Responders should promptly apply fixed upstream builds and updates for FFmpeg, and update Chrome to the latest 149.x build across platforms with automatic updates enabled.

Depthfirst reports 21 previously unknown FFmpeg zero-days found by an autonomous AI agent, each with reproducible input and several already linked to CVEs.

Google Chrome 149 arrived with a record 429 security fixes, more than 100 of which are critical or high severity, including an out-of-bounds read/write in ANGLE; one flaw carries a CVSS of 9.6 and Google paid $97,000 for the bug.

Autonomous AI agents are surfacing vulnerabilities across software ecosystems at a rapid pace, shifting more defense and triage burden to humans even as automation accelerates discovery.

The AI-driven FFmpeg assessment cost roughly $1,000, underscoring how affordable automated vulnerability discovery has become.

Depthfirst’s reproducible proofs-of-concept reveal FFmpeg vulnerabilities, including a 2003-era stack overflow in service-description-table code.

FFmpeg flaws predominantly involve heap or stack overflows in parsers and demuxers across components like the TS demuxer and VP9 decoder, with nine CVEs identified and older issues dating back to 2000s and 2003.

The core question isn’t whether AI can find bugs, but whether defenders can patch and deploy fixes quickly enough to mitigate AI-discovered risks.

Chrome’s fixes were not attributed to AI, and Google’s bug-bounty process emphasizes concise repros over lengthy AI-generated writeups as part of an adjusted program.

AI-generated reports have boosted disclosure volumes; Google’s April bounty overhaul shifted emphasis to concise reproductions to keep pace with AI submissions.

The Depthfirst finding noted about $1,000 in compute cost, with some flaws existing for over two decades and nine CVEs assigned while others were fixed upstream but unnamed.

The piece underscores the accelerating pace of AI-driven vulnerability discovery and the ongoing challenge of triage, patching, and deployment in real-world systems.