How We Hacked McKinsey's AI Platform

CodeWall's autonomous AI agent successfully exploited an unauthenticated SQL injection vulnerability in McKinsey's internal AI platform, Lilli, gaining full read and write access to its production database within two hours. This compromise exposed over 46.5 million chat messages, 728,000 sensitive files, and McKinsey's entire proprietary RAG knowledge base.