Cognition Expands Devin Platform With Security-Focused Automation Workflows

According to a recent LinkedIn post from Cognition, the company is positioning security remediation as primarily a constraint on engineering capacity rather than on detection tools. The post describes how existing scanners, CI checks, SAST, SCA, and cloud alerts already surface issues rapidly, but turning findings into safe, reviewed code changes remains a bottleneck, especially as attackers accelerate exploit timelines.

The post highlights the launch of “Devin for Security,” described as a set of workflows that move from detection to reviewed pull requests by automating investigation, fixes, testing, and PR creation, followed by assisted review through Devin Review. Cognition frames this as addressing three use cases: reducing security debt across repositories, securing every release by resolving failed checks pre-merge, and accelerating triage and response for alerts and incidents.

As shared in the post, Cognition cites an example from March 31, when Devin Review reportedly flagged a malicious axios version with an impersonator dependency for customers in under an hour, before the issue became publicly known. The post also emphasizes that Devin operates within existing SDLC controls, including SSO, RBAC, scoped repository access, isolated execution, branch protections, required reviewers, human-controlled merges, and full audit trails.

For investors, the post suggests Cognition is expanding Devin from a general-purpose AI software engineer into a more vertically oriented security offering, targeting a growing market for automated remediation and secure development tooling. If adopted, such capabilities could deepen Cognition’s integration into customers’ development workflows, potentially increasing switching costs, expanding revenue opportunities in security budgets, and strengthening its competitive position in the AI-assisted software engineering and DevSecOps landscape.