How we hacked McKinsey's AI platform

Posted by mycroft_4221 13 hours ago

How we hacked McKinsey's AI platform(codewall.ai)

343 points | 139 commentspage 3

gonzalovargas 5 hours ago|

That data is worth billions to frontier AI labs. I wonder if someone is already using it to train models

bananamogul 5 hours ago||

At first glance, I thought this was about an AI agent named "Hacks McKinsey."

quinndupont 5 hours ago||

I’m waiting for the agentic models trained on virus and worm datasets to join the red team!

build-or-die 4 hours ago||

parameterized values but raw key concatenation is the kind of thing that looks safe in code review. easy to miss for humans, but an agent will just keep poking at every input until something breaks.

ecshafer 8 hours ago||

If the AI was poisoned to alter advice, then maybe McKinsey advice would actually be a net good.

jacquesm 7 hours ago||

And: AI agent writes blog post.

captain_coffee 8 hours ago||

Music to my ears! Couldn't happen to a better company!

palmotea 7 hours ago||

With all we've been learning from stuff like the Epstein emails, it would have been nice if someone had leaked this data:

> 46.5 million chat messages. From a workforce that uses this tool to discuss strategy, client engagements, financials, M&A activity, and internal research. Every conversation, stored in plaintext, accessible without authentication.

> 728,000 files. 192,000 PDFs. 93,000 Excel spreadsheets. 93,000 PowerPoint decks. 58,000 Word documents. The filenames alone were sensitive and a direct download URL for anyone who knew where to look.

I'm sure lots of very informative journalism could have been done about how corporate power actually works behind the scenes.

cmiles8 5 hours ago|

That information is likely already in the hands of various folks as I highly doubt the authors were the first to find this glaring security issue, they’re likely only the first to disclose it. If McKinsey has hard data that nobody else exploited this now would be a good time to disclose that given what sounds like an extremely severe data leak.

frankfrank13 5 hours ago||

The chat messages are very very sensitive. You could easily reverse engineer nearly every ongoing Mck engagement. The underlying data is not as sensitive, its decades of post-mortems, highly sanitized. No client names, no real numbers.

cs702 7 hours ago||

... in two hours:

> No credentials. No insider knowledge. And no human-in-the-loop. Just a domain name and a dream. ... Within 2 hours, the agent had full read and write access to the entire production database.

Having seen firsthand how insecure some enterprise systems are, I'm not exactly surprised. Decision makers at the top are focused first and foremost on corporate and personal exposure to liability, also known as CYA in corporate-speak. The nitty-gritty details of security are always left to people far down the corporate chain who are supposed to know what they're doing.

peterokap 7 hours ago|

I wonder what is their security level and Observability method to oversee the effort.

More comments...