https://codewall.ai/blog Security research and vulnerability disclosures from CodeWall's autonomous offensive AI agents. en Wed, 15 Apr 2026 21:39:54 GMT https://codewall.ai/blog/how-we-hacked-bains-competitive-intelligence-platform https://codewall.ai/blog/how-we-hacked-bains-competitive-intelligence-platform Mon, 13 Apr 2026 00:00:00 GMT Our agent found hardcoded credentials in a public JavaScript file in under 18 minutes. A chained SQL injection gave us everything else — 159 billion rows of consumer data and the competitive strategies of some of the world's biggest brands. https://codewall.ai/blog/how-we-hacked-bcgs-data-warehouse-3-17-trillion-rows-zero-authentication https://codewall.ai/blog/how-we-hacked-bcgs-data-warehouse-3-17-trillion-rows-zero-authentication Tue, 31 Mar 2026 00:00:00 GMT Our autonomous hacking agent found an unauthenticated SQL execution endpoint on BCG's X Portal. Behind it: 131 terabytes and 3.17 trillion rows of data. https://codewall.ai/blog/ai-vs-ai-how-our-ai-agent-hacked-a-20m-funded-ai-recruiter https://codewall.ai/blog/ai-vs-ai-how-our-ai-agent-hacked-a-20m-funded-ai-recruiter Tue, 10 Mar 2026 00:00:00 GMT Our autonomous agent chained four harmless bugs into a CVSS 9.8 org takeover of a $20M-funded AI recruiter — then gave itself a voice and talked to the target's AI. Clients included Anthropic, Stripe, and Monzo. https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform Mon, 09 Mar 2026 00:00:00 GMT An autonomous AI agent found a SQL injection in McKinsey's Lilli AI platform. What it extracted was worse than we expected.