• 25 days

    What these articles never say is how many hallucinated bugs the LLM found that either weren’t real or were actually exploitable. The LLM didn’t find these with any confidence it highlighted areas of interest that actual security researchers then needed to investigate and confirm or rule out.

  • What the fuck is a zero day in the context of ffmpeg?

    Its not like its a system service that you can get ingress through…

    “AI found 21 bugs in massive video project” sounds like junior developer shit hungry to get some shit on their resume.

    Even if it wasn’t AI slop, this wouldn’t be impressive.

    • I imagine there are many web services around the world which use ffmpeg to handle user submitted content.