Shadow AI Β· Tool risk profile

Devin.

by Cognition Β· agent Β· Verified April 19, 2026

Vendor site

Base risk

3.5/ 5

LowMediumHighCritical

Autonomous coding agent; gets full repo access and can execute commands. Strong vendor governance posture but the action space is broad.

Tier comparison

Same logo. Very different risks.

  • Free

    medium
    Trains on inputs
    No
    Retention
    0 days
    SSO
    No
    Admin controls
    No

  • Paid Β· consumer

    medium
    Trains on inputs
    No
    Retention
    365 days
    SSO
    No
    Admin controls
    No

  • Enterprise Β· team

    medium
    Trains on inputs
    No
    Retention
    365 days
    SSO
    Yes
    Admin controls
    Yes

FAQ

Questions teams ask about Devin.

Is Devin safe to use with company data?

Match the tier to the data type β€” consumer tiers are usually unsuitable for regulated data; enterprise tiers with SSO and no-training contracts are the minimum for most corporate use.

Does Devin offer SSO?

Yes, SSO is available on the enterprise tier.

How does this tool appear in shadow AI audits?

Devin typically shows up via COGNITION LABS * and cognition.ai traffic. Use a CASB to surface it if you suspect shadow use.

Audit your shadow AI

Is Devin live in your org
alongside tools IT doesn’t know about?

Run a free 12-minute audit to surface every shadow AI tool on your network, score the risk, and walk away with a block-list your IT team can import.

Start the free auditMethodology

Buzzi.ai publishes tool risk profiles for informational purposes only. Always validate terms with the vendor before operational decisions.