AI agents now hacking other AI? McKinsey system breached in 2 hours
India Today
A security startup claims its autonomous AI agent breached McKinsey's internal AI platform in just two hours during a controlled test. The incident shows how AI tools could soon be used to automatically discover and exploit vulnerabilities in other AI systems.
AI tools are increasingly becoming the backbone of modern workplaces. Large companies are now relying on internal AI systems to search documents, analyse data, and assist employees in their daily work. But a recent security experiment suggests that the same technology could also introduce a new type of cyber risk, one where AI systems themselves become the attackers.
Researchers from security startup CodeWall claim that one of their autonomous AI agents managed to break into McKinsey’s internal AI platform in just two hours. The test was carried out as part of a responsible security exercise, but the findings are drawing attention to how quickly automated AI-driven attacks could unfold if similar techniques are used by malicious actors.
The system targeted in the test was McKinsey’s internal generative AI platform called Lilli. The consulting firm introduced the tool in July 2023 to help employees search company knowledge, analyse documents, and access internal research more easily.
The platform is widely used inside the organisation. According to McKinsey, more than 70 per cent of its workforce, over 40,000 employees, regularly interact with the chatbot. The system processes more than 500,000 prompts every month as consultants use it to assist with client work and internal analysis.
CodeWall said the decision to target McKinsey was suggested by its own research agent after it scanned publicly available information, including the company’s disclosure policy and recent updates related to Lilli. The researchers then allowed the agent to operate autonomously without giving it login credentials or insider knowledge of the system.
The AI began by mapping the platform’s attack surface and analysing publicly available documentation. During this process, it discovered API documentation that exposed more than 200 system endpoints. While most required authentication, 22 endpoints were accessible without login credentials.
Among the fashion standouts at the Oscars 2026 were Nicole Kidman, Teyana Taylor, Priyanka Chopra, Emma Stone, Audrey Nuna, Anne Hathaway and Pedro Pascal.
Thousands of degree certificates and mark sheets have remained unclaimed in several colleges for nearly four decades. Students passed their exams but never returned to collect their documents, leaving institutions struggling to store the growing pile of academic records.
In a small classroom in Aligarh's government school, waste materials are turning into machines. A government school teacher is guiding students to build simple robots and drones using scrap, helping them understand science through hands-on learning.
Elon Musk's satellite internet service, Starlink, is now available in Kuwait. This announcement comes at a time when the country has found itself impacted by the US-Israel war with Iran.
Delhi University has rejected Rahul Gandhi's claim of caste bias in interviews. In a post on X, the university said the Leader of the Opposition should verify facts before making such statements.
Apple is rumoured to be making its debut in the foldable smartphone market this year with the iPhone fold. From the design to the features, and the expected price, here is everything you need to know about the first-ever foldable iPhone.
The Central Board of Secondary Education, CBSE, has cancelled the Class 12 board examinations in several Middle Eastern countries due to the ongoing US-Israel-Iran war. The board also confirmed that the mechanism for announcing results for affected students will be announced at a later stage.
Chinese giant ByteDance has reportedly suspended its plans to release its latest AI video generation model, SeeDance 2.0, after major Hollywood studios raised disputes over copyright violations.
Bidyut Innovation MD Rahul Shah spoke during the India Today Conclave 2026. Shah reckoned that India could soon have its own robots competing those from other countries, perhaps at a fraction of the cost.
Alpha High School, an AI-driven education institute is rolling out a new course with a promise – earn $1 million by the time you graduate or you get a full refund. Here is how it works.
Devendra Singh Chaplot, an IIT Bombay alum has joined xAI to build super intelligence. His arrival was welcomed by xAI chief Elon Musk. Here is everything you need to know about xAI's latest Indian origin member.
Blending heritage with modern technology, Royal Enfield is preparing to enter the electric motorcycle space with the upcoming Royal Enfield Flying Flea C6, expected to debut in India around mid-2026.
IIT Madras and the Delhi government have signed an MoU to study 'smog-eating' surfaces to help tackle air pollution in the capital.