Best Practices for Implementing AI Agents

A security research team exploited a SQL-injection-style weakness in McKinsey's Lilli AI platform, gaining access to massive amounts of chat logs, files, user accounts, and AI agent configurations (including system prompts), demonstrating how an attacker could exfiltrate data, remove guardrails, and persist or alter AI behavior; the issue was responsibly disclosed and patched. The report uses this incident to highlight systemic risks from agentic AI and recommends governance centered on least agency and strong observability.