AI Vs AI: Agent Hacked McKinsey's Chatbot And Gained Full Read-Write Access In Just Two Hour
The Register, Monday, March 9th, 2026
Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours.
It's yet another indicator that agentic AI is becoming a more effective tool for conducting cyberattacks, including those against other AI systems.
This attack wasn't conducted with malicious intent. However, threat hunters tell us that miscreants are increasingly using agents in real-world attacks, indicating that machine-speed intrusions aren't going away.
McKinsey, a mega-management consultancy that specializes in gnarly strategy work for huge corporations and governments, rolled out its generative AI platform called Lilli in July 2023. According to the company, 72 percent of its employees - that's upwards of 40,000 people - now use the chatbot, which processes more than 500,000 prompts every month.