Microsoft pulls open source AI developer tools over password-stealing malware

In a separate development concerning open source software, an autonomous AI agent created by the security startup depthfirst has identified 21 previously unknown vulnerabilities within FFmpeg. FFmpeg is a widely used open-source media library. The process of discovering these vulnerabilities reportedly cost approximately $1,000 in compute resources. Some of the identified bugs had been present in the FFmpeg codebase for more than two decades, highlighting a significant, long-standing security issue.

These incidents underscore the dual nature of open source software: its widespread adoption and collaborative development also present opportunities for malicious actors and reveal hidden security flaws. The Microsoft incident points to the risks of supply chain attacks targeting developer tools, while the FFmpeg discovery demonstrates the potential of AI in proactively identifying complex security weaknesses in foundational software components.