The Hacker News web signal

depthfirst Finds 21 FFmpeg Zero-Days for $1,000

cybersecurity agents ai-security vulnerability-research

Key insights

  • depthfirst's AI agent found 21 zero-day vulnerabilities in FFmpeg's 1.5 million lines of C code for approximately $1,000.
  • A stack overflow in FFmpeg's parser dates to 2003 and went undetected for 23 years until the AI agent identified it.
  • Google shipped Chrome 149 with a record 429 security patches the same week, over 100 rated critical or high severity.

Why this matters

An autonomous AI agent at roughly $1,000 per run can now surface decade-old memory corruption bugs in production codebases, setting a new economic baseline for offensive security tooling. Anthropic's Mythos model independently found a 16-year-old H.264 flaw in FFmpeg for approximately $10,000, confirming this is a repeatable capability across multiple AI systems rather than a one-off result from depthfirst. Combined with Chrome 149's record 429 patches in a single release, the week marks a visible inflection where AI-generated vulnerability discovery is quantifiably outpacing human patch velocity.

Summary

depthfirst ran an autonomous AI agent across FFmpeg's 1.5 million lines of C code and found 21 zero-day vulnerabilities for approximately $1,000. Several bugs had been latent for 15 to 20 years, including a stack overflow dating to 2003 and undetected for 23 years. Most are heap or stack overflows in parsers and demuxers. Essentially: (depthfirst, FFmpeg) a $1,000 run returned 21 zero-days in a heavily-audited codebase. - Nine CVEs assigned (CVE-2026-39210 through CVE-2026-39218), with proof-of-concepts published on GitHub - Anthropic's Mythos model separately found a 16-year-old H.264 flaw in FFmpeg for roughly $10,000 - Google shipped Chrome 149 with a record 429 patches the same week, over 100 rated critical or high AI-accelerated discovery is outrunning the industry's capacity to patch.

Potential risks and opportunities

Risks

  • Applications using FFmpeg for media parsing face an active exposure window, as the nine CVE-assigned vulnerabilities (CVE-2026-39210 through CVE-2026-39218) have no confirmed patch timeline in the article
  • Organizations relying on periodic manual audits or bug bounty programs for open source dependency security face a structural coverage gap as AI agents surface decades-old heap and stack overflows faster than review cycles can absorb
  • depthfirst's proof-of-concept inputs published on GitHub are accessible to offensive actors before FFmpeg patches land, potentially enabling exploitation of media-parsing vulnerabilities in production deployments

Opportunities

  • AI-native security startups can expand the same sub-$1,000-per-run model to other large C and C++ codebases, with OpenSSL and other widely deployed media libraries as natural next targets
  • Dependency-security vendors have a clear pitch: AI-generated zero-day discovery means passive scanning against known CVEs is no longer sufficient, unlocking budget for continuous active analysis tools
  • The convergence of depthfirst's $1,000 run, Anthropic's Mythos finding, and Google's Big Sleep positions the AI security agent market for accelerated commercial investment as the research-only phase ends

What we don't know yet

  • Patch status for the 21 FFmpeg zero-days is unconfirmed; it is unclear whether FFmpeg maintainers have shipped fixes for any of the nine assigned CVEs as of the article's publication
  • CVSS severity scores and exploitability context for the depthfirst CVEs are not disclosed, leaving realistic remote code execution risk unquantified
  • Whether Anthropic's Mythos model and Google's Big Sleep are running continuous scans against open source targets or were one-time research exercises is not addressed

Originally reported by The Hacker News

Read the original article →

Original headline: Autonomous AI Security Agent Finds 21 Zero-Day Vulnerabilities in FFmpeg — Including a 23-Year-Old Bug — for $1,000