Endava Bets on Governed AI to Tame Autonomous Software Engineers

LONDON – February 18, 2026 – Technology services firm Endava has announced a significant expansion of its partnership with applied AI company Cognition, a strategic move designed to bring the power of autonomous AI software engineers like the much-discussed Devin into the enterprise world under a strict framework of governance and control. The collaboration integrates Cognition's advanced agentic platforms into Endava's proprietary Dava.Flow™ delivery framework, aiming to solve a critical puzzle facing CIOs: how to harness the radical productivity of AI coding without inviting chaos, security risks, and compliance nightmares.

This partnership moves beyond isolated experiments with AI, seeking to create a production-ready capability for large-scale software delivery. By embedding Cognition's tools within a structured methodology, Endava is making a calculated bet that the future of digital transformation lies not just in powerful AI, but in the ability to deploy it safely and reliably.

The Rise of the AI Software Engineer

The tech industry is buzzing with the concept of 'agentic AI'—a leap beyond the now-familiar AI assistants that suggest code snippets. Unlike tools that act as a co-pilot, agentic systems are designed to be the pilots themselves. At the forefront of this revolution is Cognition's Devin, heralded as the world's first fully autonomous AI software engineer.

Devin operates within its own sandboxed environment, complete with a command line, code editor, and browser. It can take a high-level prompt, such as "build a website with these features," and independently plan and execute the entire engineering task. Its demonstrated capabilities include learning unfamiliar technologies from documentation, building and deploying full applications, autonomously finding and fixing bugs in existing codebases, and even contributing to mature open-source projects. This represents a paradigm shift from line-by-line assistance to goal-driven automation.

Complementing Devin is Windsurf, an 'agentic IDE' (Integrated Development Environment) that Cognition acquired. Windsurf augments the human developer's workflow, using a deep understanding of the entire codebase to orchestrate complex, multi-file changes and automate repetitive tasks. Together, Devin and Windsurf promise to offload entire segments of engineering work, freeing human developers to focus on architecture, creativity, and complex problem-solving.

A Framework for Trust: Dava.Flow™ Meets Agentic AI

The immense power of agentic AI is also its greatest challenge for enterprise adoption. Handing over the keys to mission-critical systems to an autonomous agent is a prospect that keeps IT governance and security officers awake at night. This is the challenge Endava aims to solve with its Dava.Flow™ delivery framework.

Endava describes Dava.Flow™ as an AI-native engagement lifecycle that provides built-in governance, traceability, and transparency. Instead of letting AI agents run wild, the framework prepares the ground for their effective and controlled use. Through its initial 'Signal and Explore' phases, Endava works with clients to precisely define project intent, scope, and priorities. The output is not just a plan, but an “agent-ready” backlog of tasks. This pre-scoping allows tools like Devin to be applied with greater precision and confidence, dramatically reducing the risk of unexpected behavior, rework, and compliance breaches.

“Enterprise leaders are no longer asking whether agentic engineering is viable, they want to know how to deploy it safely at scale,” said Matt Cloke, CTO at Endava, in the original announcement. “By embedding Cognition's capabilities within Dava.Flow™, we're helping clients realise the productivity upside of AI-native delivery whilst strengthening the discipline, governance and confidence that large organisations require.”

The Promise of Hyper-Productivity

The motivation for navigating these complexities is the staggering potential for productivity gains. Endava’s own early adoption of Windsurf on client projects yielded “material reductions in task cycle times” and “meaningful time savings on repetitive engineering work.” These internal successes provided the confidence to expand the partnership and scale the approach across more client programs.

These results mirror broader industry findings that highlight the transformative potential of agentic AI. In one notable case, financial services giant Nubank reported using Devin for a large refactoring task, achieving a 12x improvement in engineering hours saved and enabling them to complete a project in weeks that would have otherwise taken months. Other reports suggest teams can see efficiency boosts of 3-4x and reductions in engineering time of up to 50% by leveraging AI-generated code and agentic workflows. By integrating these tools into a repeatable framework, Endava aims to make such extraordinary results a consistent and predictable outcome for its enterprise clients.

Confronting the Perils of AI-Generated Code

Despite the promise, the path to AI-driven development is fraught with risks that extend beyond simple bugs. AI models are trained on vast repositories of public code, which often contain latent security flaws. Studies have shown that AI-generated code can introduce vulnerabilities related to memory management, access control, and insecure dependencies. There are also significant concerns around intellectual property contamination, where an AI might reproduce licensed code without proper attribution, creating legal risks.

Furthermore, a phenomenon known as 'automation bias' can lead human developers to place undue trust in AI-generated code, forgoing the rigorous security reviews they would apply to code written by a junior colleague. Agentic systems introduce new attack vectors, such as prompt injection and tool abuse, where malicious actors could trick an AI agent into performing harmful actions.

Endava’s emphasis on “governed agentic engineering” is a direct response to these dangers. By creating a structured process with human oversight, clear task definition, and automated quality gates, the Dava.Flow™ framework acts as a set of guardrails. It ensures that the speed and scale offered by AI do not come at the cost of security, quality, or compliance, turning a potentially risky technology into a reliable enterprise tool.

A Strategic Play in a Competitive Field

Endava’s move is a significant strategic play in the hyper-competitive IT services landscape. While many firms are exploring AI, Endava is attempting to build a defensible moat around a methodology-led approach. It’s a bet that for large, regulated enterprises, how AI is implemented is just as important as the AI itself.

“Endava’s methodology-led approach shows how agentic tools can be deployed responsibly within real enterprise delivery contexts,” noted Gardner Johnson, Global VP of Partnerships at Cognition. “Together, we’re enabling organisations to move faster without sacrificing quality, control or trust.”

The partnership includes joint go-to-market initiatives, signaling a deep collaboration aimed at transforming delivery models for large organizations. As competitors race to integrate AI tools like GitHub Copilot and build their own proprietary solutions, Endava and Cognition are positioning themselves as the enterprise-grade, safety-first option. This partnership could set a new standard for how the technology services industry not only adopts but also tames the next generation of autonomous AI.