AI Agent Breached McKinsey's Lilli Chatbot in Two Hours — 46M Messages Exposed
Two hours. That’s how long it took an autonomous AI agent to crack open McKinsey’s internal AI assistant and walk out with 46 million chat messages, 728,000 confidential client files, and 57,000 user account records — all in plaintext. The breach wasn’t carried out by a human hacker manually probing endpoints. It was executed by an offensive AI agent deployed by CodeWall, a red-team security startup, as part of an authorized penetration test. The agent operated autonomously: it selected the target, identified the attack surface, and executed the breach without human intervention beyond the initial launch. ...