AI agent hacked McKinsey chatbot for read-write access • The Register

Staff Editor 2026-03-09
AI agent hacked McKinsey chatbot for read-write access • The Register

AI agent hacked McKinsey chatbot for read-write access • The Register

https://www.theregister.com/2026/03/09/mckinsey_ai_chatbot_hacked/

Publish Date: 2026-03-09 18:22:00

Source Domain: www.theregister.com

Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey’s internal AI platform and gained full read and write access to the chatbot in just two hours.

It’s yet another indicator that agentic AI is becoming a more effective tool for conducting cyberattacks, including those against other AI systems.

This attack wasn’t conducted with malicious intent. However, threat hunters tell us that miscreants are increasingly using agents in real-world attacks, indicating that machine-speed intrusions aren’t going away.

McKinsey, a mega-management consultancy that specializes in gnarly strategy work for huge corporations and governments, rolled out its generative AI platform called Lilli in July 2023. According to the company, 72 percent of its employees – that’s upwards of 40,000 people – now use the chatbot, which processes more than 500,000 prompts every month.

CodeWall uses AI agents to continuously attack customers’ infrastructure, to help them improve their security posture. According to the startup, its own security agent suggested targeting McKinsey, citing the consulting company’s public responsible disclosure policy and recent updates to Lilli.

“So we decided to point our autonomous offensive agent at it,” the researchers wrote in a Monday blog, noting that the agent didn’t have access to any credentials for McKinsey’s assets.

CodeWall’s researchers claim that within two hours of starting their red team raid, they achieved full read and write access to the entire production database and were able to access 46.5 million chat messages about strategy, mergers and acquisitions, and client engagements, all in plaintext, along with 728,000 files containing confidential client data, 57,000 user accounts, and 95 system prompts controlling the AI’s behavior. These prompts were all…

Source

More Stories

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Staff Editor 2026-06-06
Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Staff Editor 2026-06-06
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy