AI agent discovers 21 zero-days in FFmpeg for $1,000 as Chrome patches record 429 security bugs

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release. Only the FFmpeg bugs were found by AI. Chrome's record landed after Google overhauled its bounty program to cope with a flood of AI-generated reports. The mechanisms differ, but the pressure is the same: AI is putting more vulnerabilities in front of the people who have to deal with them, and faster than before. The FFmpeg findings come from depthfirst, whose autonomous security agent scanned the project's roughly 1.5 million lines of C and produced 21 confirmed zero-days, each with a reproducible proof-of-concept input. The company puts the cost of the run at around $1,000. Several of the bugs had been latent for 15 to 20 years; one stack overflow in the service-description-table code dates to 2003 and sat untouched for 23 years. Most are heap or stack overflows in parsers and demuxers, spanning components from the TS demuxer to the VP9 decoder. depthfirst says some already carry CVE identifiers; its writeup lists nine, CVE-2026-39210 through CVE-2026-39218, and notes the rest are fixed but not yet numbered. It also published a PoC. In separate news, Chrome 149 fixes 429 vulnerabilities, a record for a single release. Over 100 are critical or high severity, mostly use-after-free and insufficient input validation. The worst, CVE-2026-10881 (CVSS 9.6), is an out-of-bounds read and write in the ANGLE graphics engine that lets a crafted page escape the sandbox and run code on the host. Google paid $97,000 for it. The highest-severity bugs were mostly internal finds: of roughly 90 high-severity bugs, only 10 came from outside researchers, and 19 of the 22 critical ones were Google's own. The AI connection is more about volume than authorship. Google hasn't tied the 429 to AI; the on-record signal is the bounty overhaul it made in April, prompted by a flood of AI-generated submissions and now asking for a concise reproducer over the long writeups AI churns out. Google's Big Sleep agent reported a run of FFmpeg bugs last year, now visible on the project's security page tagged BIGSLEEP, and Anthropic's Mythos model pulled a 16-year-old H.264 flaw and others out of FFmpeg for about $10,000, three of which shipped in FFmpeg 8.1, per its own writeup. Days ago, another autonomous tool found an authenticated RCE in Redis that had been present since version 7.2.0, unnoticed for over two years. The research points the same way: a February study had an agent reproduce working PoCs for more than half of 100 real Linux kernel N-day bugs, beating fuzzing. For FFmpeg, pull the fixed upstream build or your distribution's security update as soon as it lands, and prioritize anything that ingests untrusted RTSP or AV1-over-RTP. FFmpeg is widely bundled in media pipelines, Python wheels, container images, and appliances, so do not stop at system packages; those embedded copies need patching too. For Chrome, update to 149.0.7827.53 on Linux or 149.0.7827.53/54 on Windows and macOS, or confirm auto-update has run. The response has to match the new pace: shorter patch cycles, auto-update wherever it exists, and dependency bumps that carry CVE fixes treated as security work, not routine maintenance. The hard part is shifting, though. Finding these bugs has gotten cheap; triaging the reports, shipping the fixes, and getting them installed has not, and much of that work still falls to volunteers and a thin layer of human triagers now expected to keep pace with machines.

An AI agent found 21 zero-days in FFmpeg for $1,000. Chrome just patched a record 429 bugs.

A security startup's autonomous AI agent found 21 previously unknown vulnerabilities in FFmpeg, the open-source media library embedded in almost everything that touches video. The startup, depthfirst, says the run cost roughly $1,000 in compute. Some of the bugs had been hiding in the codebase for more than 20 years. Days later, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single browser release. Over 100 are critical or high severity. The two events arrived independently, but they point in the same direction: AI is finding vulnerabilities faster than humans can fix them. Depthfirst's agent scanned FFmpeg's roughly 1.5 million lines of C and produced a reproducible proof-of-concept for each of the 21 zero-days. Most are heap or stack overflows in parsers and demuxers, spanning components from the TS demuxer to the VP9 decoder. One stack overflow in the service-description-table code dates to 2003. Nine already carry CVE identifiers (CVE-2026-39210 through CVE-2026-39218). The rest have been fixed upstream but not yet numbered. Depthfirst has published proof-of-concept code. FFmpeg is not new to AI-driven bug hunting. Google's Big Sleep agent reported a run of FFmpeg bugs last year. Anthropic's Mythos model pulled a 16-year-old H.264 flaw and others out of FFmpeg for about $10,000. Depthfirst claims to have done comparable work at a tenth of the cost. Chrome 149's record haul is a different story. Google has not attributed the 429 vulnerabilities to AI. But the company overhauled its bug bounty programme in April after a flood of AI-generated submissions, now asking researchers for concise reproducers instead of the long writeups AI tends to produce. The worst bug, CVE-2026-10881, scores 9.6 on the CVSS scale. It is an out-of-bounds read and write in the ANGLE graphics engine that lets a crafted page escape Chrome's sandbox and run code on the host. Google paid $97,000 for the report. Of the 22 critical bugs, 19 were found internally. The pattern keeps repeating. An autonomous tool recently found an authenticated remote code execution flaw in Redis that had gone unnoticed for over two years. A February study showed an AI agent could reproduce working exploits for more than half of 100 real Linux kernel bugs, beating traditional fuzzing. The hard problem is shifting. Finding these bugs has become cheap. Triaging the reports, shipping the fixes, and getting them installed has not. Much of that work still falls on volunteers and a thin layer of human triagers now expected to keep pace with machines. Mozilla patched 271 Firefox vulnerabilities found by Mythos in a single pass. The question is no longer whether AI can find the bugs. It is whether anyone can fix them fast enough.