Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
AI startup Cognition Labs announced a significant security breach affecting its autonomous AI software agent, Devin. Threat actors exploited a misconfigured API gateway, gaining unauthorized access to a cloud storage bucket containing a portion of the model's proprietary training dataset and logs of user interactions from a three-month period. The company stated that while no personally identifiable information (PII) beyond user prompts was compromised, the exfiltrated training data represents a major intellectual property loss and could be used by competitors for model replication or analysis. The incident highlights the growing threat of targeting AI-specific assets like training data, which are becoming as valuable as traditional customer data. Cognition Labs has since patched the vulnerability and is working with third-party security firms to audit its infrastructure.