Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the company behind the AI software engineer 'Devin', confirmed a significant security breach that resulted in the exfiltration of sensitive intellectual property. Attackers, believed to have leveraged a sophisticated social engineering campaign against a senior engineer, gained access to internal code repositories. The stolen data reportedly includes the full model weights for an unreleased version of their flagship agentic AI model and a multi-terabyte dataset of curated code and developer interactions used for its training. This incident is considered catastrophic for the company, as the leaked assets could allow competitors to replicate their technology, erasing their competitive advantage. The breach highlights the critical need for robust security controls around the core assets of AI companies, treating model weights and training data as top-tier secrets.