A hacker broke into Bain & Co’s Pyxis platform in just 18 minutes, accessing nearly 10,000 AI‑driven conversations that include client data from food‑brand competitors. The breach followed a similar attack on McKinsey last month and spotlights risks tied to rapid AI deployment.

CodeWall traced the intrusion to an exposed username and password embedded in public web code, revealing that employee emails and security tokens were also compromised. Bain immediately engaged external cyber‑security experts, tightened defenses, and denied claims that proprietary client data was exposed.

The incident underscores a broader pattern: top consulting firms, including BCG, have faced “basic” vulnerabilities that allow data tampering. With Bain’s partnership with Andrew Ng and Palantir and BCG’s forecast that AI will drive 40 % of its 2026 revenue, the breach signals that advisers must audit their own AI systems before recommending them to clients.