Amid the rush to implement digital technology over the last decade, firms have regularly been cautioned against rushing out products that leave weaknesses cyber-attackers can exploit. Showing that the AI age may be little different, McKinsey & Company has reportedly seen its own internal chatbot – released three years ago – hacked, in a move which could potentially have exposed millions of the firm’s private conversations.
The prestige around strategy firms – particularly the three largest, known as the MBB – suggests that the high-level work that the firms undertake for top companies and governments quickly gives their staff a head-start, when it comes to an overview of the markets they are dealing with. At the same time, it gives them insight and experience in having to make crunch-decisions geared towards pleasing shareholders.
It is on this reputation that McKinsey & Company has secured its unofficial title of the world’s leading ‘CEO factory’. Recent research by OnDeck calculated that 7.1% of McKinsey’s former employees had graduated into the role of CEO at other firms, while there was also a growing list of government leaders that had the firm somewhere on their CV.
Partially this is born of a craving for stability among shareholders. Centralising the CEO factory around several consulting firms – with McKinsey at the centre – has the potential to deliver that. After all, the propensity of McKinsey to be in boardrooms already means clients and consultants often now share a bond, or a shared vocabulary.
That familiarity comes with risks though. For example, putting too much stock in the infallibility of this corporate monoculture could hypothetically see oversights in the shortcomings of the technology currently being hyped by McKinsey replicated across a number of the world’s leading businesses – as they are shaped externally and internally by the company’s own obsession with AI.
Just how hypothetical that risk is has suddenly been cast into doubt. McKinsey’s own chatbot has just been hacked – with relative ease – potentially exposing huge amounts of data in the process.
As reported by The Stack, the strategy giant’s internal chatbot ‘Lilli’ – which the firm first released in 2023 – exposed over 728,000 private files and more than 46 million chat logs, as well as proprietary RAG documentation to hackers. According to Paul Price, a former Schillings cybersecurity consultant whose startup Codewall exposed the incident, the vulnerability was due to 22 exposed endpoints, which didn’t require authentication – one of which turned out to have a SQL injection flaw.
As a result, it took just two hours and $20 in tokens for an offensive AI security agent at the company to breach the multinational consultancy and gain access to highly sensitive data. Schillings told The Stack that most large organisations are ill-prepared for the improvements in AI agents at offensive security – and that AI itself had chosen McKinsey as a target, after he’d prompted a model to identify a range of high-profile organisations with public cybersecurity disclosure guidelines and a few other parameters to focus on.
“When it found JSON keys reflected verbatim in database error messages, it recognised a SQL injection that standard tools wouldn’t flag,” Codewall explained in a blog post detailing the hack. “From there, it ran 15 blind iterations – each error message revealing a little more about the query shape – until live production data started flowing back.”
60,000 ‘employees’
The moment comes after a lengthy period of McKinsey flaunting its rapid AI adoption as credentials to help other firms futureproof with the technology.
In a recent Fortune profile, McKinsey was revealed to be rebuilding its intake and training around AI fluency. Historically, McKinsey’s recruitment requirements emphasised IQ and RQ – intelligence and relationship quotients – as key to consultant success, while in the 2010s it added “capability quotient,” signalling the need for deep expertise in some fields. Now, however, AI fluency is non-negotiable described by Senior Partner Liz Hilton Segel as a “core capability of the next chapter”. Meanwhile, 40% of McKinsey’s global portfolio now involves helping clients adopt and scale AI and its related technologies.
Additionally, in 2025, the firm was gifted a trophy by OpenAI, for using 100 billion tokens with the company’s software. One of the highest usage levels of any consulting firm, the news led to some derision, both of the “commemorative Oreo” handed out by OpenAI, but also of the strategy giant’s service. At the same time, McKinsey’s incumbent CEO, Bob Sternfels, raised eyebrows when he recently claimed on an episode of Harvard Business Review’s IdeaCast that this is reflected by the firm’s headcount – which he now counts at 60,000, 20,000 of which are AI agents.
A McKinsey spokesperson told The Register that it fixed all of the issues identified by CodeWall within hours of learning about the problems. They insisted the firm’s own investigation “identified no evidence that client data or client confidential information were accessed by this researcher or any other unauthorised third party”.
But even so, critics have suggested the incident spells out the risks of rushing to deploy the latest technology across a firm at any expense. And it suggests that the firms reluctant to accelerate their AI investments beyond the piloting phase for the sake of keeping up with the Joneses might have had a point. It may also point to an approaching crisis for those who are most in the thrall of the CEO factory – unless they start to take a more critical stance on at least some of its claims around AI.
Source link
#McKinsey #chatbot #hacked #potentially #access #thousands #files
