Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
A sophisticated threat actor successfully breached Cognition Labs, the creators of the AI software engineer 'Devin'. The attackers employed a novel 'model inversion' technique, not against a standard machine learning model, but against an internal code optimization and suggestion AI. By carefully crafting input queries to this auxiliary system, they were able to reconstruct significant portions of the proprietary source code for the Devin agent. This incident highlights a new attack surface where internal, non-public-facing AI tools can be exploited to reveal sensitive intellectual property. The company has temporarily suspended public access to Devin's API and is working with cybersecurity firms to assess the full extent of the code exfiltration. The breach has raised serious concerns about the security of AI development pipelines themselves.