AI in consulting: risks
A reported vulnerability in an AI system used by tens of thousands of consultants exposed large volumes of internal prompts, highlighting material cybersecurity and governance risks for firms adopting AI. Observers add that tool proliferation doesn’t guarantee impact, enterprise compute constraints are forcing rationing, and attempts to replace managers with AI have practical limits — together framing AI as an implementation and governance problem, not just a productivity story. (magnetarit.co.uk (capgemini.com (enterpriseai.economictimes.indiatimes.com (geeky-gadgets.com))
A reported breach of McKinsey’s internal AI platform showed how an AI tool can become a new security weak point inside a consulting firm. (codewall.ai) Security startup CodeWall said on March 9 that its autonomous agent reached McKinsey’s production database in about two hours through exposed application programming interface endpoints and a SQL injection flaw. CodeWall said the system, called Lilli, was launched in 2023, is used by more than 70 percent of McKinsey staff, and handles more than 500,000 prompts a month. (codewall.ai) (theregister.com) CodeWall said it could access 46.5 million chat messages, 728,000 files, 57,000 user accounts, and 95 system prompts that govern how the chatbot responds. The firm also said those prompts were writable, which would let an attacker alter answers delivered to tens of thousands of consultants. (codewall.ai) (theregister.com) McKinsey told The Register it fixed the issues within hours after disclosure on March 1 and said a third-party forensic review found no evidence that the researcher or any other unauthorized party accessed client confidential information. The company said it patched unauthenticated endpoints, took the development environment offline, and blocked public application programming interface documentation. (theregister.com) The incident landed as companies are adding more AI software faster than they are simplifying the systems around it. In an April 14 essay, Capgemini said piling on new AI tools can create “a more encumbered ecosystem” that needs more integration and oversight instead of less. (capgemini.com) The infrastructure behind those tools is also getting tighter. The Economic Times, citing The Wall Street Journal, reported on April 14 that rising demand for “agentic” AI systems is pushing up graphics processing unit costs, lengthening data-center lead times, and forcing some providers to ration access after outages. (enterpriseai.economictimes.indiatimes.com) Companies that try to use AI to cut management layers are also running into organizational limits. A Geeky Gadgets report published April 14 said case studies involving Kimmy, Block, and Meta found automation can speed information routing, but human managers still handle judgment, accountability, and mentoring. (geeky-gadgets.com) The McKinsey case turned a familiar software bug into an AI governance story: the same system held client-adjacent files, employee accounts, chat logs, and the hidden instructions that shape model behavior. That leaves firms with a larger job than buying licenses and counting productivity gains. (codewall.ai) (theregister.com)
