Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the creator of the AI software engineer Devin, announced a significant data breach that exposed user project data, including private source code, API keys, and proprietary algorithms. The breach occurred due to a misconfigured cloud storage bucket that was publicly accessible for several weeks between late April and early June 2026. Attackers are believed to have exfiltrated terabytes of sensitive data before the issue was discovered during a routine audit and subsequently remediated. Cognition Labs has notified affected users and is working with cybersecurity firms to investigate the full extent of the compromise. The incident highlights the critical need for robust security postures for AI development platforms that handle sensitive intellectual property and is expected to trigger regulatory scrutiny under GDPR and CCPA.