Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, the developer of the popular AI-powered code assistant 'CodeWeaver', announced a significant security breach. Attackers exploited a vulnerability in a third-party logging service integrated into their cloud infrastructure. The breach exposed a database containing millions of user-submitted code snippets, some of which included hard-coded API keys, access tokens, and other sensitive credentials. The company confirmed that data from a three-month period was exfiltrated. While Cognition AI stated that core models were not compromised, the incident highlights the risks of supply chain vulnerabilities in the AI development lifecycle. They are now working with affected users to rotate credentials and have published a post-mortem analysis. The breach has raised serious concerns about the security practices of AI tool providers who handle sensitive intellectual property and developer secrets.