Blog

Research & News

13th April 2026

How We Hacked Bain's Competitive Intelligence Platform

Our agent found hardcoded credentials in a public JavaScript file in under 18 minutes. A chained SQL injection gave us everything else — 159 billion rows of consumer data and the competitive strategies of some of the world's biggest brands.

31st March 2026

How We Hacked BCG's Data Warehouse — 3.17 Trillion Rows, Zero Authentication

Our autonomous hacking agent found an unauthenticated SQL execution endpoint on BCG's X Portal. Behind it: 131 terabytes and 3.17 trillion rows of data.

10th March 2026

AI vs AI: How Our AI Agent Hacked a $20M-Funded AI Recruiter

Our autonomous agent chained four harmless bugs into a CVSS 9.8 org takeover of a $20M-funded AI recruiter — then gave itself a voice and talked to the target's AI. Clients included Anthropic, Stripe, and Monzo.

9th March 2026

How We Hacked McKinsey's AI Platform

An autonomous AI agent found a SQL injection in McKinsey's Lilli AI platform. What it extracted was worse than we expected.