Introducing Devin Security Swarm (3 minute read)

TLDR AI Products

Summary

Cognition introduces Devin Security Swarm, a new tool for finding security vulnerabilities using an Agentic MapReduce architecture, achieving higher accuracy and lower cost than alternatives.

Devin Security Swarm is a cost-effective and accurate way to find security vulnerabilities in complex codebases. It uses a new architecture for whole-codebase reasoning called Agentic MapReduce. Devin maps relevant signals across a repository, fans out focused agents over bounded shards, reduces their findings to one report, then verifies serious vulnerabilities in isolated sandboxes before marking them confirmed. Cognition has published extensive documentation and technical materials about Agentic MapReduce.
Original Article
View Cached Full Text

Cached at: 07/03/26, 05:22 PM

# Thread by @cognition on Thread Reader App Source: [https://threadreaderapp.com/thread/2072368168182432109.html](https://threadreaderapp.com/thread/2072368168182432109.html) Introducing Devin Security Swarm A more cost effective and accurate way to find security vulnerabilities in complex codebases, based on a new architecture: Agentic MapReduce\. ![Video Poster](https://pbs.twimg.com/amplify_video_thumb/2072365104679518208/img/E20wZwx5fEWD2HYp.jpg) In testing, Devin Security Swarm found 36 of 50 real\-world GHSA vulnerabilities at 30% lower cost per finding than the next most accurate alternative\.[![Image](https://threadreaderapp.com/images/1px.png)](https://pbs.twimg.com/media/HMKFY9QXEAESi4L.jpg) We built a new architecture for whole\-codebase reasoning that we’re calling Agentic MapReduce\. Security scanning is different from most coding tasks: a report is only trustworthy if the whole codebase is considered\. But most agentic systems struggle to scale reasoning across large repos\. Devin maps relevant signals across the repo, fans out focused agents over bounded shards, reduces their findings into one report, then verifies serious vulnerabilities in isolated sandboxes before marking them confirmed\. The result is simultaneously more efficient and more accurate than other tools\. We evaluated a variety of security scanning tools on a dataset of 50 GHSA vulnerabilities across 14 languages including Go, Rust, Python, Ruby, Java, C\#, JavaScript, C, Swift, Dart, and Elixir\. The dataset spans opens source repos of various sizes and of many software categories\. Beyond excelling on our eval, Devin Security Swarm also found critical vulnerabilities that other tools missed, like a PHP sandbox bypass via template injection, an argument injection through metadata value parsing, and an overly broad deserialization surface\. Security Swarm is a new pillar of Devin for Security: a suite of tools to help you find vulnerabilities, validate their exploitability at runtime, and ship remediation PRs\. Learn more and try it today at: [devin\.ai/security](http://devin.ai/security) We’re also publishing extensive documentation and technical materials about Agentic MapReduce, including a deep\-dive on our evals\. Read our announcement:[cognition\.com/blog/introduci…](https://cognition.com/blog/introducing-devin-security-swarm) Learn about Agentic MapReduce:[devin\.ai/blog/agentic\-m…](https://devin.ai/blog/agentic-map-reduce) Check out the evals:[devin\.ai/blog/security\-…](https://devin.ai/blog/security-swarm-eval)

Similar Articles

Codex Security: now in research preview

OpenAI Blog

OpenAI introduces Codex Security, an agentic application security tool now in research preview that identifies complex vulnerabilities with high confidence and actionable fixes while significantly reducing false positives and noise compared to traditional security tools.