Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the creator of the autonomous AI software engineer Devin, has disclosed a significant data breach. The breach exposed a massive dataset containing user prompts, generated code snippets, and API keys linked to private code repositories. The attackers reportedly exploited a vulnerability in a third-party logging service integrated with Devin's infrastructure, which allowed them to gain unauthorized access to logs spanning several months. The leaked data, which appeared on a dark web forum, raises serious concerns about intellectual property theft and the security of AI-powered development tools that handle sensitive code. Cognition Labs has since patched the vulnerability, invalidated exposed credentials, and is working with cybersecurity firms to investigate the full extent of the breach. The incident highlights the critical need for robust security measures for AI systems that interact with proprietary user data and codebases.