When AI Becomes the Attacker

When AI Becomes the Attacker

In March 2026, cybersecurity startup Codewall demonstrated just how quickly AI can turn from tool to threat. Their autonomous agent breached McKinsey’s internal AI system, Lilli, in under two hours — uncovering unauthenticated endpoints and exploiting a long-standing SQL injection vulnerability.

The result was significant: tens of millions of internal messages, hundreds of thousands of files, and even core system prompts were exposed. Not through sophisticated zero-day exploits, but by chaining together known, overlooked weaknesses.

At Level Five, we see this as a critical inflection point. As AI adoption accelerates across Southeast Asia, many organizations are deploying advanced capabilities on top of legacy infrastructures not designed for autonomous, adversarial behavior. AI is no longer just a business enabler — it is an expanding attack surface.

To stay ahead, institutions must shift from reactive defenses to proactive, intelligence-led security models that anticipate how AI systems can be exploited at scale.

Read the full article here: https://www.bankinfosecurity.com/autonomous-agent-hacked-mckinseys-ai-in-2-hours-a-31007