Cognition’s Devin Launches AI Agent to Fix Security Bugs

Cognition, the AI lab behind the autonomous coding agent Devin, has launched Devin Security Swarm, a tool designed to help enterprise security teams find, verify and patch vulnerabilities faster than manual review allows.

The launch addresses a widening gap in enterprise security: as AI agents write and ship code at increasing speed, the volume of security findings has outpaced the capacity of human review teams. According to Cognition, monthly security findings across the enterprise have climbed from roughly 1,000 to more than 10,000 within six months, driven in part by the rising share of AI-generated code.

How Devin Security Swarm works

Devin Security Swarm uses what Cognition calls an agentic map-reduce architecture, deploying parallel agents to scan across a codebase for vulnerabilities such as business logic gaps and authentication bypasses that span multiple services. Each finding is reproduced in an isolated sandbox to confirm it is genuinely exploitable before Devin writes a patch and opens a pull request — collapsing the usual detect-verify-fix cycle into a single automated workflow.

“Devin Security Swarm gives security teams engineering capacity they’ve never had,” said Nick Wong, Security Engineering Lead at Cognition. “Now, security teams can validate which vulnerabilities are actually exploitable and fix them directly, instead of handing findings to engineering and waiting.”

Benchmarked performance

Cognition says it tested the tool against a benchmark of 50 real-world vulnerabilities tied to published GitHub Security Advisories across 14 programming languages. Devin Security Swarm identified 36 of the 50 — more than any other AI-powered scanner tested — at 30 percent lower cost per finding than the next-most-accurate alternative. Three critical vulnerabilities were reportedly found exclusively by Devin and missed by every other tool in the test.

The launch lands as security researchers, including teams at Microsoft and Mozilla, have flagged new attack techniques specifically targeting AI-powered coding tools — adding urgency to the case for validating AI-assisted software development rather than simply accelerating it.

A regional readiness gap

The timing is notable for Asia-based enterprises. Separate research from Commvault and Omdia, released this month, found that nearly all organisations in the region plan to increase AI investment in 2026, with more than a third already testing or deploying agentic AI — yet many still lack the governance and cyber resilience needed to keep pace with increasingly autonomous systems.

Cognition also offers a six-week Devin Security Program to help enterprises assess their application security posture and clear existing vulnerability backlogs. Devin Security Swarm is available globally to enterprise customers now.

Author


Discover more from techcoffeehouse.com

Subscribe to get the latest posts sent to your email.

Use promo code “TCH15” to get 15% off on checkout.

Share your thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from techcoffeehouse.com

Subscribe now to keep reading and get access to the full archive.

Continue reading

Discover more from techcoffeehouse.com

Subscribe now to keep reading and get access to the full archive.

Continue reading