AI agent hacked McKinsey chatbot for read-write access • The Register

CodeWall pointed an AI agent at McKinsey's Lilli chatbot platform. Two hours later it had read-write access to 46.5 million chat messages, 728,000 confidential files, and the system prompts -- all through unauthenticated API endpoints and SQL injection. The agent found the vulnerabilities autonomously. This is what machine-speed offensive security looks like: AI attacking AI, and winning.

Visit Original Article →