Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the company behind the popular AI software engineer 'Devin', announced a significant data breach that occurred in late May 2026. Attackers exploited a zero-day vulnerability in their private cloud infrastructure, gaining unauthorized access to user data. The breach exposed thousands of private code repositories, proprietary algorithms, and sensitive API keys that users had integrated with their Devin agents. The company stated that the attackers appeared to be a sophisticated group targeting intellectual property. The incident has raised serious concerns about the security of AI agent platforms that have deep integrations into corporate development environments. Cognition Labs has since patched the vulnerability and is working with cybersecurity firms to investigate the full extent of the damage and notify affected users.