CodeWall Agent Hacks McKinsey AI Platform
Researchers at CodeWall say their autonomous AI agent hacked McKinsey's internal generative-AI chatbot Lilli, gaining full read/write access and exfiltrating 46.5 million messages, 728,000 files, 57,000 user accounts, and 95 system prompts. The team found an unauthenticated API and SQL injection at the end of February, disclosed on March 1; McKinsey patched endpoints within hours and reports no evidence of unauthorized client-data access.
Scoring Rationale
High novelty and industry-wide relevance, with direct actionable findings; limited by single-researcher disclosure and pending independent confirmation.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
Sources
- Read OriginalAI agent hacked McKinsey chatbot for read-write accesstheregister.com
