Devin isn’t just writing code anymore. On July 1, Cognition launched Devin Security Swarm, an AI agent product that hunts exploits: a swarm of parallel Devin agents sweeps your entire codebase (Cognition calls it Agentic MapReduce), reproduces every finding in an isolated sandbox to prove it’s actually exploitable, then ships a remediation PR. No pattern matching, no false-positive dumps — runtime-validated exploits only.
The numbers
On 50 real GHSA vulnerabilities across 14 languages: 72% recall at $90 per run. Claude Security scored 68% at $132 — Devin is 30% cheaper per finding. Three critical bugs, including a PHP sandbox bypass and a Spring Kafka deserialization hole, were caught by Devin alone.
API access
It runs on the Devin platform. Enterprises plug in via the Devin API, schedule daily or weekly scans, and incremental runs only touch changed code — the obvious move is wiring it into CI for validated findings plus fix PRs. A six-week Devin Security Program clears CVE backlogs.
Agent swarms hunting vulnerabilities is 2026’s hottest security category — Anthropic’s Glasswing, XBOW — and Devin just entered with the best accuracy-per-dollar numbers.
You Might Also Like
- Ai Agents Keep Deleting User Files jai Stanford ai Agent Sandbox Offers a one Command fix
- Agent Builder by Thesys When ai Agents Stop Talking and Start Showing
- Cloudrouter Gives Your ai Coding Agent its own Cloud Machine and Thats a big Deal
- Google A2ui Agent to User Interface Finally a Standard way for ai Agents to Show you Things
- Emdash Lets you run 21 ai Coding Agents at Once and it Actually Works

Leave a comment