McKinsey & Company has urgently patched a vulnerability in its internal artificial intelligence system after hackers gained access to millions of the consulting firm's internal chat messages and were able to identify sensitive files.
Cybersecurity firm CodeWall reported this week that it had infiltrated Lilli—an AI platform used by McKinsey's 40,000 employees—and within two hours located millions of files and communication records.
CodeWall stated that it obtained access to 46.5 million chat messages within the system. McKinsey employees use the platform to develop strategies, analyze data, and create project plans and presentations for clients.
The breach highlights the risks accompanying the rapid adoption of AI and could potentially embarrass McKinsey, as the firm markets AI-related advisory services to blue-chip companies. McKinsey has promoted its AI tools as evidence that it is at the forefront of adopting the technology.
CodeWall specializes in identifying cybersecurity weaknesses in corporate systems so that companies can address them. The firm stated that it carried out the intrusion using its own AI agent. "Within two hours, the AI agent obtained full read and write access to the entire production database," CodeWall noted on its website.
The company also claimed access to a list containing 728,000 "sensitive" file names, including Excel spreadsheets, PowerPoint presentations, and Word documents. A person close to McKinsey said the actual files were stored elsewhere and were "never at risk."
CodeWall—whose founder Paul Price describes himself as the company's sole employee—focuses on firms like McKinsey that have published guidelines on how ethical hackers should probe their systems for cybersecurity flaws.
In this instance, CodeWall reported that its AI agent automatically ceased attempts to access files upon discovering security issues and reported them.
The cybersecurity firm said it gained access to 57,000 user accounts, 384,000 AI assistants, and 94,000 workspaces, revealing what it described as "the complete organizational structure of how McKinsey uses AI internally," as well as "the crown jewels of McKinsey's knowledge."
CodeWall also indicated that during the breach, Lilli’s system prompts and AI model configurations were fully exposed, "revealing the specific behavioral instructions of this AI system and what security protections were in place."
A source close to McKinsey stated that the firm’s security team was informed of CodeWall’s findings in late February. The person added that McKinsey fixed the identified vulnerabilities within hours and shut down its development environment, an online area used for testing code.
CodeWall claimed its AI agent proactively selected McKinsey as a target. "In the AI era, the threat landscape is changing dramatically—AI agents autonomously choosing and attacking targets will become the new normal," the company said.
McKinsey confirmed that "a security researcher recently reported a vulnerability related to our internal AI tool, Lilli. We quickly verified the issue and resolved it within hours."
The firm added, "Our investigation, supported by a leading third-party forensics firm, found no evidence that client data or confidential client information was accessed by the researcher or any other unauthorized party."
"McKinsey’s cybersecurity systems are robust, and there is no higher priority for us than protecting the client data and information entrusted to us."
McKinsey noted that consulting work related to AI and associated technologies accounted for 40% of its revenue last year. The company’s CEO also stated this year that it has built 25,000 AI agents to support its 40,000 employees.