Summary

Cognition launched Devin Security Swarm, a security offering that uses an 'Agentic MapReduce' architecture to scan large codebases with a swarm of parallel agents, compose findings into full attack paths, reproduce each exploit in an isolated sandbox to confirm it at runtime, and then open remediation pull requests. Cognition reports the system found 36 of 50 real-world GHSA vulnerabilities at roughly 30% lower cost per finding than the next most accurate alternative.

What changed

Cognition released Devin Security Swarm, which scans codebases with parallel agents, validates exploitability in sandboxes, and opens remediation PRs, reporting 36 of 50 GHSA vulnerabilities found at ~30% lower cost per finding than the nearest alternative.

Why it matters

It pushes AI security tooling past static scanning toward runtime-verified findings and automated fixes, targeting the vulnerability backlog that overwhelms security teams and reframing coding agents as remediation labor rather than just code authors.

Evidence excerpt

Devin Security Swarm scans large codebases, validates exploitability in sandboxes, and opens remediation PRs using an Agentic MapReduce architecture ... Devin Security Swarm found 36 of 50 real-world GHSA vulnerabilities at 30% lower cost per finding than the next most accurate alternative.

Sources