Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, the company behind the AI software engineer Devin, announced a significant security breach affecting its core infrastructure. Unauthorized actors gained access to servers containing proprietary training datasets and a large cache of enterprise user prompts and generated code. The breach exposes sensitive intellectual property from both Cognition AI and its clients, raising concerns about the security of AI development environments. The incident highlights the high value of training data and user interactions as targets for industrial espionage. The company has since patched the exploited vulnerability, notified affected customers, and engaged a third-party cybersecurity firm to conduct a full forensic investigation. This event underscores the critical need for robust security measures protecting the entire AI lifecycle, from data collection to model deployment and user interaction logging.