Key facts
- An AI agent found 21 zero-day vulnerabilities in FFmpeg.
- The vulnerabilities were discovered by security startup depthfirst.
- The AI agent's run cost approximately $1,000 in compute.
- Some vulnerabilities had been in the FFmpeg codebase for over 20 years.
- Google recently patched 429 bugs in Chrome.
A security startup named depthfirst has utilized an autonomous AI agent to identify 21 previously unknown vulnerabilities, or zero-days, within the FFmpeg open-source media library. This library is widely integrated into various applications that handle video content. The company stated that the process of running the AI agent cost approximately $1,000 in computing power. Notably, some of these discovered vulnerabilities had remained undetected in the FFmpeg codebase for more than two decades. This development comes shortly after Google released a Chrome update that addressed a record number of 429 bugs.