Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, the developer of the popular autonomous coding agent 'Devin', announced a significant security breach. Attackers exploited a vulnerability in a third-party data pipeline tool, gaining unauthorized access to a vast repository of data. The compromised dataset includes proprietary source code used for training future versions of their models, as well as millions of user prompts and generated outputs from their enterprise clients. The company stated that while no direct PII was exposed, the leaked prompts contain sensitive business logic and intellectual property from several Fortune 500 companies. The incident highlights the growing risk of supply chain attacks targeting AI development infrastructure and the immense value of training data as a target for corporate espionage. Cognition AI has since patched the vulnerability and is working with affected customers.