Cognition Launches Devin Security Swarm to Help Enterprises Detect, Validate and Remediate Software Vulnerabilities

Cognition

Cognition announced the launch of Devin Security Swarm, a new security capability for its Devin AI software engineer platform that enables organizations to identify software vulnerabilities across large codebases, validate exploitability at runtime, and automatically generate remediation pull requests. The solution is designed to help security and engineering teams close the gap between vulnerability detection and remediation through AI-powered automation.

The company stated that while organizations have invested heavily in vulnerability scanners, static application security testing (SAST), software composition analysis (SCA), and cloud security tools, security teams continue to struggle with remediation. Every identified issue still requires engineering resources to investigate, verify, fix, test, and deploy, creating significant backlogs and increasing organizational risk.

Devin Security Swarm introduces an AI-driven approach that performs end-to-end security investigations across entire repositories. Rather than simply flagging potential issues, the platform analyzes application logic, validates whether vulnerabilities are exploitable in runtime environments, prioritizes confirmed findings, and prepares production-ready code fixes for engineering review.

Also Read: Vonage Launches Network-Powered Solutions for Fraud Prevention Across Canada

The solution is powered by Agentic MapReduce, a distributed architecture developed by Cognition to enable whole-codebase reasoning at enterprise scale. The architecture decomposes large repositories into investigative segments, deploys multiple AI agents to analyze them in parallel, consolidates findings into prioritized attack paths, and verifies potential exploits in isolated execution environments before classifying them as confirmed vulnerabilities.

Cognition stated that this approach overcomes the limitations of traditional AI security scanners, which often struggle to reason across large repositories or generate excessive false positives. By combining parallelized code analysis with runtime verification, Devin Security Swarm delivers higher-confidence findings while reducing unnecessary investigation effort for security teams.

According to the company, internal evaluations using a benchmark of 50 real-world GitHub Security Advisory (GHSA) vulnerabilities demonstrated that Devin Security Swarm identified more verified vulnerabilities while achieving approximately 30% lower cost per confirmed finding than competing AI-powered security solutions.

The company noted that Devin Security Swarm continuously improves efficiency by processing only code changes after the initial repository scan. This incremental analysis enables organizations to perform ongoing security assessments without repeatedly analyzing entire codebases, reducing operational costs while maintaining continuous protection.

Cognition stated that the platform integrates directly into existing software development workflows. Security teams can submit vulnerability reports, scanner findings, failed security checks, or security tickets to Devin, which investigates affected code paths, develops fixes, validates remediation through testing, and generates pull requests ready for engineering review.

The company emphasized that Devin Review further supports engineering teams by providing codebase-aware context during pull request reviews, helping developers understand security changes while accelerating approval and deployment processes.

Cognition concluded that Devin Security Swarm expands the role of AI in software security by moving beyond vulnerability detection toward verified remediation. By combining repository-scale reasoning, exploit validation, and automated code generation, the company aims to help enterprises reduce remediation timelines, improve software security posture, and enable engineering teams to address vulnerabilities more efficiently.

SOURCE: Cognition