An autonomous security agent has discovered 21 zero-day vulnerabilities in the FFmpeg multimedia library, incurring a total cost of approximately $1,000 and generating executable proof-of-concept (PoC) exploits for every flaw. This development coincides with Google’s release of Chrome 149, which includes a record-breaking 429 security patches in a single update. While the cost of vulnerability discovery has plummeted by an order of magnitude compared to previous AI experiments, the sheer volume of resulting patches is placing unprecedented pressure on triage teams.
- The depthfirst autonomous agent discovered 21 zero-days in FFmpeg; nine have been assigned CVEs ranging from CVE-2026-39210 to CVE-2026-39218, while the remaining 12 issues are tracked as DFVULN-127 through DFVULN-119.
- The operational cost was approximately $1,000, according to depthfirst—a significant drop from the $10,000 spent by Anthropic’s Mythos for a comparable campaign on FFmpeg.
- Several bugs had remained latent for 15 to 20 years; CVE-2026-39214, a stack overflow in the service-description-table code, dates back to 2003 and went undetected for 23 years.
- The primary source, depthfirst.com, is truncated at the end; while essential data for the nine CVEs is complete, details for DFVULN-119 are missing. Depthfirst lists the 12 DFVULN issues as "fixed," though it is unclear if these patches are upstream or internal.
The Context: From Big Sleep to depthfirst
The depthfirst discovery is the latest in a series of AI-driven security experiments targeting FFmpeg. Google’s Big Sleep previously identified 13 vulnerabilities, listed on the FFmpeg.org security page with the BIGSLEEP-* prefix. Anthropic’s Mythos found three flaws in FFmpeg 8.1, including an H.264 vulnerability that had been latent for 16 years, at an estimated cost of $10,000. Depthfirst achieved broader coverage while spending only 10% of that amount, according to the firm's statements.
The FFmpeg.org security page currently warns of "a spike in AI generated, false positives" and mandates "careful human verification" for all reports. In this environment of report saturation, depthfirst’s methodology is notable: every vulnerability includes a reproducible proof-of-concept input rather than a mere list of suspicious code segments.
Technical Profile of the 21 Vulnerabilities
The nine assigned CVEs span the range CVE-2026-39210 through CVE-2026-39218. According to the primary depthfirst advisory, the specific flaws are:
- CVE-2026-39210: A heap buffer overflow in the TS demuxer caused by a lack of length bounds checks before a two-byte read; introduced in 2010.
- CVE-2026-39211: An integer overflow in the swscale refactor where the formula size factor lacks upper bounds; introduced in 2010.
- CVE-2026-39212: A stack overflow in ffmpeg_opt.c where a preset file triggers recursive option parsing without a depth limit; a regression from July 2025.
- CVE-2026-39213: A heap buffer overflow in the yuv4mpegenc rawvideo input path due to dimensions not being validated against packet size; introduced in 2023.
- CVE-2026-39214: A stack buffer overflow in the SDT implementation that writes service entries without tracking remaining space; introduced in 2003 and latent for 23 years.
- CVE-2026-39215: A heap buffer overflow in update_mb_info() caused by a logic error that allows a 12-byte write beyond the allocated buffer; introduced in 2012.
- CVE-2026-39216: A heap buffer overflow in img2enc.c where a safe chroma size was replaced with an unbounded derived dimension; introduced in 2012.
- CVE-2026-39217: A heap buffer overflow in the VP9 decoder where a refactored size update causes missed reallocations in tile thread buffers; a regression from March 2025.
- CVE-2026-39218: A heap buffer overflow in the DASH demuxer where negative duration values are not rejected, leading to negative indices in the fragment array; introduced in 2017.
The remaining 12 issues, DFVULN-127 through DFVULN-119, are marked as "fixed" by depthfirst. However, it remains unclear whether this status refers to upstream patches or internal fixes. Individual CVSS scores for the nine FFmpeg CVEs have not been specified.
The Lesson of Hidden Debt
The verified facts are clear: discovery costs have dropped to approximately $1,000, and several bugs remained latent for 15 to 23 years, even as FFmpeg.org reports a surge in AI-generated false positives. This latency data highlights the problem of dormant vulnerability debt in mature codebases. These bugs are not merely the result of recent changes; they reside in parsers written before modern hardening techniques were standard practice.
"Finding these bugs has gotten cheap; triaging the reports, shipping the fixes, and getting them installed has not" — The Hacker News
Weekly Context: Chrome 149
During the same week, Google deployed Chrome 149 featuring 429 security patches. While the FFmpeg vulnerabilities were identified by an AI agent, The Hacker News specifies that the Chrome patches were not. Among them is CVE-2026-10881 (CVSS 9.6), an out-of-bounds read/write in the ANGLE graphics engine that allows for sandbox escapes; Google paid a $97,000 bounty for this discovery. Over 100 of the bugs are classified as critical or high severity, though 19 of the 22 critical flaws were found internally by Google. In response to a flood of AI-generated reports, Google reportedly revised its bounty program in April 2026.
Recommended Actions
- Update Chrome to version 149: CVE-2026-10881 (CVSS 9.6) enables sandbox escapes via specially crafted web pages.
- Monitor CVE assignments for DFVULN-127 through DFVULN-119: These issues are currently unnumbered, and their exact impact and upstream patch status require clarification.
- Audit FFmpeg dependencies: Verify the presence of FFmpeg within your software stack, as the library is ubiquitous in streaming applications, containers, and embedded systems.
Note on Sources: The primary source, depthfirst.com, is truncated; while data for the nine CVEs is complete, details for DFVULN-119 are missing. This information reflects the data available at the time of publication.
Information has been verified against cited sources and was current at the time of publication.
Sources
- https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html
- https://depthfirst.com/research/21-zero-days-in-ffmpeg
- https://www.tomshardware.com/tech-industry/artificial-intelligence/anthropics-latest-ai-model-identifies-thousands-of-zero-day-vulnerabilities-in-every-major-operating-system-and-every-major-web-browser-claude-mythos-preview-sparks-race-to-fix-critical-bugs-some-unpatched-for-decades
- https://ffmpeg.org/security.html
- https://www.helpnetsecurity.com/2026/06/05/ai-hallucinations-it-operations-research/
- https://www.helpnetsecurity.com/2026/06/05/ai-agent-governance-video/
- https://thehackernews.com/
- https://thehackernews.com/p/upcoming-hacker-news-webinars.html
- https://thehackernews.com/search/label/Threat%20Intelligence
- https://thehackernews.com/search/label/Vulnerability