Depth First's autonomous security agent discovered 21 zero-day vulnerabilities in FFmpeg, including some that had been latent for 15-20 years. The system demonstrated the ability to find critical security issues at a fraction of traditional costs ($1k vs $10k) and even developed a proof-of-concept for a remote code execution exploit. This comes after recent security audits by Google and Anthropic, highlighting both the continued vulnerability of this critical media processing library and the growing capabilities of AI-powered security analysis.
Background
FFmpeg is a critical open-source software library for handling multimedia data, used by major browsers and streaming platforms worldwide. Its complex codebase of approximately 1.5 million lines of C code has been the subject of extensive security research and fuzzing for over two decades.
- Source
- Lobsters
- Published
- Jun 13, 2026 at 08:21 AM
- Score
- 8.0 / 10