A cybersecurity startup's autonomous AI agent successfully breached McKinsey's internal AI platform, Lilli, in just two hours, exposing a significant vulnerability in the system. The agent, developed by CodeWall, exploited a basic database flaw that has been present for years, gaining access to tens of millions of messages and hundreds of thousands of files on February 281. This flaw, which has been a known issue since the early days of the web, was surprisingly still unpatched, allowing the autonomous agent to penetrate the system with ease. The breach highlights the importance of regularly updating and patching vulnerabilities, even in complex AI systems. The fact that a basic flaw went unaddressed for so long raises concerns about the security posture of organizations using AI platforms. This incident matters to practitioners because it underscores the need for rigorous security testing and patch management to prevent similar breaches.