Depthfirst turns FFmpeg into a proof point for autonomous security agents

Depthfirst's autonomous security agent discovered 21 zero-day vulnerabilities in FFmpeg, demonstrating that AI-driven security tools can find exploitable bugs in heavily scrutinized codebases. The findings validate Depthfirst's approach of proving vulnerabilities rather than generating alerts.

Depthfirst has published one of the clearer tests yet of its core bet: autonomous security agents will be judged not by how many warnings they produce, but by whether they can prove exploitable bugs in code that has already been attacked for decades. In a research post, depthfirst says its production security agent found 21 zero day vulnerabilities in FFmpeg, the open source multimedia framework that sits inside browser, streaming, surveillance, transcoding and media ingest pipelines. The com...