Depthfirst Autonomous AI Agent Finds 21 FFmpeg Zero-Days (CVE-2026-39210–39218) for ~$1,000 — AI-Accelerated Vulnerability Economics Arrive at Production Scale

Security startup Depthfirst disclosed on June 6, 2026 that its autonomous AI security agent scanned FFmpeg's ~1.5 million lines of C code and produced 21 confirmed zero-day vulnerabilities, each with a reproducible proof-of-concept input, at a total run cost of approximately $1,000. Nine CVEs were assigned (CVE-2026-39210 through CVE-2026-39218); the remaining 12 were fixed by FFmpeg maintainers but remain unnumbered. The vulnerability classes include heap buffer overflows (TS demuxer, VP9 decoder, MP4 parser, swscale), stack buffer overflows (SDT handler, ffmpeg_opt.c preset handling), integer overflows (swscale), and out-of-bounds/use-after-free variants across HLS demuxer, H264 slice processing, and other paths. The oldest bug — a stack overflow in the service-description-table (SDT) parser — traces to code from 2003, surviving over two decades of fuzzing and manual review. FFmpeg maintainers were responsive and are shipping patches.

Crafted media files, malicious transport streams (MPEG-TS), VP9-encoded video, malformed MP4/HLS/RTMP inputs, and broadcast metadata streams targeting the relevant parser/demuxer paths. Externally reachable media ingestion endpoints (upload APIs, streaming ingest, browser-embedded FFmpeg) are highest priority. The $1,000 cost floor means this discovery methodology is now accessible to well-motivated threat actors at sub-nation-state funding levels.

Any system using a vulnerable FFmpeg build: video streaming platforms, transcoding APIs, browser-adjacent tooling, CI/CD media processing jobs, Python video wheels, Docker container images, mobile apps, embedded devices, and AI training data preprocessing pipelines that process media. Given the age of some bugs (~23 years), affected versions span essentially all historical FFmpeg releases.

Immediately: (1) update to the latest patched FFmpeg release on all externally reachable media-processing services; (2) sandbox transcoding workloads and isolate them from high-value credentials and networks; (3) block or validate untrusted MPEG-TS, HLS, and RTMP streams at the perimeter where not required; (4) audit container images and third-party vendors for embedded FFmpeg versions via SBOM. Medium-term: prepare patch intake and triage processes for an increasing volume of AI-generated vulnerability reports — the ~$1,000 cost floor means disclosure volume will grow sharply. Monitor FFmpeg security page and NVD for additional CVE assignments.