AI Agent Finds 21 Zero-Days in FFmpeg for $1,000

An autonomous AI security agent has uncovered 21 previously unknown vulnerabilities in FFmpeg, the ubiquitous media processing library embedded in countless applications that handle video. The discovery cost approximately $1,000 and required no human intervention to produce reproducible proof-of-concept exploits.

The findings, reported by security startup depthfirst, come as the software security industry grapples with a fundamental shift: AI tools can now find bugs faster and cheaper than ever before, but the human infrastructure for fixing and deploying patches has not kept pace.

The FFmpeg discoveries

Depthfirst's autonomous agent scanned FFmpeg's roughly 1.5 million lines of C code and identified 21 confirmed zero-day vulnerabilities. Most are heap or stack overflows affecting parsers and demuxers across components ranging from the TS demuxer to the VP9 decoder.

Several bugs had remained hidden for 15 to 20 years. One stack overflow in the service-description-table code dates to 2003 and went undetected for 23 years. Nine of the vulnerabilities have been assigned CVE identifiers (CVE-2026-39210 through CVE-2026-39218), with the remainder fixed but not yet numbered.

Chrome's record patch load

The same week, Google released Chrome 149 with patches for 429 security bugs—the most ever addressed in a single browser release. Over 100 carry critical or high severity ratings, predominantly use-after-free flaws and insufficient input validation issues.

The most severe, CVE-2026-10881, is an out-of-bounds read and write in the ANGLE graphics engine that enables sandbox escape and arbitrary code execution. Google paid $97,000 for the report. Notably, the majority of high-severity bugs came from Google's internal teams rather than external researchers.

While Google has not directly attributed the volume increase to AI, the company overhauled its bug bounty program in April specifically to handle a surge of AI-generated submissions, now requesting concise reproducers instead of lengthy automated writeups.

Why it matters

The economics of vulnerability discovery have fundamentally changed. What once required specialized human expertise and weeks of analysis now costs four figures and runs autonomously. But the downstream work—triaging reports, developing patches, coordinating releases, and ensuring deployment—remains labor-intensive and largely manual.

This asymmetry creates a growing backlog problem. FFmpeg is embedded in media pipelines, Python packages, container images, and appliances worldwide. Each instance requires separate patching. Chrome benefits from auto-update infrastructure most software lacks. For organizations running software with embedded dependencies, the new reality means treating dependency updates as urgent security work rather than routine maintenance.

Previous AI-assisted discoveries support the trend. Google's Big Sleep agent found multiple FFmpeg bugs last year, and Anthropic's Mythos model identified a 16-year-old H.264 flaw for approximately $10,000. A February study demonstrated that an AI agent could reproduce working exploits for more than half of 100 real Linux kernel vulnerabilities, outperforming traditional fuzzing.

Immediate actions

For FFmpeg users, install the latest upstream build or distribution security update immediately. Prioritize systems that process untrusted RTSP or AV1-over-RTP streams. Because FFmpeg is widely bundled, check embedded copies in container images, Python wheels, and appliances—system package updates alone are insufficient.

Chrome users should update to version 149.0.7827.53 on Linux or 149.0.7827.53/54 on Windows and macOS, or verify that auto-update has completed.

The details were first reported by The Hacker News.