2026-03
Data Leakage
McKinsey & Company

Autonomous AI agent breached McKinsey's Lilli platform in two hours

What happened

Security startup CodeWall pointed an autonomous offensive AI agent at the internet and let it pick a target — it selected McKinsey's internal AI platform Lilli. With no credentials or human steering, the agent found an unauthenticated search API and exploited a blind SQL injection where JSON key names were concatenated directly into queries. Over roughly fifteen iterations it gained full read-write access to the production database.

Impact

The agent reached 46.5 million chat messages, 728,000 files, 57,000 user accounts, and 95 system prompts; disclosed publicly 2026-03-09 and patched within a day.

How this could have been prevented

Authenticating every API endpoint and parameterizing field identifiers, not just values, would have blocked the injection the agent chained into full database access.

Sources

More data leakage incidents

Would runtime governance have caught this?

Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.

Request a demo