Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, the company behind the AI software engineer 'Devin', announced a significant data breach. The breach, which occurred in late May, exposed the personal information and project data of approximately 1.5 million users. Attackers exploited a zero-day vulnerability in a third-party code repository integration service used by the platform. The exposed data includes usernames, hashed passwords, email addresses, and private code snippets from user projects. Cognition AI has since patched the vulnerability and is working with cybersecurity firms to investigate the full extent of the incident. They are notifying affected users and recommending immediate password changes and enabling multi-factor authentication. This incident highlights the growing attack surface of AI development platforms and the risks associated with third-party service integrations in complex AI systems.