MC A.I CyberSecurity Scoring
MC
Company Information
Website:http://www.mckinsey.com
Employees number:38,633
Number of followers:6,920,938
NAICS:5416
Industry Type:Business Consulting and Services
Homepage:mckinsey.com
MC Risk Score (AI oriented)
Between 800 and 849
MCBusiness Consulting and Services
Updated:
02/04/2026
02/04/2026
815/1000
Good
A
MC Global Score (TPRM)
xxxx
MCBusiness Consulting and Services
Score locked

MCGood
Current Score
815A (GOOD)
01000
1 incidents
-11 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
816
JUNE 2026
816
MAY 2026
815
APRIL 2026
815
MARCH 2026
826
Cyber Attack
09 Mar 2026 • MC
McKinsey: AI agent hacked McKinsey chatbot for read-write access
AI Agent Exploits McKinsey’s Internal Chatbot in Under Two Hours
815
CRITICAL-11
MCK1773109656
AI Agent Exploits McKinsey’s Internal Chatbot in Under Two Hours
Researchers at security startup CodeWall demonstrated how an autonomous AI agent hacked McKinsey’s internal generative AI platform, Lilli, gaining full read-and-write access to its production database within two hours. The attack, conducted in late February, exposed 46.5 million chat messages, 728,000 confidential client files, 57,000 user accounts, and 95 writable system prompts all in plaintext.
The agent exploited an unauthenticated SQL injection vulnerability in Lilli’s API, which was publicly exposed through 22 unsecured endpoints. By manipulating JSON keys in user search queries, the AI bypassed standard security tools, eventually extracting live production data. The flaw also allowed attackers to rewrite Lilli’s system prompts, potentially poisoning responses for McKinsey’s 40,000+ users without requiring code changes just a single HTTP request.
McKinsey patched the vulnerabilities within hours of disclosure on March 1, taking the development environment offline and securing API documentation. A company spokesperson confirmed no evidence of unauthorized client data access, though the incident underscores the growing threat of AI-driven cyberattacks. CodeWall’s CEO noted that the attack was fully autonomous, from target selection to exploitation, signaling a shift toward machine-speed intrusions by malicious actors. The firm’s findings highlight the risks of AI systems interacting with insecure databases and the potential for large-scale data manipulation.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
826
JANUARY 2026
826
DECEMBER 2025
826
NOVEMBER 2025
826
OCTOBER 2025
826
SEPTEMBER 2025
826
AUGUST 2025
826
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for MC ??
What was MC's A.I Rankiteo Cyber Score in June 2026 ??
What was MC's A.I Rankiteo Cyber Score in May 2026 ??
What was MC's A.I Rankiteo Cyber Score in April 2026 ??
What was MC's A.I Rankiteo Cyber Score in March 2026 ??
What was MC's A.I Rankiteo Cyber Score in February 2026 ??
What was MC's A.I Rankiteo Cyber Score in January 2026 ??
What was MC's A.I Rankiteo Cyber Score in December 2025 ??
What was MC's A.I Rankiteo Cyber Score in November 2025 ??
What was MC's A.I Rankiteo Cyber Score in October 2025 ??
What was MC's A.I Rankiteo Cyber Score in September 2025 ??
What was MC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on MC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with MC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view MC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?