McKinsey is working to fix issues with its AI system after hackers accessed millions of internal messages and were able to identify sensitive documents, the Financial Times has reported.
The inciting incident was a hack by AI-powered cybersecurity startup CodeWall earlier in the week. The company published a detailed report into how it used its own “autonomous offensive agent” to probe McKinsey’s internal AI platform, Lilli, for entry points.
It found one, gaining access to data including chat messages, user accounts and the names of hundreds of thousands of PDFs, spreadsheets and other documents – all in under two hours.
The main attack vector was an SQL injection, one of the oldest classes of vulnerability, and one that had not been picked up by Lilli’s own internal safeguards. CodeWall said its tool was also able to locate the entire knowledge base underpinning Lilli through other methods.
CodeWall claims that with this information, a hacker could rewrite the system prompts that define the AI’s behaviour – changing the advice it gives and potentially rendering it worthless, or stripping guardrails to allow Lilli to follow other injected instructions.
McKinsey is bullish on AI in the workplace, and currently offers consulting services to clients on developing the technology, using their own system as evidence that they are at the cutting edge of its implementation.
According to McKinsey’s website, 72 per cent of the firm uses Lilli, and it processes over half a million prompts every month. Erik Roth, the company’s senior partner leading Lilli’s development, says on its product page: “We have created something that I believe will change the way we serve our clients. We have the opportunity to set up our firm for success in its next century and perhaps redefine our industry.”
McKinsey’s 2023 report on the economic potential of generative AI predicted that the technology would add over $2.6 trillion in annual economic value in the near future – highlighting the importance of the technology to its strategy and forecasting.
Latest News
-
Lloyds Banking Group glitch lets users see other customers' transactions
-
McKinsey working to fix flaws in AI system after hack
-
Santander completes agentic commerce pilot in LatAm
-
FStech stages successful 2026 FStech Awards
-
Banks evacuate Dubai offices after Iran threatens regional finance
-
Revolut launches UK bank after securing full regulatory licence
Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?
Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.
Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.
Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories