Key facts
- An autonomous AI agent found 21 zero-day vulnerabilities in FFmpeg.
- The security startup depthfirst stated the AI run cost about $1,000 in compute.
- Some FFmpeg vulnerabilities had been present for over 20 years.
- Google recently patched a record 429 bugs in Chrome.
A security startup named depthfirst has reported that its autonomous AI agent identified 21 previously unknown vulnerabilities within FFmpeg, the widely used open-source media library. The company stated that the computational cost for this discovery was approximately $1,000. Notably, some of these vulnerabilities had remained undetected in the FFmpeg codebase for over two decades. This development comes shortly after Google released a significant update for its Chrome browser, which addressed a record number of 429 bugs.