement Notices

More...

Show more
image

Contact Us

Security Interest Group Switzerland
c/o Bridge Head AG
Sulzbergstrasse 34
5430 Wettingen
Switzerland

Quick Links

Terms
Contact Us
Privacy Policy
Newsletter

Follow Us

This website is powered by
ToucanTech