Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the company behind the AI software engineer Devin, has confirmed a significant data breach. Attackers exploited a zero-day vulnerability in an internal API gateway used for data synchronization between development and production environments. This allowed them to access and exfiltrate terabytes of sensitive data, including proprietary source code for Devin's core reasoning engine, pre-release training datasets, and the personally identifiable information (PII) of over 50,000 enterprise users. The attackers are demanding a substantial ransom in cryptocurrency. Cognition Labs has temporarily suspended new user sign-ups and is working with cybersecurity firms to investigate the full extent of the damage. The incident highlights the growing risk for AI companies, which are prime targets due to the high value of their intellectual property and training data.