Back to Home

McKinsey AI Vulnerability: Access to Data in Hours

Vulnerability in McKinsey Lilli AI platform allowed access to millions of documents and settings without authorization. Incident detected by autonomous tool via SQL injection. Risk analysis and enterprise-AI protection recommendations.

McKinsey AI Hack: Company Secrets at Risk
Advertisement 728x90

McKinsey AI Platform Vulnerability: Unauthorized Access to Confidential Data in Hours

An autonomous tool uncovered a critical vulnerability in McKinsey’s corporate AI system, Lilli, enabling access to millions of internal documents and AI configurations without authentication. The incident underscores the risks inherent in developing enterprise-grade artificial intelligence solutions.

Technical Details of the Breach

The Lilli system is designed to analyze internal documents, search archives, and process requests from McKinsey employees. Monthly, the platform handles over 500,000 requests from tens of thousands of users. An automated testing algorithm utilized open API documentation, identifying more than 200 endpoints. Several did not require authentication.

The core issue was a SQL injection vulnerability within the search query logging mechanism. While the system safely handled parameter values, field names were inserted directly into SQL commands. The algorithm analyzed service errors, identified the vulnerability pattern, and generated a functional query to extract data.

Google AdInline article slot

Scale of the Information Leak

Once initial access was gained, a path opened to a vast repository:

  • Tens of millions of messages from corporate chats;
  • Hundreds of thousands of files, including presentations, spreadsheets, and reports;
  • Account data for tens of thousands of employees.

All materials were stored in an unprotected format. Additionally, Lilli’s system settings defining AI logic were extracted: answer generation rules, access restrictions, and data processing methods. The vulnerability allowed not just reading, but modifying these parameters.

Potential Business Consequences

Altering AI instructions could lead to significant risks. The platform was capable of issuing distorted recommendations, disclosing confidential information, or bypassing security policies. Such manipulations occur at the configuration level without code modification, making detection difficult.

Google AdInline article slot

Standard security scanning tools failed to identify the issue, despite SQL injections being known since the 1990s. This points to gaps in development and testing processes for AI systems within major consulting firms.

Key Takeaways

  • A vulnerability in the Lilli API allowed access to millions of internal documents without a password;
  • AI behavior can be modified, leading to leaks or misinformation;
  • The incident was detected by an autonomous tool; standard scanners overlooked it;
  • Highlights the need for strict input validation in enterprise AI;
  • The risk is relevant for all companies utilizing internal AI assistants.

Context and Industry Significance

AI platforms like Lilli integrate massive volumes of corporate data, boosting productivity but expanding the attack surface. The root causes of the vulnerability lie in legacy approaches to request processing: direct embedding of parameters into SQL without parameterization. The consequences extend beyond McKinsey—competitors like BCG or Bain face similar risks where AI is used for client data analysis.

Industry Impact: Increased investment in secure-by-design AI. According to cybersecurity reports, 70% of enterprise incidents are linked to API vulnerabilities. Regulators, including the EU with its AI Act, are tightening requirements for model transparency. Companies are forced to implement multi-layered protection: parameterized queries, least-privilege access, and regular AI configuration audits.

Google AdInline article slot

— Editorial Team

Advertisement 728x90

Read Next