Mozilla fixed 423 security bugs in April 2026 -- roughly 20 times its monthly average throughout 2025. The driver was an agentic AI pipeline built around Anthropic's Claude Mythos Preview that lets the model write and run its own test cases to verify vulnerabilities before reporting them. Of the 423 total fixes shipped in Firefox 150, Firefox 149.0.2, and subsequent point releases, 271 were directly attributed to Claude Mythos Preview. Another 111 bugs came from internal discovery split between the same pipeline running other models and traditional fuzzing.
Just 41 arrived from external researchers. The pipeline's breakthrough is self-verification. Earlier attempts using GPT-4 and Claude Sonnet 3.5 in read-only mode generated too many false positives -- findings that sounded plausible but wasted developers' time.
Mozilla's agentic harness solves that by giving the AI the ability to build and run test cases that either trigger Address Sanitizer or don't.
"Memory corruption issues are especially easy to validate: either you trigger Address Sanitizer or you don't (in which case you tell the agent to keep working until it does)," Brian Grinstead, a Mozilla Distinguished Engineer, told Help Net Security.
Mozilla started small with Claude Opus 4.6 in manually supervised terminal sessions targeting sandbox escapes. Once the prompts and logic were tuned, the team parallelized across ephemeral virtual machines, each assigned a single file. The pipeline now handles deduplication, prioritization, triage, and fix tracking end-to-end. The bugs uncovered span two decades of Firefox code. Among the 12 reports Mozilla publicly disclosed earlier than usual: a 20-year-old XSLT bug where reentrant key() calls free a hash table's backing store while a pointer remains in use, a 15-year-old flaw in the HTML legend element requiring orchestration of recursion stack depths and cycle collection, and an HTML table with more than 65,535 rows that overflowed a 16-bit layout bitfield undetected by fuzzers for years.
Several findings were sandbox escapes requiring chained exploits for a full Firefox compromise. These are exactly the bugs fuzzing struggles to catch, and Mozilla said AI analysis provides "much more comprehensive coverage" of that critical surface.
Equally revealing was what the model could not break. The harness repeatedly attempted to escape the process sandbox via prototype pollution in the privileged parent process -- a technique that had succeeded for external researchers in prior years.
Mozilla's architectural decision to freeze those prototypes by default blocked every attempt.
"We saw many attempts to pursue this line of escape that were thwarted by this design," the Mozilla team wrote. "Observing such direct payoff from previous hardening work was even more rewarding than finding and fixing more bugs." Of the 271 bugs announced for Firefox 150, 180 were rated sec-high, 80 sec-moderate, and 11 sec-low. Over 100 people contributed code to ship the fixes.
Mozilla plans to integrate the pipeline into its continuous integration system so every new code commit is automatically scanned, shifting from file-based to patch-based analysis. The team's guidance to other developers is straightforward: start with simple prompts, iterate, and treat the harness as infrastructure that compounds value with each model upgrade.
Bruce Schneier, writing in the Guardian, framed the broader stakes: "Attackers will use these capabilities to find, and automatically hack, vulnerabilities in systems of all kinds. But at the same time, defenders will use these same capabilities to find, and then patch, many of those same systems." Mozilla's pipeline is the first large-scale proof that the defensive side of that equation is already operational.
