The Vulnerability Flood: AI Is Finding Bugs Faster Than We Can Fix Them

Of those, 22 were rated critical, and over 100 reached critical or high severity . The most dangerous was CVE-2026-10881, an out-of-bounds read and write flaw in the ANGLE graphics layer that earned a CVSS score of 9.6 and could allow a sandbox escape via a crafted HTML page . Many of the critical bugs were use-after-free issues, a recurring memory-safety problem in browsers .

Google engineers detected roughly 371 of the flaws internally; independent researchers reported the remainder, and the company paid out $209,000 in bug bounties . SecurityWeek noted the surge in Chrome flaws was likely driven by increased use of AI in vulnerability hunting, a shift that led Google to lower its Chrome bug bounty payouts in April 2026 .

None of the vulnerabilities were known to be actively exploited at the time of disclosure, according to Google . However, the sheer scale of the patch underscores a serious operational question: can even the best-resourced engineering teams keep up when AI-driven discovery floods their bug trackers?

21 Zero-Days in FFmpeg for $1,000

Just as Chrome 149 was landing, security startup depthfirst published the results of its production AI agent run against FFmpeg, the open-source multimedia library that underpins video processing in countless applications and devices .

The agent scanned roughly 1.5 million lines of C code and returned 21 previously unknown zero-day vulnerabilities—bugs that had never been publicly disclosed, and in several cases had sat unnoticed for 15 to 20 years . The majority were heap and stack overflow issues across components ranging from the TS demuxer to the VP9 decoder .

Crucially, depthfirst’s system did more than flag suspicious code. It produced concrete, reproducible proof-of-concept inputs for each bug, confirming its findings . The total compute cost of the run: roughly $1,000 .

For comparison, Anthropic’s Mythos model had previously extracted a 16-year-old H.264 flaw from FFmpeg for about $10,000 . Depthfirst framed its result as achieving comparable outcomes at a tenth of the cost . The implications are stark: sophisticated zero-day discovery, once the province of well-funded research labs and nation-states, is approaching the cost of a cloud computing bill anyone could pay.

Broader Trend: Discovery Outpaces Remediation

The Chrome and FFmpeg stories are not isolated. They sit inside a larger pattern that has accelerated through 2025 and 2026.

Discovery Volume Is Exploding

Google’s Project Zero Big Sleep agent found the first known AI-discovered in-production zero-day—a stack buffer underflow in SQLite—in November 2024 . Since then, the drumbeat has quickened. ZeroPath’s AI-assisted static analysis found seven FFmpeg flaws in late 2025 . Anthropic’s Mythos model later uncovered vulnerabilities across OpenBSD, FreeBSD, Linux, Firefox, and cryptographic libraries, many of which had lived in the code for 16 to 27 years . By April 2026, Mythos had succeeded at exploit writing 181 times against Firefox, a 90x improvement over the prior generation of models .

The Chrome 149 patch itself was a direct reflection of this new velocity. The 429 fixes announced in June 2026 had already exceeded the total number of Chrome security patches shipped in all of 2025, SecurityWeek reported .

Remediation Is the Bottleneck

Finding bugs is fast. Fixing them is still a human process. Chrome 149 proves that even Google, with its enormous engineering resources and mature vulnerability management program, can face an enormous backlog . For smaller open-source maintainers, the situation is more precarious. FFmpeg’s tiny core team must now triage, validate, and develop patches for vulnerabilities delivered in bulk by multiple AI tools—not just depthfirst, but also Google’s Big Sleep, Anthropic’s Mythos, and others . The FFmpeg project has already pushed back on what it sees as low-quality AI-generated bug reports, labeling some Google AI submissions “CVE slop” when the findings involved esoteric code for 30-year-old video games .

The Economics Favor Attackers

A well-resourced defender can now run multiple AI models against its own codebase before shipping, and many are doing so. But the same economics apply to anyone. A study from UIUC pegged the average AI-assisted exploitation cost at $8.80 per vulnerability using GPT-4, versus an estimated $25 per vulnerability for a skilled human researcher . Depthfirst’s $1,000 FFmpeg run brought the per-zero-day cost down to roughly $48—and subsequent hardware and model improvements are likely to push lower .

Defenders still face manual, time-intensive patching and deployment. The asymmetry is growing.

What Organizations Should Do Now

The rapid commoditization of AI-driven vulnerability discovery demands a practical response rather than panic. Security teams should assume that threat actors—state and non-state alike—are already running these models against the software their organizations rely on.

Practical steps include running AI security agents against your own codebase first, since the best defense is finding and fixing severe bugs before attackers do. Shrinking patch latency is equally critical—the gap between public disclosure and patch deployment has become the most dangerous window in the AI era—so prioritize scanning your software supply chain and applying updates the day they ship. Treating vulnerability disclosure as an overload problem is also essential: most teams lack the capacity to triage a sudden flood of AI-generated reports, which means building or adopting automated validation pipelines that can filter signal from noise will soon be a prerequisite for maintaining secure software.

A Permanent Shift

The Chrome 149 megapatch and depthfirst’s $1,000 FFmpeg campaign are not aberrations. They are signposts. AI models now find bugs that survived decades of human review and millions of automated fuzz tests—cheaply and at scale. As a Cloud Security Alliance research note put it, even sub-frontier AI models can now find zero-days .

The bottleneck is no longer discovery. It is everything that comes after. Until the remediation side of the equation catches up—through better automation, faster deployment pipelines, or new architectural approaches to software safety—each record-breaking patch and each ultra-cheap discovery run is a warning the industry cannot afford to ignore.