Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
McKinsey & Company

McKinsey & Company Vendor Cyber Rating & Cyber Score

mckinsey.com

McKinsey & Company is a global management consulting firm. We are the trusted advisor to the world's leading businesses, governments, and institutions. We work with leading organizations across the private, public and social sectors. Our scale, scope, and knowledge allow us to address problems that no one else can. We have deep functional and industry expertise as well as breadth of geographical reach. We are passionate about taking on immense challenges that matter to our clients and, often, to the world. We work with our clients as we do with our colleagues. We build their capabilities and leadership skills at every level and every opportunity. We do this to help build internal support, get to real issues, and reach practical


MC A.I CyberSecurity Scoring

MC
Company Information
Website:http://www.mckinsey.com
Employees number:38,633
Number of followers:6,920,938
NAICS:5416
Industry Type:Business Consulting and Services
Homepage:mckinsey.com
MC Risk Score (AI oriented)
Between 800 and 849
logo
MCBusiness Consulting and Services
Updated:
02/04/2026
815/1000
Good
A
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
MC Global Score (TPRM)
xxxx
logo
MCBusiness Consulting and Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

MC
MCGood
Current Score
815A (GOOD)
01000
1 incidents
-11 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
816Before Incident
JUNE 2026
816Before Incident
MAY 2026
815Before Incident
APRIL 2026
815Before Incident
MARCH 2026
826Before Incident
Cyber Attack
09 Mar 2026MC
McKinsey: AI agent hacked McKinsey chatbot for read-write access

AI Agent Exploits McKinsey’s Internal Chatbot in Under Two Hours

815After Incident
CRITICAL-11
MCK1773109656
AI Agent Exploits McKinsey’s Internal Chatbot in Under Two Hours Researchers at security startup CodeWall demonstrated how an autonomous AI agent hacked McKinsey’s internal generative AI platform, Lilli, gaining full read-and-write access to its production database within two hours. The attack, conducted in late February, exposed 46.5 million chat messages, 728,000 confidential client files, 57,000 user accounts, and 95 writable system prompts all in plaintext. The agent exploited an unauthenticated SQL injection vulnerability in Lilli’s API, which was publicly exposed through 22 unsecured endpoints. By manipulating JSON keys in user search queries, the AI bypassed standard security tools, eventually extracting live production data. The flaw also allowed attackers to rewrite Lilli’s system prompts, potentially poisoning responses for McKinsey’s 40,000+ users without requiring code changes just a single HTTP request. McKinsey patched the vulnerabilities within hours of disclosure on March 1, taking the development environment offline and securing API documentation. A company spokesperson confirmed no evidence of unauthorized client data access, though the incident underscores the growing threat of AI-driven cyberattacks. CodeWall’s CEO noted that the attack was fully autonomous, from target selection to exploitation, signaling a shift toward machine-speed intrusions by malicious actors. The firm’s findings highlight the risks of AI systems interacting with insecure databases and the potential for large-scale data manipulation.
INCIDENT DETAILS -
TYPE
AI-driven cyberattack
MOTIVATION
Demonstration of AI-driven exploitation risks
IMPACT
Data Compromised: 46.5 million chat messages, 728,000 confidential client files, 57,000 user accounts, 95 writable system promptsSystems Affected: McKinsey’s internal generative AI platform (*Lilli*)Operational Impact: Potential poisoning of AI responses for 40,000+ usersBrand Reputation Impact: Undermined trust in AI security
DATA BREACH
Chat messagesConfidential client filesUser accountsSystem promptsNumber Of Records Exposed: 46.5 million chat messages, 728,000 files, 57,000 accounts, 95 promptsSensitivity Of Data: High (confidential client files, plaintext data)Data Encryption: No (plaintext)
FEBRUARY 2026
826Before Incident
JANUARY 2026
826Before Incident
DECEMBER 2025
826Before Incident
NOVEMBER 2025
826Before Incident
OCTOBER 2025
826Before Incident
SEPTEMBER 2025
826Before Incident
AUGUST 2025
826Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for MC ?
?
What was MC's A.I Rankiteo Cyber Score in June 2026 ?
?
What was MC's A.I Rankiteo Cyber Score in May 2026 ?
?
What was MC's A.I Rankiteo Cyber Score in April 2026 ?
?
What was MC's A.I Rankiteo Cyber Score in March 2026 ?
?
What was MC's A.I Rankiteo Cyber Score in February 2026 ?
?
What was MC's A.I Rankiteo Cyber Score in January 2026 ?
?
What was MC's A.I Rankiteo Cyber Score in December 2025 ?
?
What was MC's A.I Rankiteo Cyber Score in November 2025 ?
?
What was MC's A.I Rankiteo Cyber Score in October 2025 ?
?
What was MC's A.I Rankiteo Cyber Score in September 2025 ?
?
What was MC's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on MC's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with MC ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view MC's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
McKinsey & Company Cyber Scoring History | Rankiteo