The past week highlighted a shift that many security leaders have sensed for some time. Technology is moving fast, yet security discipline is struggling to keep pace.
Two developments stood out. First, an AI-driven breach of McKinsey’s internal platform exposed how fragile connected systems can be. Then, Instagram’s decision to step back from end-to-end encryption signalled a broader rethink of privacy and control.
Individually, these stories are important. Together, they reveal something deeper. Security is no longer about protecting isolated tools. It is about understanding how complex, connected systems behave under pressure.
When AI became the entry point, not the target
The McKinsey incident is not just another breach story. It reflects how attack paths are evolving in environments shaped by AI.
A controlled exercise by cybersecurity startup CodeWall demonstrated how an autonomous AI agent could infiltrate McKinsey’s internal AI platform, Lilli, within hours. The cost was minimal, yet the implications were far-reaching.
What actually happened
The agent did not attempt to manipulate the Large Language Model. Instead, it focused on the surrounding infrastructure, which proved to be the weaker link.
Using publicly available documentation, the agent mapped more than 200 API endpoints. What stood out was how many of these were insufficiently protected. Twenty-two endpoints required no authentication, and one exposed endpoint allowed a basic SQL injection attack. This vulnerability, despite being well understood in the security community, had remained unnoticed internally for two years.
By carefully interacting with these systems and analysing database responses, the agent was able to escalate its privileges. It eventually gained full read and write access within the production environment. From there, it accessed millions of chat records, hundreds of thousands of files, and tens of thousands of user accounts. Even more concerning, it was able to modify internal system prompts without triggering any alerts, effectively influencing how the AI behaved.
This was not a sophisticated zero-day attack. It was a chain of familiar weaknesses, identified and exploited at speed.
Why this matters more than a typical breach
What makes this incident different is not just the exposure, but the method. The use of an autonomous agent changes the dynamics of how attacks unfold.
Traditionally, attackers needed time and coordination to move through systems. Here, discovery, testing, and escalation were handled rapidly and systematically. The entire attack lifecycle was compressed into a matter of hours.
This shift also lowers the barrier to entry. The sophistication lies less in discovering new vulnerabilities and more in orchestrating existing ones efficiently. That makes even basic security gaps far more dangerous than they once were.
The real risk: the action layer around AI
Much of the conversation around AI security focuses on model behaviour. Issues such as prompt injection and data leakage tend to dominate discussions. However, this incident highlights a different layer of concern.
1. APIs are now the frontline
AI systems are deeply connected by design. They rely on APIs to retrieve data, trigger workflows, and interact with enterprise applications. Each of these connections introduces a potential entry point.
When APIs are poorly documented, weakly authenticated, or simply forgotten over time, they create what are often referred to as shadow APIs. These are not abstract risks. They are real, accessible pathways that attackers can discover and exploit with relative ease.
2. Machine-speed exploitation changes the equation
An AI agent approaches a system very differently from a human attacker. It can test endpoints continuously, analyse responses instantly, and adapt its approach without delay.
This creates a compounding effect. Discovery becomes faster, exploitation becomes more consistent, and vulnerabilities that might have seemed minor in isolation can be chained together into a serious breach.
The result is a new kind of risk profile, where speed and scale amplify even the smallest weaknesses.
3. Business risk is now directly tied to AI security
McKinsey confirmed that no client data was compromised, which is reassuring. However, the broader implications extend well beyond immediate exposure.
AI advisory contributes a significant portion of its business. Any incident involving internal AI systems has the potential to affect client confidence, raise questions about governance, and influence future engagements.
Security is no longer confined to technical teams. It directly impacts revenue, reputation, and long-term positioning in the market. Increasingly, organisations are recognising that operational risk, security risk, and business risk are closely intertwined.
This shift changes how security is prioritised at the leadership level. It is no longer just about preventing incidents, but about maintaining trust and continuity.
Encryption rollback: strategic shift by Instagram
Alongside the McKinsey incident, another development drew attention for a very different reason. Meta’s decision to step back from full end-to-end encryption for Instagram direct messages reflects a broader shift in platform thinking.
1. Why platforms reconsider encryption
End-to-end encryption has long been associated with strong user privacy. It ensures that only the sender and recipient can read messages. However, it also limits a platform’s ability to monitor harmful activity.
This creates challenges when it comes to detecting abuse, investigating incidents, and meeting regulatory expectations. As platforms grow and face increasing scrutiny, these limitations become harder to manage.
2. What this shift enables
By reducing reliance on full encryption, Instagram gains greater visibility into user communications. This makes it easier to identify harmful content, respond to abuse reports, and align with compliance requirements across different regions.
From an operational standpoint, this improves control and responsiveness.
3. The trade-off users and businesses must consider
The trade-off, however, is clear. Increased visibility comes at the cost of reduced privacy.
For users, this raises concerns about how their data is accessed and used. For businesses, particularly those that rely on digital communication channels, it introduces questions around confidentiality and trust.
This decision reflects a broader reality. Security choices are increasingly shaped by regulatory, operational, and societal pressures, not just technical considerations.
A common thread: control vs complexity
At first glance, these two developments may seem unrelated. One is a breach scenario, while the other is a strategic product decision. However, both point to the same underlying challenge.
What security leaders should do next
These developments are not isolated. They reflect a broader shift in how risks are emerging and how organisations must respond.
Security strategies need to move beyond a narrow focus on AI models. The surrounding ecosystem, including APIs, integrations, and data flows, must be continuously assessed and secured.
It is equally important to identify and manage shadow APIs. Many organisations are unaware of how many endpoints exist within their environments. Regular discovery and clean-up efforts can significantly reduce exposure.
At the same time, teams need to prepare for increasingly automated threat actors. Detection and response strategies must evolve to keep pace with faster, more adaptive attacks.
Finally, security must be aligned with business priorities. Leadership teams should view security not just as a defensive measure, but as a critical component of trust and resilience.
Conclusion
This week’s events point to a clear shift in cybersecurity. AI is expanding the attack surface in ways that are still being understood. At the same time, platforms are re-evaluating how much control they need over user interactions.
The common factor is complexity. Managing this complexity requires more than deploying tools. It requires a clear understanding of how systems connect, where risks emerge, and how quickly they can escalate.
At CyberNX, we work alongside organisations to uncover hidden exposures, secure critical interfaces, and strengthen resilience across interconnected environments. If your AI and digital systems are evolving, your security approach should evolve with them. Let’s start that conversation.
FAQs
How are AI agents changing the nature of cyberattacks?
AI agents automate the process of discovering and exploiting vulnerabilities, making attacks faster and more scalable.
What are shadow APIs and why are they risky?
Shadow APIs are undocumented or forgotten endpoints that often lack proper security controls, making them easy entry points for attackers.
Does removing end-to-end encryption improve security?
It improves platform visibility and moderation capabilities, but reduces user privacy, creating a trade-off.
How can organisations secure AI-driven systems effectively?
By focusing on the entire ecosystem, including APIs, integrations, and access controls, supported by continuous monitoring.
