DigiNews

Summary

CodeWall.ai exposes a security incident where an autonomous agent gains read/write access to McKinsey's Lilli AI platform via publicly documented endpoints and a SQL injection vulnerability. The breach exposes millions of chat messages, dozens of thousands of files, and sensitive AI configuration data, highlighting the vulnerability of the prompt layer and the broader attack surface. The article emphasizes the importance of prompt-layer hardening, secure API design, and responsible disclosure in the AI era.