CodeWall's Autonomous Agent Reportedly Obtained Unauthorized Access to McKinsey’s Lilli AI Platform Database

February 28, 2026

CodeWall's autonomous agent is reported to have exploited vulnerabilities in McKinsey's Lilli AI platform, potentially gaining unauthorized read and write access to production systems. The alleged data exposure includes internal chat messages, files, user accounts, and prompts. McKinsey confirmed the security issue and swiftly implemented fixes, but asserted that no client data or confidential information was accessed.

Harm prevention is crucial in the realm of AI governance. JOIN US to learn more about how the HISPI Project Cerebellum TAIM (Govern) can help establish guardrails for safe and secure AI practices.

Matched TAIM controls

Suggested mapping from embedding similarity (not a formal assessment). Browse all TAIM controls

MAP 4.1 — similarity 0.697, rank 1. TAIM detail and related incidents →
GOVERN 6.1 — similarity 0.697, rank 2. TAIM detail and related incidents →
MEASURE 2.10 — similarity 0.696, rank 3. TAIM detail and related incidents →

Alleged deployer: mckinsey-and-company, codewall
Alleged developer: mckinsey-and-company, codewall
Alleged harmed parties: mckinsey-and-company-employees, mckinsey-and-company-consultants, mckinsey-and-company, lilli-users

Source

Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/1412

Data source

Incident data is from the AI Incident Database (AIID).

When citing the database as a whole, please use:

McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.

Pre-print on arXiv · Database snapshots & citation guide

We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.