AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release. Only the FFmpeg bugs were found by AI.

The article reports that an autonomous AI agent discovered 21 previously unknown vulnerabilities in FFmpeg, a widely used media library embedded in many applications, while Google’s Chrome 149 release patched a record 429 security bugs, though only the FFmpeg issues were AI-discovered. These facts indicate that AI-driven tooling is now capable of uncovering deep, systemic bugs in core software dependencies that underpin large parts of the software ecosystem. From a CyberSE.AI perspective, this underscores AI supply chain risk: organizations relying on AI-powered components or tools must track AI-discovered vulnerabilities in foundational libraries (like FFmpeg), integrate them into SBOM and patch processes, and assume adversaries may use similar AI agents to find and weaponize zero-days faster. Proactive AI-aware supply chain governance and continuous monitoring of AI-related dependency risk become critical to maintain resilience.