An autonomous AI tool just exposed 21 fresh zero‑days in FFmpeg and Google rushed out a 429‑bug Chrome update.
Depthfirst’s self‑running AI agent scanned the open‑source FFmpeg library, flagging 21 vulnerabilities that had escaped detection for up to two decades. The entire run cost about $1,000 in compute time. A week later Google pushed Chrome 129, closing 429 security issues in a single release, the largest batch ever shipped.
The episode shows how cheap, automated analysis can dig up long‑buried bugs in critical media code, forcing maintainers to sprint on patches. At the same time, the Chrome update highlights how many flaws still lurk in the browser’s codebase, despite ongoing hardening efforts.
In short, AI may be able to find cheap bugs, but the sheer volume of Chrome fixes suggests the problem isn’t going away anytime soon.