{"id":60289,"date":"2026-03-09T22:22:07","date_gmt":"2026-03-09T22:22:07","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/"},"modified":"2026-03-09T22:22:07","modified_gmt":"2026-03-09T22:22:07","slug":"ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/","title":{"rendered":"AI vs AI: Agent hacked McKinsey&#8217;s chatbot and gained full read-write access in just two hours"},"content":{"rendered":"<p>Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey&#8217;s internal AI platform and gained full read and write access to the chatbot in just two hours.<\/p>\n<p>It&#8217;s yet another indicator that <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2026\/03\/08\/deploy_and_manage_attack_infrastructure\/\">agentic AI is becoming a more effective<\/a> tool for conducting cyberattacks, including those against other AI systems.<\/p>\n<p>This attack wasn\u2019t conducted with malicious intent. However, threat hunters tell us that miscreants are increasingly using agents in real-world attacks, indicating that machine-speed intrusions aren&#8217;t going away.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>McKinsey, a mega-management consultancy that specializes in gnarly strategy work for huge corporations and governments, rolled out its generative AI platform called Lilli in July 2023. According to the company, <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.mckinsey.com\/capabilities\/tech-and-ai\/how-we-help-clients\/rewiring-the-way-mckinsey-works-with-lilli\">72 percent of its employees<\/a> \u2013 that&#8217;s upwards of 40,000 people \u2013 now use the chatbot, which processes more than 500,000 prompts every month.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>CodeWall uses AI agents to continuously attack customers&#8217; infrastructure, to help them improve their security posture. According to the startup, its own security agent suggested targeting McKinsey, citing the consulting company&#8217;s public <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/hackerone.com\/mckinsey-company\">responsible disclosure policy<\/a> and recent updates to Lilli.<\/p>\n<p>&#8220;So we decided to point our autonomous offensive agent at it,&#8221; the researchers <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/codewall.ai\/blog\/how-we-hacked-mckinseys-ai-platform\">wrote<\/a> in a Monday blog, noting that the agent didn&#8217;t have access to any credentials for McKinsey\u2019s assets.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>CodeWall\u2019s researchers claim that within two hours of starting their red team raid, they achieved full read and write access to the entire production database and were able to access 46.5 million chat messages about strategy, mergers and acquisitions, and client engagements, all in plaintext, along with 728,000 files containing confidential client data, 57,000 user accounts, and 95 system prompts controlling the AI&#8217;s behavior. These prompts were all writable, meaning an attacker could poison everything Lilli spits out to all of the tens of thousands of consultants using the chatbot.<\/p>\n<p>CodeWall&#8217;s agent found the SQL injection flaw at the end of February, and the researchers disclosed the full attack chain on March 1. By the following day, McKinsey had patched all unauthenticated endpoints, taken the development environment offline, and blocked public API documentation.<\/p>\n<p>A McKinsey spokesperson told <em>The Register<\/em> that it fixed all of the issues identified by CodeWall within hours of learning about the problems.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Our investigation, supported by a leading third-party forensics firm, identified no evidence that client data or client confidential information were accessed by this researcher or any other unauthorized third party,&#8221; the spokesperson told us. &#8220;McKinsey&#8217;s cybersecurity systems are robust, and we have no higher priority than the protection of client data and information we have been entrusted with.&#8221;<\/p>\n<h3 class=\"crosshead\">AI vs AI<\/h3>\n<p>CodeWall CEO Paul Price declined to tell us the exact prompts his team used to exploit the chatbot, but said the entire process was &#8220;fully autonomous from researching the target, analyzing, attacking, and reporting.&#8221;<\/p>\n<p>The CodeWall agent initially gained access to Lilli after finding publicly exposed API documentation, including 22 endpoints that didn&#8217;t require authentication. One of these wrote user search queries, and the agent found that the JSON keys (these are the field names) were concatenated into SQL and vulnerable to SQL injection.<\/p>\n<p>&#8220;When it found JSON keys reflected verbatim in database error messages, it recognised a SQL injection that standard tools wouldn&#8217;t flag,&#8221; the researchers wrote, adding that the error messages eventually began outputting live production data.<\/p>\n<p>It gets worse: Lilli&#8217;s system prompts were stored in the same database, which gave the agent access to these as well.<\/p>\n<p>Because the SQL injection flaw was read and write, an attacker could abuse this to silently rewrite Lilli&#8217;s prompts, thus poisoning how the chatbot answered consultants&#8217; queries, what guardrails it followed, and how it cited sources. &#8220;No deployment needed,&#8221; the blog says. &#8220;No code change. Just a single UPDATE statement wrapped in a single HTTP call.&#8221;<\/p>\n<p>These security holes are now closed \u2013 but the larger threat remains, Price told <em>The Register<\/em>.<\/p>\n<p>&#8220;We used a specific AI research agent to autonomously select the target, it did this without zero human input,&#8221; he said. &#8220;Hackers will be using the same technology and strategies to attack indiscriminately, with a specific objective in mind,&#8221; such as &#8220;financial blackmail for data loss or ransomware.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2026\/03\/09\/mckinsey_ai_chatbot_hacked\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>David and Goliath\u2026but with AI agents Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey&#8217;s internal AI platform and gained full read and write access to the chatbot in just two hours.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-60289","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AI vs AI: Agent hacked McKinsey&#039;s chatbot and gained full read-write access in just two hours 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AI vs AI: Agent hacked McKinsey&#039;s chatbot and gained full read-write access in just two hours 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-09T22:22:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"AI vs AI: Agent hacked McKinsey&#8217;s chatbot and gained full read-write access in just two hours\",\"datePublished\":\"2026-03-09T22:22:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/\"},\"wordCount\":704,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/\",\"name\":\"AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2026-03-09T22:22:07+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AI vs AI: Agent hacked McKinsey&#8217;s chatbot and gained full read-write access in just two hours\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/","og_locale":"en_US","og_type":"article","og_title":"AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-03-09T22:22:07+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"AI vs AI: Agent hacked McKinsey&#8217;s chatbot and gained full read-write access in just two hours","datePublished":"2026-03-09T22:22:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/"},"wordCount":704,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/","url":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/","name":"AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2026-03-09T22:22:07+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aa_ZmMtT8XnYk_6-mpDMyAAAAQs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ai-vs-ai-agent-hacked-mckinseys-chatbot-and-gained-full-read-write-access-in-just-two-hours\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"AI vs AI: Agent hacked McKinsey&#8217;s chatbot and gained full read-write access in just two hours"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60289"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60289\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}