Krux
March 15, 2026
An AI Agent Hacked McKinsey's Chatbot in Days
Published: March 15, 2026 at 12:31 AM
Updated: March 15, 2026 at 12:31 AM
100-word summary
CodeWall's autonomous red-team agent broke into McKinsey's internal Lilli platform in late February, exposing 46.5 million chat messages and 728,000 client files. The attacker found 22 unauthenticated API endpoints and chained SQL injection bugs to take over production in under a week. McKinsey patched within hours and says no client data was actually accessed, but the incident earned a 9.8 severity score. The real story: AI agents can now hunt vulnerabilities at machine speed. A human pentester might spend weeks mapping API surfaces; this bot did it in days, automatically chaining exploits most firms wouldn't catch until a breach. Your internal AI tools just became someone else's attack surface.
What happened
CodeWall's autonomous red-team agent broke into McKinsey's internal Lilli platform in late February, exposing 46.5 million chat messages and 728,000 client files. The attacker found 22 unauthenticated API endpoints and chained SQL injection bugs to take over production in under a week. McKinsey patched within hours and says no client data was actually accessed, but the incident earned a 9.8 severity score. The real story: AI agents can now hunt vulnerabilities at machine speed. A human pentester might spend weeks mapping API surfaces; this bot did it in days, automatically chaining exploits most firms wouldn't catch until a breach.
Why it matters
Your internal AI tools just became someone else's attack surface.