Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the creator of the AI software engineer 'Devin', has confirmed a significant security breach that resulted in the exfiltration of its proprietary source code and key training datasets. The attack vector was identified as a zero-day vulnerability in a popular open-source workflow orchestration tool used within their MLOps pipeline. Threat actors reportedly exploited the vulnerability to gain initial access and then moved laterally to access sensitive code repositories and data storage buckets. This incident highlights the critical importance of securing the entire AI development lifecycle, as compromised model architecture and training data could be used to replicate the system or develop sophisticated malicious AI agents. Cognition Labs has since patched the vulnerability and is working with leading cybersecurity firms to investigate the full extent of the breach. The event has sent shockwaves through the AI startup community, underscoring the high value of AI-related intellectual property.