Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: incident
AI research company Cognition Labs has disclosed a critical vulnerability, dubbed 'Agentic Loop', affecting its Devin AI software engineer agent. The vulnerability allowed a malicious actor to craft a project goal that would trick the AI agent into an infinite resource consumption loop, leading to a denial-of-service (DoS) attack on the cloud infrastructure hosting the agent. The loop was triggered by exploiting the agent's error-correction and recursive self-improvement logic. An attacker could present a seemingly simple coding task with a subtle, unsolvable logical paradox. The agent would then recursively attempt to debug its own code, provisioning more and more compute and memory resources until the host environment crashed. Cognition Labs has released a patch that introduces meta-level monitoring to detect and terminate such recursive loops before they escalate. The company is urging all users of its on-premise deployments to update immediately, as the exploit is relatively simple to execute.