Cybersecurity Today – Episode Summary

Episode: AI Agent Hacks McKinsey Chatbot in 2 Hours
Host: Jim Love
Date: March 13, 2026

Episode Overview

In this episode, Jim Love highlights the escalating cybersecurity challenges businesses face in 2026, focusing on automated AI-driven attacks, evolving supply chain threats, persistent malware in routers, the dangers of compromised passwords, and a novel kind of Trojan hidden in AI models. The episode explores recent incidents and research, unpacking how traditional and emerging threats are converging in the AI era, and what defenders can do in response.

Key Discussion Points & Insights

1. AI Agent Breaches McKinsey’s Internal Chatbot (Lilly)

[00:44–06:30]

Story:
Security researchers at Codewall tested their autonomous security agent against McKinsey’s internal AI platform "Lilly." Starting only from public web access—no insider credentials—the AI agent gained read/write access to the system database in two hours.
What Was at Stake:
- 46.5 million internal chat conversations
- 728,000 files
- 57,000 user accounts
- 95 system prompts controlling AI assistant behavior
Technical Route:
The agent chained classic vulnerabilities: exposed APIs and an SQL injection.
Notably, it autonomously chained these at machine speed rather than relying on human attackers.
Quote (Jim Love):

“The difference is the AI agent explored the system autonomously and assembled the attack at machine speed…” (03:55)
McKinsey’s Response:
Issues were responsibly disclosed and fixed quickly; “no evidence of any unauthorized access.”
Takeaway:
- AI systems, if built on insecure fundamentals (APIs, databases), are just as vulnerable as traditional apps.
- Automated agents can now discover and exploit weaknesses faster than humans.

2. Phantom Raven: A Supply Chain Threat via NPM

[06:31–10:29]

Incident:
88 malicious packages published to NPM (Node Package Manager) as part of a campaign called “Phantom Raven.” Packages looked like useful dev tools, but stole SSH keys, usernames, IP addresses, and more once installed.
Evasion Technique:
- Malicious code not directly in the package
- Small loader downloads payload at runtime from an external server
- Attackers change the loader’s placement to evade detection
Quote (Jim Love):

“Software supply chain security can’t rely only on scanning packages before installation… the threat may only appear once the software is already running…” (09:25)
Takeaway:
- Static scanning is insufficient; organizations need to defend against dynamic, runtime attacks in the software supply chain.

3. "Strong" Passwords That Are Already Compromised

[10:30–14:05]

Research:
83% of 800 million known compromised passwords still satisfy complexity rules required by regulations.
Attack Vector:
Modern attacks use credential stuffing—using leaked passwords from other breaches to log in directly.
Quote (Jim Love):

“A password may pass every compliance rule and still be known to attackers.” (12:50)
Security Gaps:
- Most audits only check password complexity, not whether passwords are breached
- Critical accounts (admins, developers, execs) often overlooked
Defensive Measure:
- Check all passwords against breach databases
- Pair strong passwords with multi-factor authentication

4. Persistent Router Malware Infects 14,000 Devices

[14:06–17:16]

Scope:
Over 14,000 internet routers globally infected with malware that survives standard cleaning (reboots, config resets).
Risks:
- Routers used for DDoS, attack obfuscation, or traffic monitoring
Persistence Techniques:
Only full factory reset plus additional secure steps can remove malware.
Mitigation Steps:
- Full factory reset
- Change default admin passwords
- Disable unused remote management
- Promptly install firmware updates
Quote (Jim Love):

“Routers are often the most neglected devices on a network…They may run for years with outdated firmware and default credentials, making them a convenient foothold for attackers.” (16:42)

5. Trojan Backdoors Hidden in AI Models

[17:17–21:52]

Emerging Threat:
Attackers can embed triggers into the AI model itself during training—no malware file needed.
Example:
An image recognition AI classifies “stop” signs correctly, but a tiny visual marker triggers misclassification—a hidden behavior with no standard security signature.
Quote (Jim Love):

“The disturbing part is that these back doors may leave no traditional security signature… The trigger is hidden inside the mathematical structure of the model itself until it appears, the system behaves normally.” (19:22)
Mitigation Strategies:
- Stress test models with unusual inputs
- Secure and control the data/model training pipeline
- Treat pre-trained AI models like third-party software—validate before use
- Monitor models for deviant behavior over their lifecycle
Call to Action:
Jim Love invites security researchers working on detection of hidden AI model backdoors to reach out for potential collaboration or future features

“If you’re working in this field or you know someone who is, I’d very much like to hear from you.” (21:21)

Notable Quotes

On AI Autonomy in Attacks:

“The difference is the AI agent explored the system autonomously and assembled the attack at machine speed…” – Jim Love (03:55)
On Software Supply Chain Security:

“Software supply chain security can’t rely only on scanning packages before installation… the threat may only appear once the software is already running.” – Jim Love (09:25)
On Password Safety:

“A password may pass every compliance rule and still be known to attackers.” – Jim Love (12:50)
On Router Neglect:

“Routers are often the most neglected devices on a network…They may run for years with outdated firmware and default credentials, making them a convenient foothold for attackers.” – Jim Love (16:42)
On AI Model Trojans:

“The disturbing part is that these back doors may leave no traditional security signature… The trigger is hidden inside the mathematical structure of the model itself.” – Jim Love (19:22)

Important Timestamps

00:44: AI agent breaches McKinsey’s chatbot
06:31: Phantom Raven npm supply chain attack
10:30: Study: Strong passwords already breached
14:06: 14,000 routers infected with persistent malware
17:17: Trojan backdoors hidden in AI models
21:21: Call for AI Trojan backdoor research collaborators

Episode Tone

Jim Love delivers a concise, urgent, and informed overview—balancing technical explanations with actionable insights—sounding the alarm for organizations to not only patch technical gaps, but to adapt to threats accelerated by machine speed and AI ingenuity.

For more detailed discussion or to contribute research, contact Jim Love via the Contact Us page at technewsday.ca or technewsday.com.

Cybersecurity Today – Episode Summary

Episode: AI Agent Hacks McKinsey Chatbot in 2 Hours
Host: Jim Love
Date: March 13, 2026

Episode Overview

Key Discussion Points & Insights

1. AI Agent Breaches McKinsey’s Internal Chatbot (Lilly)

[00:44–06:30]

Story:
Security researchers at Codewall tested their autonomous security agent against McKinsey’s internal AI platform "Lilly." Starting only from public web access—no insider credentials—the AI agent gained read/write access to the system database in two hours.
What Was at Stake:
- 46.5 million internal chat conversations
- 728,000 files
- 57,000 user accounts
- 95 system prompts controlling AI assistant behavior
Technical Route:
The agent chained classic vulnerabilities: exposed APIs and an SQL injection.
Notably, it autonomously chained these at machine speed rather than relying on human attackers.
Quote (Jim Love):

“The difference is the AI agent explored the system autonomously and assembled the attack at machine speed…” (03:55)
McKinsey’s Response:
Issues were responsibly disclosed and fixed quickly; “no evidence of any unauthorized access.”
Takeaway:
- AI systems, if built on insecure fundamentals (APIs, databases), are just as vulnerable as traditional apps.
- Automated agents can now discover and exploit weaknesses faster than humans.

2. Phantom Raven: A Supply Chain Threat via NPM

[06:31–10:29]

Incident:
88 malicious packages published to NPM (Node Package Manager) as part of a campaign called “Phantom Raven.” Packages looked like useful dev tools, but stole SSH keys, usernames, IP addresses, and more once installed.
Evasion Technique:
- Malicious code not directly in the package
- Small loader downloads payload at runtime from an external server
- Attackers change the loader’s placement to evade detection
Quote (Jim Love):

“Software supply chain security can’t rely only on scanning packages before installation… the threat may only appear once the software is already running…” (09:25)
Takeaway:
- Static scanning is insufficient; organizations need to defend against dynamic, runtime attacks in the software supply chain.

3. "Strong" Passwords That Are Already Compromised

[10:30–14:05]

Research:
83% of 800 million known compromised passwords still satisfy complexity rules required by regulations.
Attack Vector:
Modern attacks use credential stuffing—using leaked passwords from other breaches to log in directly.
Quote (Jim Love):

“A password may pass every compliance rule and still be known to attackers.” (12:50)
Security Gaps:
- Most audits only check password complexity, not whether passwords are breached
- Critical accounts (admins, developers, execs) often overlooked
Defensive Measure:
- Check all passwords against breach databases
- Pair strong passwords with multi-factor authentication

4. Persistent Router Malware Infects 14,000 Devices

[14:06–17:16]

Scope:
Over 14,000 internet routers globally infected with malware that survives standard cleaning (reboots, config resets).
Risks:
- Routers used for DDoS, attack obfuscation, or traffic monitoring
Persistence Techniques:
Only full factory reset plus additional secure steps can remove malware.
Mitigation Steps:
- Full factory reset
- Change default admin passwords
- Disable unused remote management
- Promptly install firmware updates
Quote (Jim Love):

“Routers are often the most neglected devices on a network…They may run for years with outdated firmware and default credentials, making them a convenient foothold for attackers.” (16:42)

5. Trojan Backdoors Hidden in AI Models

[17:17–21:52]

Emerging Threat:
Attackers can embed triggers into the AI model itself during training—no malware file needed.
Example:
An image recognition AI classifies “stop” signs correctly, but a tiny visual marker triggers misclassification—a hidden behavior with no standard security signature.
Quote (Jim Love):

“The disturbing part is that these back doors may leave no traditional security signature… The trigger is hidden inside the mathematical structure of the model itself until it appears, the system behaves normally.” (19:22)
Mitigation Strategies:
- Stress test models with unusual inputs
- Secure and control the data/model training pipeline
- Treat pre-trained AI models like third-party software—validate before use
- Monitor models for deviant behavior over their lifecycle
Call to Action:
Jim Love invites security researchers working on detection of hidden AI model backdoors to reach out for potential collaboration or future features

“If you’re working in this field or you know someone who is, I’d very much like to hear from you.” (21:21)

Notable Quotes

On AI Autonomy in Attacks:

“The difference is the AI agent explored the system autonomously and assembled the attack at machine speed…” – Jim Love (03:55)
On Software Supply Chain Security:

“Software supply chain security can’t rely only on scanning packages before installation… the threat may only appear once the software is already running.” – Jim Love (09:25)
On Password Safety:

“A password may pass every compliance rule and still be known to attackers.” – Jim Love (12:50)
On Router Neglect:

“Routers are often the most neglected devices on a network…They may run for years with outdated firmware and default credentials, making them a convenient foothold for attackers.” – Jim Love (16:42)
On AI Model Trojans:

“The disturbing part is that these back doors may leave no traditional security signature… The trigger is hidden inside the mathematical structure of the model itself.” – Jim Love (19:22)

Important Timestamps

00:44: AI agent breaches McKinsey’s chatbot
06:31: Phantom Raven npm supply chain attack
10:30: Study: Strong passwords already breached
14:06: 14,000 routers infected with persistent malware
17:17: Trojan backdoors hidden in AI models
21:21: Call for AI Trojan backdoor research collaborators

Episode Tone

For more detailed discussion or to contribute research, contact Jim Love via the Contact Us page at technewsday.ca or technewsday.com.

wavePod

AI Agent Hacks McKinsey Chatbot in 2 Hours

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Cybersecurity Today – Episode Summary

Episode Overview

Key Discussion Points & Insights

1. AI Agent Breaches McKinsey’s Internal Chatbot (Lilly)

2. Phantom Raven: A Supply Chain Threat via NPM

3. "Strong" Passwords That Are Already Compromised

4. Persistent Router Malware Infects 14,000 Devices

5. Trojan Backdoors Hidden in AI Models

Notable Quotes

Important Timestamps

Episode Tone

Summary

Cybersecurity Today – Episode Summary

Episode Overview

Key Discussion Points & Insights

1. AI Agent Breaches McKinsey’s Internal Chatbot (Lilly)

2. Phantom Raven: A Supply Chain Threat via NPM

3. "Strong" Passwords That Are Already Compromised

4. Persistent Router Malware Infects 14,000 Devices

5. Trojan Backdoors Hidden in AI Models

Notable Quotes

Important Timestamps

Episode Tone