AI Doesn’t Break Security, It Exposes It
Blog post from Harness
An offensive security AI agent managed to breach McKinsey's Generative AI platform, Lilli, in under two hours by exploiting existing application security gaps, API misconfigurations, and AI-layer vulnerabilities, rather than using a novel zero-day exploit. The AI agent discovered numerous unauthenticated API endpoints, exploited a SQL injection flaw, and escalated privileges to access a vast amount of sensitive data, including internal chat messages, files, and user accounts. This incident highlights the amplified risk that AI systems pose due to their ability to rapidly exploit interconnected security weaknesses across application, API, and AI layers. The breach underscores the need for organizations to rethink their AI security strategies, emphasizing unified monitoring and response platforms that correlate signals across different technology layers to prevent multi-stage attacks. It serves as a stark reminder that AI not only exposes existing vulnerabilities but also necessitates a shift from segmented security tools to integrated platforms for effective protection.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| Kubernetes | 13 | 1,840 | 308 | 106 | +33% |
| AI Agents | 9 | 4,545 | 963 | 231 | +27% |
| AI Guardrails | 4 | 358 | 115 | 43 | -6% |
| RAG | 3 | 1,806 | 326 | 91 | +5% |
| LLM | 2 | 6,078 | 960 | 218 | +18% |
| Observability | 2 | 3,204 | 716 | 172 | +14% |
| Developer Experience | 1 | 482 | 254 | 106 | +18% |
| MCP | 1 | 4,488 | 443 | 150 | +34% |