Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
A major breach at Cognition AI, the company behind the Devin autonomous agent, was disclosed today. Attackers exploited a zero-day vulnerability in a third-party data processing library used in their cloud infrastructure. This allowed them to exfiltrate a massive dataset containing proprietary source code for the Devin model, pre-release training data, and millions of user prompts and generated outputs. The breach raises significant concerns about the security of AI development environments and the sensitivity of user interaction data. The company has taken the system offline and is working with cybersecurity firms to investigate the full extent of the damage. This incident highlights the growing value of AI companies as targets for industrial espionage and cybercrime, with threat actors seeking to steal valuable intellectual property.