How we hacked McKinsey's AI platform

Original Article ↗ Hacker News Discussion ↗

Vulnerability and Impact

  • Public API had hundreds of endpoints; ~22 lacked authentication, including ones touching the production database.
  • Core bug was conventional SQL injection: values were parameterized, but JSON field names were concatenated into SQL queries.
  • Result: unauthenticated read/write access to the database, including tens of millions of chat messages and hundreds of thousands of internal files.
  • Several commenters stress how catastrophic the data exposure is (strategy, M&A, client work, internal research), and assume sophisticated actors may already have exploited it.
  • Others note the especially dangerous aspect: write access to system prompts, enabling silent poisoning of AI behavior without normal deployment controls.

Use of AI Agents and Writing Style

  • Many see the “AI agent hacked McKinsey” angle as more marketing than substance: the core issue was a basic web security failure found by an automated scan.
  • Several complain the blog post reads like generic LLM output: punchy, “LinkedIn-style,” repetitive.
  • Some argue AI writing initially feels high quality but becomes grating due to sameness; others say it’s fine for corporate blogs and not worth getting upset about.

McKinsey’s Tech Competence and Internal Culture

  • Multiple commenters dispute the article’s framing of McKinsey as having “world-class technology teams,” saying tech work is often outsourced or low-status.
  • Insider-style comments describe Lilli as originally internal-only, with strong access controls, and suggest cultural issues:
    • Internal projects penalized vs. client work.
    • Products driven by partners’ short-term incentives, then abandoned.
    • Tech staff treated as second-class and many laid off, degrading in-house expertise.
  • Some conclude this shows McKinsey should not be trusted to advise on AI or tech org design, though others separate their analytical strengths from implementation weaknesses.

Consulting Dynamics and Ethics

  • Discussion reiterates common critiques of big consultancies:
    • Hired to legitimize decisions already made and provide political cover or a scapegoat.
    • Over-promise, under-deliver, but remain lucrative.
  • Some object to using a “whitehat” finding so prominently as marketing.
  • There is skepticism about the new security company’s obscurity, but links to external reporting and a disclosure timeline reassure some that McKinsey acknowledged and fixed the issues.

Broader AI & Security Takeaways

  • Commenters note how AI agents can rapidly map attack surfaces and probe every parameter, making subtle mistakes (like unsafe key concatenation) easier to exploit.
  • Several predict growing demand for continuous, automated security testing of AI-driven systems and automation-heavy internal tools.