Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the company behind the AI software engineer 'Devin', has announced a significant security breach. Attackers exploited a vulnerability in a third-party library used for managing Git authentications within the Devin platform. This allowed unauthorized access to private code repositories and API keys that users had granted Devin access to for their software development tasks. The breach exposed proprietary source code, infrastructure credentials, and other sensitive development data for an undisclosed number of corporate clients. Cognition Labs has since patched the vulnerability and is working with affected customers to rotate credentials and assess the impact. The incident underscores the critical security risks associated with granting AI agents access to sensitive development environments and highlights the need for robust sandboxing and credential management for autonomous AI systems.