Enterprise Security

All data transmission is encrypted in transit and at rest. Production software is also routinely monitored via logging, error handling and monitoring dashboards of live metrics. Unusual application states (ie. unusually high error rates, slowness, failures) trigger alerts which are quickly investigated by our team.

Access to our cloud environment in AWS is granted on an as-required basis based on business roles and only a small number of employees or contractors are granted direct access to production systems.

All employees and contractors are required to use multi-factor authentication on all main work applications. All employees and contractors also receive annual training about security best practices, including good password management and how to identify social engineering and phishing scams.

Cognition obtained SOC 2 Type II certification September 2024. As part of the SOC 2 audit, Cognition’s auditors reviewed all of Cognition’s security policies, procedures, internal and third party controls related to data security, privacy, processing integrity, confidentiality and availability.

For more details about our security please visit our Trust Center.

If you have identified a potential security issue, please send your vulnerability reports to our security team at security@cognition.ai. Cognition will inform customers of any security incidents that may impact our Enterprise customers’ environment, in accordance with the reporting obligations set out in customer agreements.

Cognition processes data based on the application Customers use to interact with Devin. Devin can be accessed via web application, Github or Slack integration. For the web application, Cognition only processes data actively provided by the authorized user prompting Devin; for the Github and Slack integrations, the administrator installing the integration can review and manage all permissions granted to Devin.

For Enterprise customers with VPC or on-prem deployment, all Customer Data is stored in the Customer Tenant.

Cognition only retains data processed through Devin for the duration of the relationship with a given Customer, unless otherwise specified by the Customers.

Any Feedback Data and User Interaction Data are retained as long as needed and as determined by Cognition.

By default, we never train our models on your data or code. For Enterprise customers with VPC or on-prem deployments, all Customer Data is stored in the customer tenant. Please refer to the terms in your agreement with Cognition for details.

The output — code, work product, or other — produced by Devin is considered the Customer’s intellectual property and can be used for the Customer’s commercial purposes, with the exception of using the output to train models that would attempt to reverse engineer and/or build a competing product to Devin.

When setting up the Github integration, users can select which repositories Devin can access, with permissions adjustable through Github’s App Settings during and post-installation.

For more details on the requested permissions and security considerations go to GitHub Integration Guide.

In Slack, Devin doesn’t read, process or store any data in your Slack instance other than the information provided when @Devin is tagged, initially prompted and when any additional information provided within the Slack thread while the session is ongoing.

For more details on the requested permissions and security considerations go to Slack Integration Guide.

While Devin’s performance is improving daily, it can still experience hallucinations, introduce bugs into code, or suggest insecure code or procedures. Like with any coding best practices, we recommend taking the appropriate precautions with the code written by Devin such as code reviews, enabling branch protections to ensure checks are enforced before Devin can merge any changes, and any practices currently adopted in your organization to review engineers’ work.

You may need to provide Devin with credentials and keys such as passwords, API keys, cookies or other for authentication. In all cases we advise users to leverage our Secrets feature under the Settings page to share and store those credentials securely.

We’re still learning and developing Devin to be a great AI software engineer, and our customers’ feedback is crucial for Devin’s development. We strongly encourage sharing feedback and feature requests directly with your Cognition account team or by emailing support@cognition.ai, and reporting incidents by emailing security@cognition.ai.