https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform "The agent mapped the attack surface and found the API documentation publicly exposed — over 200 endpoints, fully documented. Most required authentication. Twenty-two didn't. One of those unprotected endpoints wrote user search queries to the database. The values were safely parameterised, but the JSON keys — the field names — were concatenated directly into SQL." Read and write access to everything. #mckinsey #security #ai #sqlinjection