Security researchers demonstrated in March 2026 that an autonomous AI agent could break into McKinsey internal generative AI platform, known as Lilli, in under two hours. The demonstration gained read and write access to millions of internal chatbot messages along with sensitive file records, exposing the kind of proprietary information a global consulting firm handles for clients.
The incident centered on weaknesses in how access to the AI platform was controlled. Once the agent obtained entry, it could both read stored conversations and write to the system, a level of access that researchers said illustrated the risk of deploying internal AI tools without rigorous safeguards. The findings were presented as a controlled security demonstration rather than a criminal breach, but the exposure of millions of messages underscored the scale of data concentrated inside enterprise AI systems.
The case fits a broader pattern of AI platforms becoming high-value targets. As organizations centralize knowledge, client material, and internal communications inside generative AI assistants, those systems accumulate large volumes of sensitive data in one place. A single access control failure can therefore expose far more information than a breach of a conventional application.
Security specialists noted that the speed of the demonstrated breach, roughly two hours, highlighted how quickly an automated attacker can move once it identifies a gap. The episode added to growing attention on AI governance and access management as enterprises expand internal deployments of generative tools across consulting, finance, and other data-intensive industries.
Source: PointGuard AI -- https://www.pointguardai.com/ai-security-incidents/mckinsey-ai-chatbot-breach-exposes-millions-of-internal-messages