Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, the creators of the AI software engineer 'Devin', confirmed a significant security breach. Attackers exploited a zero-day vulnerability in their internal CI/CD pipeline, gaining access to sensitive repositories. The breach resulted in the exfiltration of large portions of Devin's proprietary source code, internal training datasets, and API keys belonging to enterprise customers. The leaked data, which appeared on a dark web forum, poses a severe threat to Cognition AI's intellectual property and its customers' security. The company has since patched the vulnerability and is working with cybersecurity firms and law enforcement to investigate the incident. The breach highlights the increasing trend of targeting AI companies not just for user data, but for their core intellectual property and powerful models.