A security experiment in early 2026 demonstrated how an exposed configuration around McKinsey's internal AI platform, known as Lilli, could allow unauthorized access to the data behind it. According to a report on the incident, a security startup conducting a red-team exercise used an autonomous offensive agent that located exposed API documentation tied to the Lilli platform and gained read and write access to the production database supporting the chatbot within roughly two hours.
The platform handles internal queries that can touch sensitive subject matter, and the report indicated the accessible conversations included topics such as corporate strategy, mergers and acquisitions, and client engagements. The exercise was a controlled test rather than a malicious breach, but it illustrated how quickly an automated attacker could move from a misconfiguration to full database access on a widely used enterprise AI tool.
The case adds to a series of documented incidents in which AI systems and the infrastructure around them became points of data exposure. Separately, researchers reported that an AI chat application left a database exposed that contained hundreds of millions of messages tied to millions of users. Security specialists note that AI platforms often connect to large stores of organizational data, which raises the stakes when access controls, API documentation, or database permissions are misconfigured. The findings have prompted calls for tighter review of how enterprise AI deployments are secured.
Source: PointGuard AI -- https://www.pointguardai.com/ai-security-incidents/mckinsey-ai-chatbot-breach-exposes-millions-of-internal-messages