Researchers at red-team security startup Codewall said they used the company's AI agent to hack McKinsey's internal AI platform in 2 hours and gain read and write access to the entire chatbot, The Register reported on March 9.

McKinsey launched its generative AI platform, Lilli, in July 2023. Some 72 percent of employees, about 40,000 people, use Lilli, and monthly processed prompts exceed 500,000.

Codewall provides a service that continuously attacks clients' infrastructure with AI agents to find security vulnerabilities. The Register reported that the Codewall agent cited McKinsey's responsible disclosure policy and a recent Lilli update, proposed targeting McKinsey, then began the attack without permission to access McKinsey assets and secured full permissions for the entire production database within 2 hours.

The data obtained included 46.5 million conversations related to strategy, mergers and acquisitions and client work, 728,000 confidential client data files, 57,000 user accounts and 95 prompts for an AI behavior control system. Write access was also open to system prompts, leaving attackers able to poison all of Lilli's responses.

McKinsey patched all vulnerabilities within hours after being notified by Codewall. It said there was no evidence of unauthorised access to client data. Paul Price (폴 프라이스), Codewall's chief executive officer, warned that hackers could use the technology in the same way to steal data or plant ransomware.