Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the creator of the AI software engineer 'Devin', disclosed a significant security breach. Attackers exploited a zero-day vulnerability in a third-party data processing library used within their MLOps pipeline. The breach resulted in the exfiltration of the pre-trained model weights for several internal versions of Devin, along with a substantial subset of the curated training data, including proprietary code and data from early partners. The company's incident response team, working with external cybersecurity firms, has patched the vulnerability and is currently assessing the full impact. The leak of the model weights is particularly concerning, as it could allow malicious actors to replicate, analyze, or even fine-tune the powerful code-generation model for their own purposes. The incident highlights the growing threat of intellectual property theft targeting the core assets of AI companies.