
Cognition launches Devin Security Swarm to help security teams find, validate, and remediate exploitable vulnerabilities.
SAN FRANCISCO, July 01, 2026 /PRNewswire/ -- Cognition, the AI lab behind the software engineering agent Devin, today announced Devin Security Swarm, to help security teams find exploitable vulnerabilities, validate them at runtime, and fix them at a lower cost than the next most accurate alternative.
Devin Security Swarm comes at a time where AI agents now generate code faster than security teams were ever designed to review. Monthly security findings throughout the enterprise are climbing from about 1,000 to more than 10,000 in six months, driven in part by the 42% of code that is now AI-generated or AI-assisted. The enterprises that are shipping more code than ever need to equip their security teams to keep up.
Devin Security Swarm closes that gap by giving security the capacity of an engineering team. Because it is built on Devin, it confirms which vulnerabilities are genuinely exploitable and opens the pull request to remediate them inside the same workflow engineering already uses. For a security leader, that means findings get resolved at the pace they appear, and the backlog stops growing faster than the team can work it down.
"Devin Security Swarm gives security teams engineering capacity they've never had," said Nick Wong, Security Engineering Lead at Cognition. "Now, security teams can validate which vulnerabilities are actually exploitable and fix them directly, instead of handing findings to engineering and waiting."
Performance You Can Verify
For an enterprise security team, the real question is whether a tool performs at scale and proves its findings are worth acting on. Cognition built Security Swarm to answer that with evidence, benchmarked in the open:
- Coverage at scale: Devin Security Swarm is built on an agentic map-reduce architecture, with parallel agents reasoning across files to catch the flaws that live in how an application actually works, like business logic gaps and authentication bypasses that chain across services. Each finding is reproduced in an isolated sandbox to confirm exploitability at runtime, and for every confirmed vulnerability, Devin writes the patch and opens the pull request.
- Provable performance at a lower cost: On a benchmark of 50 real-world vulnerabilities tied to published GitHub Security Advisories across 14 languages, Devin Security Swarm found 36. This is more than any other AI-powered scanner tested, at 30% lower cost per finding than the next most accurate alternative. Three critical vulnerabilities were found exclusively by Devin and missed by every other tool tested.
Security Vulnerability Remediation Program
Built for enterprises ready to modernize how they handle security, Cognition offers the Devin Security Program, a structured six-week program to assess an organization's application security posture and clear its existing vulnerability backlog. This gives security leaders a clear path to a cleared backlog, an agent that keeps the codebase healthy, and proactive discovery running continuously. For more information on the Devin Security Program, visit devin.ai/security-program.
Devin Security Swarm is available globally to enterprise customers beginning today. For more information visit devin.ai/security.
About Cognition
Cognition is an applied AI lab building the future of software and is the maker of Devin, the AI software engineer. Devin works end-to-end on complex engineering tasks, from planning and writing code to testing and remediating security vulnerabilities, giving teams the capacity to take on more ambitious work. Learn more at Cognition.ai.
SOURCE Cognition
Share this article