{"data":{"id":"d5dde599-20be-40d9-895f-8af21fc51b2f","title":"I Spent $500 To Test Devin AI For Prompt Injection So That You Don't Have To","summary":"Devin AI, a tool that acts as an AI software engineer, is vulnerable to prompt injection (tricking an AI by hiding malicious instructions in its input) attacks that can lead to full system compromise. By planting malicious instructions on websites or GitHub issues that Devin reads, attackers can trick it into downloading and running malware, giving them remote control over Devin's DevBox (the sandboxed environment where Devin operates) and access to any stored secrets.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://embracethered.com/blog/posts/2025/devin-i-spent-usd500-to-hack-devin/","publishedAt":"2025-08-06T08:01:58.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Devin AI","Cognition"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}