Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
A sophisticated threat actor breached the internal networks of Cognition Labs, the creators of the AI software engineer 'Devin'. The attackers exfiltrated large portions of Devin's proprietary source code, training datasets, and sensitive customer project data stored in their cloud environment. The breach was attributed to a compromised developer credential leveraged in a targeted social engineering attack. The incident has raised significant concerns about the security of AI development pipelines and the potential for a new class of supply chain attacks targeting autonomous AI agents. Cognition Labs has temporarily suspended new sign-ups and is working with cybersecurity firms to investigate the full extent of the damage.