Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the company behind the AI software engineer Devin, announced it suffered a major security breach. Attackers exploited a zero-day vulnerability in a third-party cloud infrastructure service to gain access to the company's internal networks. The breach resulted in the exfiltration of significant portions of Devin's proprietary source code and training data sets. Furthermore, a database containing user project information, including private code repository access tokens and API keys connected to the Devin platform, was compromised. The company has since patched the vulnerability, invalidated all exposed credentials, and notified affected users. The incident underscores the high-value nature of AI companies as targets for industrial espionage and highlights the critical importance of supply chain security in the AI development lifecycle. Forensic investigations are currently underway.