An autonomous AI agent from depthfirst discovered 21 zero-day vulnerabilities in FFmpeg, each with a proof-of-concept input, at a cost of roughly $1,000. Several bugs had been latent for 15 to 23 years. Separately, Chrome 149 patched a record 429 security bugs, over 100 critical or high severity, with the worst being CVE-2026-10881 (CVSS 9.6) in the ANGLE graphics engine.
Tap to vote and see what everyone thinks.
