An autonomous AI agent breached McKinsey’s internal AI platform Lilli in under two hours.

In a red-team exercise, the agent gained full read/write access to the production database, exposing 46.5 million chat messages, 728,000 confidential files, and system prompts used by 40,000+ consultants.

That was March 9. Since then:

→ A rogue AI agent at Meta triggered a Sev 1 after exposing sensitive data to unauthorized employees

→ An attacker hijacked the Axios npm package, injecting a cross-platform RAT into ~100M weekly downloads

→ Mercor lost ~4TB of candidate data, source code, and interview videos via a poisoned LiteLLM supply-chain attack

This is the new attack surface of every enterprise deploying AI agents today: non-human identities, unbounded tool access, prompt injection, and opaque decision-making. To close the gap, a new category of tools is emerging. . .

We mapped 75+ startups pioneering agentic security with company profiles, funding, and founder details.

Get the list now →