A small AI startup has claimed it was able to breach an internal platform used by McKinsey in just a couple of hours, drawing attention to potential security gaps in enterprise AI systems.
According to the claim, the platform, known as Lilli, has been used internally by McKinsey for about two years to support its consulting work. The breach was carried out by CodeWall.ai, a company whose founder Paul Price says he is currently its only employee. He said an AI agent was deployed to test the system and was able to gain access far more quickly than expected.
CodeWall.ai claims the agent was able to access a large volume of internal data, including millions of chat messages and hundreds of thousands of files. The company described the material as highly sensitive, suggesting it included what it called McKinsey’s “intellectual crown jewels”.
The details, however, are based on the startup’s own account, and it is not yet clear how much of the claim has been independently verified. McKinsey has not publicly confirmed the extent of any breach at the time of reporting, and there is no official statement outlining what data, if any, may have been exposed.
Even so, the claim has quickly gained attention because of what it suggests about how AI tools are being used inside large organisations. Platforms like Lilli are designed to pull together internal knowledge, documents and conversations, making them powerful but also potentially risky if access controls are not tightly managed.
For a while now, security researchers have been flagging a simple risk. The more these AI tools are plugged into a company’s internal data, the more damage they can do if something goes wrong. If access controls are loose or poorly designed, an automated agent can pull out large volumes of sensitive information very quickly.
If the claims in this case hold up, it taps into a bigger issue. Companies have been moving fast to roll out AI across teams, often prioritising what the tools can do over how well they are secured and monitored.
That is really the larger takeaway here. It is not just about one platform or one incident. As AI becomes a core part of how organisations work, even a small gap can have outsized consequences. Cases like this are likely to push companies to take a harder look at how these systems are being built and what safeguards are actually in place.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
