Mastodon Feed: Post

Mastodon Feed

Boosted by fromjason ("fromjason.xyz ❤️ 💻 ✍️ 🥐 🇵🇷"):
paninid@mastodon.world ("Coach Pāṇini ®") wrote:

Legit incredible.

Trung T. Phan • Following Building (Bearly AI) and Writing (Workweek) 1h • Edited • G •.• X McKinsey built an Al chatbot (Lilli) trained on 100 years of its work 100k documents and interviews. About 70% of 45k employees use the tool, making 500k prompts a month. A research firm hacked into it with "full read and write access to production database" including "47m chat messages about strategy, M&A, client engagement, all in plain text along with 728k containing confidential client data, 57k user accounts, and 95 system prompts controlling Al's behaviour." McKinsey said it has patched up the vulnerability, which was made possible by "publicly exposed API documentation, including 22 endpoints that didn't require authentication...one of these wrote user search queries, and the agent found that the JSON keys (these are the field names) were concatenated into SQL and vulnerable to SQL injection." Insane. Bro, you're supposed to be doing the digital transformations! ***