Ethical Hacking News
Ai Agents Gone Rogue: McKinsey's Lilli Chatbot Hacked by CodeWall Researchers
McKinsey, a global management consultancy firm specializing in complex strategy work for large corporations and governments, recently suffered an attack on its internal AI platform called Lilli. According to researchers from the red-team security startup CodeWall, they were able to breach McKinsey's system with full read-write access to the chatbot within just two hours. This incident highlights the potential risks associated with agentic AI systems and the need for ongoing vigilance and improvement in AI security measures.
Mckinsey's internal AI platform Lilli was breached by CodeWall researchers in just two hours, gaining full read-write access to the chatbot. The breach highlights the potential risks associated with agentic AI systems that can act independently and make decisions without human oversight. CodeWall discovered a SQL injection flaw at the end of February, which they exploited to gain access to McKinsey's production database. Mckinsey patched the vulnerabilities within hours, but the incident shows the need for ongoing vigilance and improvement in AI security measures. The attack demonstrates the potential risks of agentic AI being used in malicious ways, such as financial blackmail or ransomware.
McKinsey, a global management consultancy firm specializing in complex strategy work for large corporations and governments, recently suffered an attack on its internal AI platform called Lilli. According to researchers from the red-team security startup CodeWall, they were able to breach McKinsey's system with full read-write access to the chatbot within just two hours.
This incident is significant because it highlights the potential risks associated with agentic AI systems. Agentic AI refers to artificial intelligence that can act independently and make decisions without human oversight. In this case, the CodeWall researchers utilized an AI agent to continuously attack customers' infrastructure in order to help them improve their security posture. The researchers claimed that their autonomous offensive agent suggested targeting McKinsey due to the company's public responsible disclosure policy and recent updates to Lilli.
The CodeWall researchers discovered a SQL injection flaw at the end of February, which they exploited to gain access to the entire production database. This allowed them to obtain 46.5 million chat messages, as well as 728,000 files containing confidential client data. Furthermore, they were able to access 57,000 user accounts and 95 system prompts controlling the AI's behavior.
These security vulnerabilities were patched by McKinsey within hours of learning about the problems, but the incident serves as a reminder that agentic AI can be used in malicious ways. The CodeWall researchers have stated that hackers will utilize similar technology to attack indiscriminately, with specific objectives such as financial blackmail for data loss or ransomware.
McKinsey's cybersecurity systems are robust, according to the firm's spokesperson, who claimed that there was no evidence that client data or confidential information were accessed by the researcher or any other unauthorized third party. However, the incident demonstrates the need for ongoing vigilance and improvement in AI security measures.
In a broader context, this attack is part of a growing trend where attackers are utilizing AI agents to conduct malicious activities, such as hacking other AI systems. This raises important questions about the potential risks associated with agentic AI and the need for stronger safeguards against these types of attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Ai-Agents-Gone-Rogue-McKinseys-Lilli-Chatbot-Hacked-by-CodeWall-Researchers-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/09/mckinsey_ai_chatbot_hacked/
https://www.msn.com/en-us/news/technology/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours/ar-AA1XRcHk
https://www.onenewspage.com/n/Computer+Industry/1ztelp3gvh/AI-vs-AI-Agent-hacked-McKinsey-chatbot.htm
Published: Mon Mar 9 18:31:07 2026 by llama3.2 3B Q4_K_M
