{"text":[[{"start":10.74,"text":"McKinsey has rushed to fix flaws in an in-house AI system after hackers gained access to millions of its internal messages and were able to identify sensitive files."}],[{"start":22.73,"text":"CodeWall, a cyber security firm, said this week that it had hacked Lilli, McKinsey’s AI platform used by its 40,000 staff, and found millions of files and communications within two hours."}],[{"start":37.41,"text":"It said it had gained access to 46.5mn chat messages on the system, which is used by McKinsey staff to plan strategy, analyse data and create project plans and presentations for clients. "}],[{"start":53.01,"text":"The hack underscores the risks that come with the rapid adoption of AI and is potentially embarrassing for McKinsey at a time when it is pitching for work advising blue-chip companies on how to use the technology. The consultancy has touted its AI tools as evidence that it is at the forefront of adopting the technology. "}],[{"start":76.91,"text":"CodeWall, which aims to find cyber security flaws in companies’ systems so they can fix them, said it had used its own AI agent to carry out the hack. “Within 2 hours, the agent had full read and write access to the entire production database,” CodeWall said on its website. "}],[{"start":96.35,"text":"It also claimed to have accessed a list of 728,000 “sensitive” file names, including Excel spreadsheets, PowerPoint decks and Word documents. A person close to McKinsey said that the files themselves were stored separately and were “never at risk”."}],[{"start":115.83999999999999,"text":"CodeWall, whose founder Paul Price said he was the group’s only employee, says it focuses on companies such as McKinsey that have published guidelines on how ethical hackers should probe their systems for cyber security flaws. "}],[{"start":130.57,"text":"In this case, the AI agent automatically stopped attempting to access files and reported the security issues once they were discovered, CodeWall said. "}],[{"start":141.57,"text":"The cyber security firm said it had gained access to 57,000 user accounts, 384,000 AI assistants and 94,000 workspaces, which it called “the full organisational structure of how the firm uses AI internally” and the “firm’s intellectual crown jewels”. "}],[{"start":162.47,"text":"Lilli’s system prompts and AI model configurations were also laid bare during the hack, CodeWall said, “revealing exactly how the AI was instructed to behave [and] what guardrails existed”. "}],[{"start":176.47,"text":"McKinsey’s security team was alerted to CodeWall’s findings at the end of February, according to the person close to the consultancy. McKinsey patched the holes identified and took offline its development environment, an online area for testing code, within hours, the person added. "}],[{"start":194.6,"text":"CodeWall said its AI agent had itself suggested McKinsey as a target. “In the AI era, the threat landscape is shifting drastically — AI agents autonomously selecting and attacking targets will become the new normal,” the company said. "}],[{"start":213.59,"text":"McKinsey said it was “recently alerted to a vulnerability related to our internal AI tool, Lilli, by a security researcher. We promptly confirmed the vulnerability and fixed the issue within hours”. "}],[{"start":228.87,"text":"It added: “Our investigation, supported by a leading third-party forensics firm, identified no evidence that client data or client confidential information were accessed by this researcher or any other unauthorized third party."}],[{"start":244.02,"text":"“McKinsey’s cyber security systems are robust, and we have no higher priority than the protection of client data and information that we have been entrusted with.” "}],[{"start":254.21,"text":"McKinsey claimed last year that consulting on AI and related technology accounted for 40 per cent of its revenue, and this year its chief executive said it has built 25,000 AI “agents” to support its 40,000-strong workforce."}],[{"start":280.52,"text":""}]],"url":"https://audio.ftcn.net.cn/album/a_1773366586_9543.mp3"}