Inside the Race to Secure AI Agents Before They Take Over the Enterprise

A red-team exercise at McKinsey demonstrated how quickly autonomous AI can be compromised. Here's how the security industry is responding and what it means for every organization deploying agents in 2026.

The Two Hours That Changed Everything It took less than two hours for an autonomous agent to compromise McKinsey's internal AI platform, Lilli, in a controlled red-team exercise. The agent gained broad system access, traversed multiple data boundaries, and escalated privileges all before a human analyst could intervene. The simulation wasn't designed to alarm; it was designed to illustrate. And illustrate it did: in the time it takes to finish a lunch meeting, an AI agent can become an existential security...