Thursday, July 2, 2026

Cognition Unveils Devin Security Swarm to Automate Enterprise Vulnerability Validation and Patching

Related stories

The rapid rate at which AI is generating codes has left many modern security teams struggling with too many threat possibilities. Many businesses have reported 10x to 100x increases in their security threats, the majority of which have turned out to be false alarms.

Current application security products are having difficulties keeping up with such rates. Whereas automated scanners provide wide coverage, they have failed to discover business logic issues or multi-stage exploits. In contrast, first-gen AI security applications lack the capability to perform holistic analysis of large code repos. Critically, existing tools cannot verify whether a vulnerability is actively exploitable at runtime, nor can they generate and deploy necessary software fixes.

To address these limitations, Cognition has launched Devin Security Swarm. The new solution equips cybersecurity departments with automated engineering capabilities, allowing teams to independently remediate vulnerabilities. Devin Security Swarm is designed to discover system flaws across a codebase, validate exploitability in runtime environments, and automatically deliver remediation pull requests (PRs). Internal benchmarking indicates that the platform identifies more verified vulnerabilities at a 30% lower cost than its closest market alternative.

Architectural Framework and Functionality

The system operates via a network of parallel AI agents distributed across separate segments of an organization’s codebase. By analyzing code context across multiple files, individual agents can identify sophisticated threat vectors, including cross-service exploit paths, chained authentication bypasses, and structural logic flaws.

Once initial vulnerabilities are flagged, Devin aggregates individual data points to map complete attack trajectories. The platform then replicates these attacks within isolated sandbox environments to confirm actual runtime exploitability.

Consequently, security teams only receive alerts for confirmed, actionable vulnerabilities, accompanied by detailed attack paths and reproduction steps. Upon validation, Devin drafts the appropriate code patch and submits a PR for developer review.

Also Read: Arcova Introduces End-to-End Data Center Solution to Navigate Power and Grid Limitations

Benchmark Performance and Technical Capabilities

Cognition assessed the performance of Devin Security Swarm against a particular benchmark, which comprised 50 actual vulnerabilities from GitHub Security Advisories (GHSA). The test included repositories in multiple programming languages such as Go, Python, JavaScript, Rust, Ruby, C#, Java, Swift, PHP, Elixir, Erlang, C, Kotlin, and Dart.

Tool Recall Cost per run
Devin Security Swarm 36/50 (72%) $90.23
Claude Security 34/50 (68%) $131.87
Codex Security 24/50 (48%) $118.20
Cursor Security 13/50 (26%) $4.60

During evaluation, Devin successfully isolated three critical vulnerabilities that alternative tools overlooked: an expansive deserialization surface within Spring Kafka, an argument injection flaw triggered during metadata value parsing, and a PHP sandbox bypass driven by template injection.

Customizable Scan Profiles and Enterprise Implementation

The platform can ingest existing threat model documentation to dynamically generate customized scan profiles. These profiles can be aligned with specific attacker personas and deployed across an entire enterprise footprint without requiring per-repository configuration or continuous integration (CI) adjustments. Administrators retain control over depth and execution costs by configuring batch sizes for each profile.

Scans can be configured on daily, weekly, or customizable intervals. An initial comprehensive scan establishes an organizational baseline, while subsequent automated scans evaluate only modified code segments to reduce operational costs over time.

Devin Security Swarm is commercially available. For organizations requiring structured deployment assistance, Cognition has also introduced the Devin Security Vulnerability Remediation Program. This six-week structured engagement embeds Cognition’s forward-deployed engineering teams with corporate clients to clear outstanding CVE backlogs and configure Devin Security Swarm for ongoing, continuous code remediation.

Subscribe

- Never miss a story with notifications


    Latest stories