Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
Cognition Labs, the creator of the AI software engineer 'Devin', disclosed a significant security breach. Attackers exploited a zero-day vulnerability in a third-party data processing library used in their internal infrastructure. The breach resulted in the exfiltration of sensitive data, including pre-release versions of the Devin model's weights, internal training datasets, and a large corpus of user-submitted prompts and code snippets from their enterprise clients. Security researchers believe the stolen model weights could be reverse-engineered to uncover proprietary training techniques or used to create powerful, malicious code-generating agents. The company has notified affected customers and is working with cybersecurity firms to investigate the full extent of the compromise. This incident highlights the growing threat of intellectual property theft targeting leading AI firms and the critical need for robust supply chain security.