The Lily incident at McKinsey is not just a security story. It is a warning about how companies buy and build AI platforms. Codewall reportedly gained read and write access to accounts, messages, and system prompts for $20 in about two hours through unauthenticated endpoints. The technical vector discussed in the video — SQL injection — is old; the strategic issue is that modern agents can turn design shortcuts into board-level exposure.
The model is not the hard part
Nate B. Jones argues that, for agents, implementation is strategy. An agent preparing a customer renewal brief may need CRM data, support tickets, contracts, usage data, call transcripts, and an internal wiki. Every access path needs authorization, logging, composition across systems, and fast revocation. If those guarantees are not designed before the purchase or launch, they will not appear after the contract is signed.
Why the old SaaS buying sequence breaks
The familiar sequence — executive decision, contract, security review, IT integration, then developer work — worked for bounded SaaS applications. Agents operate across workflows and permission boundaries that human interfaces used to hide. If developers arrive last, the company has already committed capital to a roadmap whose buildability has not been tested.
The questions to ask before signing
Two questions matter immediately. Does the platform truly distinguish a human user from an agent acting on that user’s behalf? And what is the default behavior when teams are moving fast? If the answer implies broad rights, incomplete audit trails, or slow revocation, the AI budget contains an unpriced liability.
The market signal
Announcements from Anthropic, OpenAI, SAP, Pinecone, Salesforce, and ServiceNow point in the same direction: agent-reachable surfaces, governed actions, permission-aware data, cheaper context assembly, and forward-deployed engineers. Vendors are now selling the operating infrastructure many AI roadmaps assumed they already had.
The practical recommendation is to move architectural review and developer input much earlier. Multi-agent workflows do not behave like traditional SaaS, so AI budgets should not be approved as if they did.
Source
- Chaîne: AI News & Strategy Daily | Nate B Jones
- Vidéo source: https://www.youtube.com/watch?v=EpJ0CjTJSag
No comments yet