what coudld go wrong

pappito:

odmnd:

gerywhite:

babarumblr:

napszemuvegbe:

How We Hacked McKinsey’s AI Platform

So we decided to point our autonomous offensive agent at it. No credentials. No insider knowledge. And no human-in-the-loop. Just a domain name and a dream. Within 2 hours, the agent had full read and write access to the entire production database.

Noice

Alacsonyszintű JÉG volt az adaterődben

Kuang vírus ftw.

The agent mapped the attack surface and found the API documentation publicly exposed — over 200 endpoints, fully documented. Most required authentication. Twenty-two didn’t.

One of those unprotected endpoints wrote user search queries to the database. The values were safely parameterised, but the JSON keys — the field names — were concatenated directly into SQL.

what coudld go wrong